Managing users from external LDAP on Netezza Performance Server
If you want the users from external LDAP to access the Netezza Performance Server database, you need to add them manually and configure authentication.
Before you begin
- The administrator must ensure that each user is also defined within the system catalog. The Netezza Performance Server usernames must match the usernames that are defined in the LDAP/AD server.
- Make sure that you have a working communication between the host and the LDAP/AD server before
you start the LDAP authentication process in the host container.
You can cross-check connection by using ping <LDAP/AD server> or ssh <LDAP/AD server>.
- Collect the following information from an LDAP administrator:
Name Required Default value Description LDAP serverYes Host on which LDAP is working. baseYes Node of the LDAP tree in which LDAP users are searched. For example, OU=ForNetezza,DC=KSL,DC=lab.portYes Port on which LDAP server is listening. The default is 389 for non-SSL. BINDDNNo Full name of user that has access to base subtree on LDAP server. Must be specified whether anonymous access to LDAP server is not allowed. For example, "cn=netezza_user,cn=Users,dc=KSL,dc=lab".BINDPWNo Password for BINDDN user. ATTRNAMENo “cn” LDAP attribute, which is used to define userid. Commonly used is'sAMAccountName'. A unique account name, for examplejkowalski. - Verify server name and port on which LDAP is running. To verify whether a port is blocked by
firewall, you can run the following command.
Example command: ldapsearch -v -h <ldap_server> -p 389 -D "cn=admin,dc=somedomain,dc=com" -x -w adminpasstelnet <host_name> <port> ldapsearch -v -h <ldap_server> -b <base> -D <binddn> -p <port> -x -w <bindpw>