17.10 - Directory Service Setup in the TdgssUserConfigFile.xml - Advanced SQL Engine - Teradata Database

Teradata Vantage™ - Advanced SQL Engine Security Administration

Product
Advanced SQL Engine
Teradata Database
Release Number
17.10
Release Date
July 2021
Content Type
Administration
Security
Publication ID
B035-1100-171K
Language
English (United States)

The following example shows the configuration of the three directory services in the <LdapConfig> section of the TdgssUserConfigFile.xml

The basic configuration structure required for defining security policies may have already been set up as part of configuring LDAP authentication using multiple directory services. See Configuring LDAP to Use Multiple Directory Services.
<LdapConfig>

    <Tls .../>

    <Services>

        <Service
            Id="hrsvc"
            LdapServerName="_ldap._tcp.hr.domain.com"
            LdapBaseFQDN="dc=hr,dc=domain,dc=com"
            LdapServiceFQDN="uid=dbcsvc,ou=services,dc=hr,dc=domain,  dc=com"
            LdapServicePassword="secret"
            .../>

        <Service
            Id="devsvc"
            LdapServerName="_ldap._tcp.dev.domain.com"
            LdapBaseFQDN="dc=dev,dc=domain,dc=com"
            LdapServiceFQDN="uid=dbcsvc,ou=services,dc=dev,dc=domain,  dc=com"
            LdapServicePassword="secret"
            .../>

        <Service
            Id="mktsvc"
            LdapServerName="_ldap._tcp.mkt.domain.com"
            LdapBaseFQDN="dc=mkt,dc=domain,dc=com"
            LdapServiceFQDN="uid=dbcsvc,ou=services,dc=mkt,dc=domain,  dc=com"
            LdapServicePassword="secret"
            .../>

    </Services>

    <Canonicalizations>

        <IdentitySearch
            Ref="hrsvc"
            Match="hr_(.+)"
            Base="dc=hr,dc=domain,dc=com"
            Filter="(uid=${1})"
            Scope="subtree"
            DatabaseName="${1}"/>

        <IdentitySearch
            Ref="devsvc"
            Match="dev_(.+)"
            Base="dc=dev,dc=domain,dc=com"
            Filter="(uid=${1})"
            Scope="subtree"
            DatabaseName="${1}"/>

        <IdentitySearch
            Ref="mktsvc"
            Match="mkt_(.+)"
            Base="dc=mkt,dc=domain,dc=com"
            Filter="(uid=${1})"
            Scope="subtree"
            DatabaseName="${1}"/>

    </Canonicalizations>

</LdapConfig>