Enabling Directory-Based IP Restrictions | Teradata Vantage - 17.10 - Enabling Directory-Based IP Restrictions with the ipdir2bin Utility - Advanced SQL Engine - Teradata Database

Teradata Vantage™ - Advanced SQL Engine Security Administration

Product
Advanced SQL Engine
Teradata Database
Release Number
17.10
Release Date
July 2021
Content Type
Administration
Security
Publication ID
B035-1100-171K
Language
English (United States)

The ipdir2bin utility transfers the directory-based IP address restrictions to the IP GDO.

  1. From the /site directory on the lowest numbered Teradata Vantage SQL Engine node, run the ipdir2bin utility, to commit directory IP restrictions to the database GDO:
    $ ipdir2bin -u dir_username [-w  dir_password ] [-h dir_server_name ]
    [-S system_name ]
    Enter LDAP password:
    Parse successful
    608 bytes written to the ipfilter GDO.
    dir_username
    Specifies the FQDN of the directory user running the utility.
    dir_password
    [Optional] Specifies the password for the user dir_username.
    Default behavior: System prompts you for a password.
    dir_server_name
    [Optional] Identifies the directory server.
    The administrator specifies dir_server_name when doing either of the following:
    • Adding a system to a domain
    • Explicitly naming the server in the etc/ldap.conf file on a Teradata Vantage system.
    Default: LdapServerName property value (see LdapServerName).
    system_name
    [Optional] Identifies the FQDN of the Vantage system, as it appears in the tdatSystem object in the directory. See LdapSystemFQDN.
    If restrictions are configured for a single Vantage system, the tdatSystem object has the name of the system.
    If directory users log on through Unity, the IP restrictions must be configured identically for all Vantage systems. IP restrictions for all database systems are the children of a single tdatSystem object.
    Default: LdapSystemFQDN property value from TDGSS configuration files. (If the LdapSystemFQDN property also contains no value, the utility exits with an error.)

    The command populates the GDO and distributes it to all database nodes.

  2. To enable the committed restrictions, run the tpareset utility. For more information, see Teradata Vantage™ - Database Utilities, B035-1102.
    This step is only necessary for the initial implementation of IP restrictions, and does not apply to revisions.
  3. If the fully enabled IP restrictions do not function as needed, you can:

    In most cases, Testing XML-Based IP Restrictions should uncover any problems before you enable them on the system.

  4. In a Unity environment, repeat this procedure for each Vantage system.