LDAP Parameters
There are several parameters that you need to configure for LDAP authentication.
General LDAP Parameters
Use the following parameters to configure for either LDAP bind or LDAP bind and search:
Parameter name | Description |
---|---|
host
|
LDAP server URI in the following format:
|
starttls
|
Optional parameter that defines StartTLS behavior:
|
ldap_continue |
When set to yes, this parameter allows a connection retry when a user not found error occurs during the previous connection attempt. For any other failure error, the system automatically retries the connection. |
LDAP Bind Parameters
Use the following parameters when authenticating with LDAP bind to create the bind name string. For more information see Workflow for Configuring LDAP Bind.
Parameter name | Description |
---|---|
binddn_prefix
|
First half of the bind string. |
binddn_suffix
|
Second half of bind string. You must use the In the following example, the bind name becomes => ALTER AUTHENTICATION auth_method_name SET binddn_prefix='cn=',binddn_suffix='; ou=example users;dc=example;dc=com'; |
domain_prefix
|
The domain where to find the user name. In the following example, the bind name is ALTER AUTHENTICATION auth_method_name SET domain_prefix='Example'; |
email_suffix
|
The part of an email address that comes after the |
In the following example, the bind name becomes <user_login_name>@example.com
.
=> ALTER AUTHENTICATION auth_method_name SET email_suffix='Example.com';
To create the bind name string, you must provide one of the following:
- Both
binddn_prefix
andbinddn_suffix
domain_name
email_suffix
Otherwise, Vertica performs a bind and search operation instead of a bind operation.
LDAP Search and Bind Parameters
Use the following parameters when authenticating with LDAP search and bind. For more information see Workflow for Configuring LDAP Search and Bind.
Parameter name | Description |
---|---|
basedn
|
Base DN for search. |
binddn
|
Bind DN. Domain name to find in the directory search. |
bind_password
|
Bind password. Required if you specify a binddn. |
search_attribute
|
Optional attribute to search for on the LDAP server. |
The following example shows how to set these three attributes. In this example, it sets
binddn
tocn=Manager,dc=example,dc=com
bind_password
tosecret
search_attribute
tocn
=> ALTER AUTHENTICATION auth_method_name SET host='ldap://example13', basedn='dc=example,dc=com',binddn='cn=Manager,dc=example,dc=com', bind_password='secret',search_attribute='cn';
The binddn
and bind_password
parameters are optional. If you omit them, Vertica performs an anonymous search.