17.10 - Sample Configuration Containing Both Local and Global Policies - Advanced SQL Engine - Teradata Database

Teradata Vantage™ - Advanced SQL Engine Security Administration

Product
Advanced SQL Engine
Teradata Database
Release Number
17.10
Release Date
July 2021
Content Type
Administration
Security
Publication ID
B035-1100-171K
Language
English (United States)

The following example shows configured policy elements in the TdgssUserConfigFile.xml.

<LdapConfig>

   <Tls ... />
   <Services>
      <Service
         Id="globalpolicysvc"
         LdapServerName="_ldap.tcp.domain.com"
         LdapServiceFQDN="cn=div1,ou=services,dc=domain1,dc=com"
         LdapSystemFQDN="cn=system1,cn=tdat,dc=domain1,dc=com"
         LdapServicePassword="password"... />
      <Service
         Id="domain1" ... />
      <Service
         Id="domain2" ... />
      <Service
         Id="domain3" ... />
         LdapServerName="_ldap.tcp.domain.com"
         LdapServiceFQDN="cn=div1,ou=services,dc=domain,dc=com"
         LdapSystemFQDN="cn=systemone,cn=tdat,dc=domain,dc=com"
         LdapServicePassword="password" ... />
         <Policy
            LdapPolicyFQDN="cn=policy1,ou=tdatrootP,dc=domain1,dc=com"
            LdapNetworkBaseFQDN="dc=networks,dc=domain1,dc=com"/>
         </Policy>
      </Service>
   <Services>
   <Canonicalizations>
   ...
   </Canonicalizations>
   <Policy
      Ref="globalpolicysvc"
      LdapPolicyFQDN="cn=policyGLO,ou=tdatrootP,dc=domain1,dc=com"
      LdapNetworkBaseFQDN="dc=networks,dc=domain1,dc=com"/>
</LdapConfig>
The example above shows an entry of: LdapServiceFQDN="cn=div1,ou=services,dc=domain1,dc=com"

which is valid only for Active Directory, ADAM and AD LDS. For other directory types, the configuration must specify:

LdapServiceFQDN="uid=div1,ou=services,dc=domain1,dc=com"