17.10 - LDAP Mechanism Properties that Support Service Binds - Advanced SQL Engine - Teradata Database

Teradata Vantage™ - Advanced SQL Engine Security Administration

Product
Advanced SQL Engine
Teradata Database
Release Number
17.10
Release Date
July 2021
Content Type
Administration
Security
Publication ID
B035-1100-171K
Language
English (United States)

Evaluate all the LDAP mechanism properties that support service binds. You may need to configure some or all of them when implementing service binds on your system.

Configure the TdgssUserConfigFile.xml on each Teradata Vantage system served by the directory and the TdgssUnityConfig.xml on the Teradata Unity server, if used.
Property Setting Property Value Setting
LdapServiceBindRequired Yes/No Sets the requirement for a service bind.
  • A yes value means that TDGSS always performs a service bind.
  • A no value (the default) means that TDGSS performs a service bind only if IdentitySearch elements are present in the configuration.
LdapServiceFQDN Distinguished name Identifies the bindable object in the directory that represents the service identity, that is, a Teradata Vantage system or Unity server.
LdapServicePassword String If your site security policy requires a password for the service FQDN, configure a password as the value of this property.
LdapServicePasswordFile String (fully qualified file name) Name of a file that contains a list of encrypted, base64 encoded service passwords, one per line. Allows for changing the LDAP service password without requiring a database restart. See LdapServicePasswordFile.
LdapServicePasswordProtected Yes/No Enables encryption for the LDAP service password, if used.
  • Yes (the default) means that TDGSS stores the LdapServicePassword is stored in encrypted form.
  • No means that TDGSS stores the LdapServicePassword in plain text.

For detailed configuration information, see LDAP Binding Properties [Deprecated].