Vertica LDAP AUTHENTICATION

SK21SK21 Vertica Customer
edited June 2021 in General Discussion

I have recently configured LDAP in POC and soon moving to production.
dbadmin=> create user "skumar01";
CREATE USER
dbadmin=> GRANT AUTHENTICATION LDAP1 to "skumar01";
GRANT AUTHENTICATION
[dbadmin@infra-vertica-1 ~]$ vsql -U "skumar01" -h 10.42.00,109 -w 'Password' -c "select user_name, client_authentication_name from sessions";
user_name | client_authentication_name
---------------+----------------------------
skumar01 | LDAP1

Now i am moving it in prod but i have a situation-

a) In Production my vertica db username is sk25243 but my ldap username is skumar01.
Is there any way to grant ldap authentication to sk25243 without changing my username.
Offcourse the other way would be to RENAME sk25243 TO new-user-name( skumar01)ie my LDAP username.

Answers

  • SergeBSergeB - Select Field - Employee

    Short answer is no. When authenticating via LDAP, your Vertica user name has to match an LDAP username (cn or email other attribute).

  • SruthiASruthiA Vertica Employee Administrator

    @SK21 : It is not possible

  • SK21SK21 Vertica Customer

    Thanks @SergeB and @SruthiA .....great to hear from you guys after a while.

    Sahil

  • SK21SK21 Vertica Customer

    @serge @SruthiA one more question create users parameters like memory cap and runtime cap cannot be applied to users directly
    during replication in vertica from ldap?

    They should be done manually afterwards?

  • SergeBSergeB - Select Field - Employee

    @SK21 Yes, if you want to change the profile of a user you are replicating from LDAP (via LPAPLink), you will need to use ALTER afterwards.

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file