You can translate the question and the replies:

ODBC connection | trusted non kerberos domain

Hello, We have configured Kerberos in 2 domains, domain1 and domain2. We have a scenario where we have 2-3 users from a different domain, domain3. We dont want to enable Kerberos to the whole domain we need need these 2-3 user of Domain3 to be able to access the Denodo through ODBC connector(by hard-coding their Domain2 credentials which are already created for these users or configure something just for them). There is a trust between all 3 domains. Can you please suggest an option here where we can configure those users to access Denodo via ODBC
user
15-05-2020 11:28:00 -0400

1 Answer

Hi, Based on your explanation your kerberos setup works fine with 2 domains and the users are able to access the VDP server. You have mentioned the additional users in the third domain are already created in the second domain. With this setup the additional users should be able to access VDP server. You have to make sure the role of the additional users are created under [Role Management](https://community.denodo.com/docs/html/browse/7.0/vdp/administration/databases_users_and_access_rights_in_virtual_dataport/administration_of_databases_users_roles_and_their_access_rights/creating_roles) and User base, Role base of new users are added to the LDAP setup in [Kerberos configuration](https://community.denodo.com/docs/html/browse/7.0/vdp/administration/server_administration_-_configuring_the_server/kerberos_authentication/setting-up_the_kerberos_authentication_in_the_virtual_dataport_server#setting-up-the-kerberos-authentication-in-the-virtual-dataport-server). But if you still need to hardcode the additional users in Denodo, you can create a new denodo user with [LDAP authentication type](https://community.denodo.com/docs/html/browse/7.0/vdp/administration/databases_users_and_access_rights_in_virtual_dataport/administration_of_databases_users_roles_and_their_access_rights/creating_users#creating-an-ldap-user) by referring to the distinguished name from the second domain and assign the roles manually. This is no longer kerberos authentication and is referred to as standard authentication but the credentials are not stored in Denodo rather it relies on LDAP authentication. Hope this helps!
Denodo Team
19-05-2020 07:28:29 -0400
You must sign in to add an answer. If you do not have an account, you can register here