Simpler LDAP authentication with Directory Authorization
We have other OLTP RDBMs that allow a very simple LDAP/Active Directory method for authentication and authorizaton. Users in Active Directory groups, besides being authenticated using their password contained in the directory also have their authorizations on a group-based fashion. Pretty much looks like every group will match a role inside the DB. In fact, it is even simpler, we just grant access to the AD groups and users within that group will get acess with the granted authorization. We don´t need even to create internal DB roles to be matched.
Teradata seems to make things a bit more difficult, requiring to create several internal directory objects and, for every user, there is the need to create new DB and directory objects to match with.
Is there any simpler method? Having writeable acess to our directory is very controversial.
Why Teradata does not makes any advance on this subject?