TDGSS LdapClientMechanism Property | Teradata Vantage - 17.10 - LdapClientMechanism - Advanced SQL Engine - Teradata Database

Teradata Vantage™ - Advanced SQL Engine Security Administration

Product
Advanced SQL Engine
Teradata Database
Release Number
17.10
Release Date
July 2021
Content Type
Administration
Security
Publication ID
B035-1100-171K
Language
English (United States)

The LdapClientMechanism property specifies the bind type TDGSS must use to bind the user, during LDAP user authentication. See LDAP Binding Options.

Valid Settings

  • sasl/digest-md5 (default)
    Although the sasl/digest-md5 setting is the default (for legacy compatibility), it is not recommended for use.
  • simple (recommended)

Editing Guidelines

  • The LdapClientMechanism property appears by default in the library configuration file for the LDAP mechanism. Other mechanisms do not support this property.
  • To reset the value from the default, you must manually add this property to the TDGSS configuration file for the LDAP mechanism. See About Editing Configuration Files.
  • Edit this property on database nodes and on the Unity server, if used. Also see Coordinating Mechanism Property Values for Unity.
  • Change the setting to simple to support simple binds.
  • Regardless of the LdapClientMechanism setting, Teradata strongly recommends that you also setup TLS protection to guard against man-in-the-middle and other attacks. See Using TLS with a Directory Server.