Add Multiple Directory Services to TDGSS | Teradata Vantage - Completing the <LdapConfig> Configuration Change - Advanced SQL Engine - Teradata Database

Security Administration

Product
Advanced SQL Engine
Teradata Database
Release Number
17.10
Published
July 2021
Language
English (United States)
Last Update
2022-02-15
dita:mapPath
ppz1593203596223.ditamap
dita:ditavalPath
wrg1590696035526.ditaval
dita:id
B035-1100
lifecycle
previous
Product Category
Teradata Vantageā„¢

After you complete the editing of the TDGSS configuration file to include the <LdapConfig> section, you should test the configuration before committing the configuration on the Teradata Vantage system or Unity server.

  1. Verify the configuration is correct:
    1. Run tdgsstestcfg to test the configuration. It launches a test environment in a new shell that contains the updates to the configuration file.
      /opt/teradata/tdgss/bin/tdgsstestcfg
    2. Use the tdgssauth utility to test the new <LdapConfig> to verify that users from each service can be authenticated.
      • Specify a directory user and the necessary options using tdgssauth -u dir_user.

        See Working with tdgssauth.

      • Check the output.
      • If the authentication fails, exit the test shell and make the necessary configuration changes and rerun tdgsstestcfg and tdgssauth until the authentication succeeds.
    3. Exit the test shell:
      exit
  2. On the Vantage system (or Unity server), run the run_tdgssconfig utility to update the TDGSSCONFIG GDO with the new version of the <LdapConfig>.
    /opt/teradata/tdgss/bin/run_tdgssconfig
  3. If run_tdgssconfig indicates that a TPA reset is required, run tpareset.
    tpareset -f "use updated TDGSSCONFIG GDO"