IBM Support

Scope of LDAP authentication

Question & Answer


Question

How does it work if we implement LDAP authentication, but some users authenticate locally at the DB level?

Answer

If you choose LDAP authentication, all users are validated through the LDAP service. This is a system-level command, which means that all databases use LDAP. The only exception to the LDAP authentication is the Netezza admin user.  This user only authenticates using ‘internal’ authentication.

LDAP authentication for NPS is based on the settings in the customer environment. NPS is a client of the customer’s LDAP server. Therefore, any password settings must be set on the LDAP server that is maintained in the customer’s environment.

It is important to keep in mind that this is LDAP authentication at the database-level and not the host level. Users DO NOT log in to the host using our implementation with their LDAP credentials. All permissions are still granted through the usual sql methods.

The only thing done through LDAP is database connection authentication. All permission checking is done internally. Users must be created on the DBMS and in the LDAP system. There are scripts to identify differences.

[{"Product":{"code":"SSULQD","label":"IBM PureData System"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":null,"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"1.0.0","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}]

Historical Number

NZ885754

Document Information

More support for:
IBM PureData System

Software version:
1.0.0

Document number:
195601

Modified date:
17 October 2019

UID

swg21575821