17.10 - Standard LDAP Properties Used for All Policy Configurations - Advanced SQL Engine - Teradata Database

Teradata Vantage™ - Advanced SQL Engine Security Administration

Product
Advanced SQL Engine
Teradata Database
Release Number
17.10
Release Date
July 2021
Content Type
Administration
Security
Publication ID
B035-1100-171K
Language
English (United States)

You can configure the following properties for any Service element (directory) that contains a security policy structure. When adding Policy elements to services previously configured for LDAP authentication, you may find that some of these properties are already configured. For information on configuring Service elements for LDAP, see Configuring LDAP to Use Multiple Directory Services.

Property Name Description
LdapServerName Required, Identifies the directory that contains the policy being configured.

Must be a valid URI or DNS SRV RR specification. For details, see LdapServerName.

LdapServiceFQDN Required unless the service is anonymously readable. Identifies the bindable object in the directory that represents the service identity, that is, the Teradata Vantage system or Unity server that contains the TDGSS configuration file that is being configured. See LdapServiceFQDN.
Directories that serve multiple Vantage systems should contain a separate bindable object for each system and for the Unity server, if used.
LdapServicePassword If your site security policy requires a password for the service FQDN, configure a password as the value of this property. For details, see LdapServicePassword.
LdapServicePasswordProtected Indicates whether the LDAP service password (if used) is encrypted.
  • Yes means that TDGSS stores the LdapServicePassword in encrypted form.
  • No (the default) means that TDGSS stores the LdapServicePassword in plain text.

For details, see LdapServicePasswordProtected.

LdapSystemFQDN Identifies the FQDN of the tdatSystem directory object, to assist in constructing the DNs of Vantage users and profiles.
LdapBaseFQDN Specifies the FQDN of the directory object that contains directory users and groups, which provides the search base for locating user and group objects.

Not required if the LdapNetworkBaseFQDN is configured. See Configuring Policy-Related Properties for a Global Security Policy and Configuring Policy-Related Properties for a Local Security Policy.

For additional information on configuring LDAP properties, see TDGSS Configuration Files, Valid Settings, and Editing Guidelines.