The value of the LdapServerName property tells TDGSS which directory to use for authentication and authorization of directory users.
Valid Settings
- "", that is, _ldap._tcp (default)
- A valid URI or DNS SRV RR specification.
Sample Configuration for a LDAP Uniform Resource Identifier
"resource_identifier [...]"
- resource_identifier
scheme://server[:port]/
The resource identifiers must be separated by spaces. The entire string, including double quotation marks, cannot exceed 256 characters.
Syntax Elements
- scheme
- A valid URL scheme: ldap, ldaps, gc, or gcs.
- server
- The FQDN or IP address of the directory server.
- port
- [Optional] The LDAP service port.
Configuring DNS SRV Resource Records (RRs)
You can configure the LdapServerName property to tell LDAP to select an authenticating directory at random, from the DNS domain SRV RRs, if the RRs conform to IETF RFC 2782.
For details, see the following table or go to: http://www.ietf.org/rfc/rfc2782.txt.
Property Component and Value | Description |
---|---|
Specify the default domain: _scheme._tcp or “”. |
Directs TDGSS to select a directory from those listed in the SRV RRs for the default domain. |
Specify a non-default domain: _scheme._tcp.domain_name |
Directs TDGSS to select a directory from those listed in SRV RRs for the domain you specify. |
Configure a site-aware domain name, for example: _ldap._tcp.site_name._sites.domain |
Directs TDGSS to select a directory that is local to the Teradata Vantage system to which the user logs on, from the SRV RRs for the domain. Also see Configuring LDAP for Site-Aware Authentication. |
Editing Guidelines
- LdapServerName appears by default in the LDAP mechanism. You must add LdapServerName to KRB5 and SPNEGO and specify a value if AuthorizationSupported=yes.
- You must configure this property for any mechanism with AuthorizationSupported =yes.
- Edit this property on database nodes.
- If the default associated with the domain scheme is not the correct port, you can use the URI method to specify another port.
- If the directory is not Active Directory, and you specify _ldaps._tcp or _gcs._tcp, you may need to manually register the location of the directory service in the DNS. For Active Directory, the process is automatic.
- You can use the LdapServerName property to provide directory fail-over protection, by specifying multiple directory servers in a space-separated list.
- If you use the LdapServerName property to configure site-aware authentication:
- If the DNS service for the domain in which the database resides is not the one where Active Directory registers its site-aware DNS SRV RRs (that is, a “foreign” service), then you must also manually configure the site-aware SRV RRs in the foreign DNS service. See Configuring LDAP for Site-Aware Authentication.
- If you configure multiple directory services, you need to configure an LdapServerName for each service entry. See Configuring LDAP to Use Multiple Directory Services.