TDGSS LdapClientTlsCACert Property | Teradata Vantage - 17.10 - LdapClientTlsCACert - Advanced SQL Engine - Teradata Database

Teradata Vantage™ - Advanced SQL Engine Security Administration

Product
Advanced SQL Engine
Teradata Database
Release Number
17.10
Release Date
July 2021
Content Type
Administration
Security
Publication ID
B035-1100-171K
Language
English (United States)

The LdapClientTlsCACert property specifies the name of the file that contains all the Certificate Authorities (CAs), including the certificate for the CA that signed the directory server certificate that TDGSS and OpenLdap tools trust. If the signing CA is not a top-level (root) CA, certificates for the entire sequence of CAs from the signing CA to the top-level CA must be present. The certificate order is not significant.

You can use this property for certificate chain verification when all CAs are in one file, but LdapClientTlsCACertDir is preferred. See LdapClientTlsCACertDir.

Valid Settings

Setting Description
"" (default) No file is specified
A file name The file must contain concatenated CA certificates in PEM format.

Editing Guidelines

  • To set a value, you must manually add this property to the TDGSS configuration file for the needed mechanisms. See About Editing Configuration Files.
  • Configure this property or LdapClientTlsCACertDir (preferred) when using TLS. See Verifying the Directory Server Certificate Chain.

  • If you decide to use TLS protection, edit this property for all mechanisms that have the AuthorizationSupported property set to yes.

  • Set the value on each node and the Unity server, if used. Also see Coordinating Mechanism Property Values for Unity.

    The Linux user under which Teradata Vantage runs must own and have read access to this file. For sites that configured this property before Release 14.0, the permission is granted automatically by a script upon upgrade to Release 14.0. For sites that configure this property on Release 14.0 or later, you must grant the permission manually.