TDGSS LdapClientTlsCACertDir Property | Teradata Vantage - 17.10 - LdapClientTlsCACertDir - Advanced SQL Engine - Teradata Database

Teradata Vantage™ - Advanced SQL Engine Security Administration

Product
Advanced SQL Engine
Teradata Database
Release Number
17.10
Release Date
July 2021
Content Type
Administration
Security
Publication ID
B035-1100-171K
Language
English (United States)

The LdapClientTlsCACertDir property specifies the path of a directory that contains individual CA certificates in separate files. You can use the LdapClientTlsCACert property to support TLS certificate chain verification, but LdapClientTlsCACertDir is preferred.

To assign a value to the LdapClientTlsCACertDir property, you must generate symbolic links, using the TDGSS certlink utility, which point to the actual certificate files. See Creating the CA Certificate Symlinks for instructions on using the certlink utility.

Valid Settings

Setting Description
"" (default) No cert directory is specified
A valid directory path The path to a directory that contains individual CA certificates, in separate files, for all of the Certificate Authorities the client recognizes. The file system you use for the path must support symbolic links.

Editing Guidelines

  • The LdapClientTlsCACertDir property appears only in the library configuration file. To set a value, you must manually add it to the TDGSS configuration file for the needed mechanisms. See About Editing Configuration Files.
  • If you decide to use TLS protection, edit this property for all mechanisms that have the AuthorizationSupported property set to yes.
  • Edit this property on the database and the Unity server. Also see Coordinating Mechanism Property Values for Unity.
  • Specify the path of a directory that contains individual CA certificates in separate files for all of the Certificate Authorities the client recognizes.
    The Linux user under which Teradata Vantage runs must own and have read access to this file. For sites that configured this property before Release 14.0, the permission is granted automatically by a script upon upgrade to Release 14.0. For sites that configure this property on Release 14.0 or later, you must grant the permission manually.