I have a Teradata user called FREDBLOGGS.
He has an account on Teradata (UserID FREDBLOGGS / password TERADATA).
He also has an entry in LDAP (UserID FREDBLOGGS / password LDAP).
If I set up my Teradata server to authenticate via LDAP, can this be overridden by the authentication mechanism chosen by Fred when he logs in?
If so, do I just remove his Teradata password in order to force him down the LDAP route?
A significant question is are you doing ldap authentication only, or authentication and authorisation. Recommend authentication only as this requires an internal user that is implicitly mapped to an internal user of the same name. The alternative is mapping to extuser and this opens up too many issues with holes in security and spool.
With the recommended solution, the internal user also needs to be : grant logon on all to fredbloggs with null password;
If the default security mechanism is used, the internally defined password is required. Id ldap security mechanism is used the domain password is required.
Administrator, SQLA etc select the logmech from a drop down box. BTEQ, TPT etc allow the log mech to be specified - although the syntax is not uniform!