sp_maplogin

Description

Maps external users to Adaptive Server logins.

Syntax

sp_maplogin (authentication_mech | null), (client_username | null), 
	(action | login_name | null)

Parameters

Examples

Example 1

Maps external user “jsmith” to Adaptive Server user “guest”. Once authenticated, “jsmith” gets the privileges of “guest”. The audit login record shows both the client_username and the Adaptive Server user name:

sp_maplogin NULL, "jsmith", "guest"

Example 2

Tells Adaptive Server to create a new login for all external users authenticated with PAM, in case a login does not already exist:

sp_maplogin PAM, NULL, "create login"

Usage

Use sp_maplogin to map an external name or client name, such as “ase.open.user,” defined in an LDAP directory to the Adaptive Server login name of “aseopenuser.” That is, the client_username follows the rules of a name in an LDAP server, and the login_name follows the Adaptive Server rules for identifiers.

If you are using LDAP User Authentication and the name in the LDAP server differs from the Adaptive Server login name, use sp_maplogin so the LDAP server uses the client_username for authentication, and the Adaptive Server login_name for identity within the Adaptive Server. That is, “isql -U client_username...” has the identity of login_name within Adaptive Server.

Use sp_helpmaplogin to determine the client_username and login_name, such as:

1> sp_helpmaplogin
2> go

authentication   client name     login name
----------------------------------------------
LDAP              ase.open.user   aseopenuser

C:\> isql -Uase.open.user -Pasepass
1> select @@authmech
2> go

------------------
ldap

Permissions

The permission checks for sp_maplogin differ based on your granular permissions settings.

Auditing

Values in event and extrainfo columns from the sysaudits table are: