The LdapClientTlsCACertDir property specifies the path of a directory that contains individual CA certificates in separate files. You can use the LdapClientTlsCACert property to support TLS certificate chain verification, but LdapClientTlsCACertDir is preferred.
To assign a value to the LdapClientTlsCACertDir property, you must generate symbolic links, using the TDGSS certlink utility, which point to the actual certificate files. See Creating the CA Certificate Symlinks for instructions on using the certlink utility.
Valid Settings
Setting | Description |
---|---|
"" (default) | No cert directory is specified |
A valid directory path | The path to a directory that contains individual CA certificates, in separate files, for all of the Certificate Authorities the client recognizes. The file system you use for the path must support symbolic links. |
Editing Guidelines
- The LdapClientTlsCACertDir property appears only in the library configuration file. To set a value, you must manually add it to the TDGSS configuration file for the needed mechanisms. See Editing Configuration Files.
- If you decide to use TLS protection, edit this property for all mechanisms that have the AuthorizationSupported property set to yes.
- Edit this property on the database.
- Specify the path of a directory that contains individual CA certificates in separate files for all of the certificate authorities the client recognizes.The Linux user under which Teradata Vantage runs must own and have read access to this file. For sites that configured this property before Release 14.0, the permission is granted automatically by a script upon upgrade to Release 14.0. For sites that configure this property on Release 14.0 or later, you must grant the permission manually.