LDAP Authentication Parameters
There are several parameters that you need to configure for LDAP authentication.
General LDAP Parameters
Use the following parameters to configure for either LDAP bind or LDAP bind and search:
Parameter name | Description |
---|---|
host
|
LDAP server URL in the following format:
Where schema is one of the following:
|
ldap_continue |
When set to yes, this parameter allows a connection retry when a user not found error occurs during the previous connection attempt. For any other failure error, the system automatically retries the connection. |
starttls
|
Whether to request the connection between Vertica and the LDAP server during user authentication to be upgraded to TLS. You must configure the LDAPAuth TLS Configuration before using this parameter.
If |
LDAP Bind Parameters
The following parameters create a bind name string, which specifies and uniquely identifies a user to the LDAP server. For details, see Workflow for Configuring LDAP Bind.
To create a bind name string, you must set one (and only one) of the following:
- Both
binddn_prefix
andbinddn_suffix
(must be set together) domain_prefix
email_suffix
For example, if you set binddn_prefix
and binddn_suffix
, you cannot also set email_suffix
. Conversely, if you set email_suffix
, you cannot set binddn_prefix
and binddn_suffix
.
If you do not set a bind parameter, Vertica performs bind and search operations instead of a bind operation.
The following examples use the authentication record v_ldap
:
=> CREATE AUTHENTICATION v_ldap METHOD 'ldap' HOST '10.0.0.0/23';
Parameter name | Description |
---|---|
binddn_prefix
|
First half of the bind string. If you set this parameter, you must also set For example, to construct the bind name => ALTER AUTHENTICATION v_ldap SET binddn_prefix='cn=', binddn_suffix=',cn=Users,dc=ExampleDomain,dc=com'; |
binddn_suffix
|
Second half of bind string. If you set this parameter, you must also set For example, to construct the bind name => ALTER AUTHENTICATION v_ldap SET binddn_prefix='cn=', binddn_suffix=',ou=OrgUsers,dc=example,dc=com'; |
domain_prefix
|
The domain that contains the user. For example, to construct the bind name => ALTER AUTHENTICATION v_ldap SET domain_prefix='Example'; |
email_suffix
|
The email domain. For example, to construct the bind name => ALTER AUTHENTICATION v_ldap SET email_suffix='example.com'; |
LDAP Search and Bind Parameters
Use the following parameters when authenticating with LDAP search and bind. For more information see Workflow for Configuring LDAP Search and Bind.
Parameter name | Description |
---|---|
basedn
|
Base DN for search. |
binddn
|
Bind DN. Domain name to find in the directory search. |
bind_password
|
Bind password. Required if you specify a binddn. |
search_attribute
|
Optional attribute to search for on the LDAP server. |
The following example shows how to set these three attributes. In this example, it sets
binddn
tocn=Manager,dc=example,dc=com
bind_password
tosecret
search_attribute
tocn
=> ALTER AUTHENTICATION auth_method_name SET host='ldap://example13', basedn='dc=example,dc=com',binddn='cn=Manager,dc=example,dc=com', bind_password='secret',search_attribute='cn';
The binddn
and bind_password
parameters are optional. If you omit them,
Vertica performs an anonymous search.