17.10 - Configuring LDAP for Authentication Only - Advanced SQL Engine - Teradata Database

Teradata Vantage™ - Advanced SQL Engine Security Administration

Product
Advanced SQL Engine
Teradata Database
Release Number
17.10
Release Date
July 2021
Content Type
Administration
Security
Publication ID
B035-1100-171K
Language
English (United States)

Teradata GSS provides a large number of LDAP properties to support various directory-based security strategies. Teradata recommends that you start by implementing LDAP authentication for a few users and then add other options, for example, authorization of user privileges in the directory, as needed.

If you only configure LDAP authentication, user privileges are authorized by the database. Authenticated users must have the same username in the database and the directory.

The following LDAP mechanism property settings are required for the authentication-only strategy:
  • Make sure that the MechanismEnabled property is set to ‘yes’ (the default).
  • Configure the LdapServerName property. See LdapServerName.

The procedure configuring mechanism property values in the TdgssUserConfigFile.xml is shown in Making Changes to TdgssUserConfigFile.xml on Database Nodes.