sp_maplogin

Maps external users to SAP ASE logins.

Syntax

sp_maplogin (authentication_mech | null), (client_username | null), 
	(action | login_name | null)

Parameters

Examples

Usage

Use sp_maplogin to map an external name or client name, such as “ase.open.user,” defined in an LDAP directory to the SAP ASE login name of “aseopenuser.” That is, the client_username follows the rules of a name in an LDAP server, and the login_name follows the SAP ASE rules for identifiers.

If you are using LDAP User Authentication and the name in the LDAP server differs from the SAP ASE login name, use sp_maplogin so the LDAP server uses the client_username for authentication, and the SAP ASE login_name for identity within the SAP ASE server. That is, “isql -U client_username...” has the identity of login_name within the SAP ASE server.

Use sp_helpmaplogin to determine the client_username and login_name, such as:
1> sp_helpmaplogin
2> go
authentication   client name     login name
----------------------------------------------
LDAP              ase.open.user   aseopenuser
C:\> isql -Uase.open.user -Pasepass
1> select @@authmech
2> go
------------------
ldap

Permissions

The permission checks for sp_maplogin differ based on your granular permissions settings.

SettingDescription
Enabled

With granular permissions enabled, you must be a user with manage any login privilege.

Disabled

With granular permissions disabled, you must be a user with sa_role.

Auditing

Values in event and extrainfo columns from the sysaudits table are:

InformationValues
Event

38

Audit option

exec_procedure

Command or access audited

Execution of a procedure

Information in extrainfo
  • Roles – Current active roles

  • Keywords or options – NULL

  • Previous value – NULL

  • Current value – NULL

  • Other information – All input parameters

  • Proxy information – Original login name, if set proxy in effect

Related reference
sp_helpmaplogin