Composite Domain Security
TDV supports its own security domain, and one can define users and groups in it. However, these users and groups do not exist outside the TDV environment. Many organizations use Microsoft Active Directory or an LDAP server to manage users and groups throughout the enterprise. TDV allows users to introspect those Active Directory and LDAP servers, and create security domains inside TDV for them.
Because the composite domain does not exist outside TDV, user passwords are either hashed or encrypted, and stored in the security_members table in the TDV metadata repository. Also note the following:
• TDV stores passwords for each user in the composite domain.
• TDV does not store passwords for Active Directory and LDAP domains. Instead, TDV forwards user credentials to the Active Directory server for user authentication.
• TDV does not store passwords for dynamic domain users.
• TDV supports case-sensitive user logins from external LDAP domains.
• TDV does not allow implicitly anonymous LDAP login through blank passwords.