The LdapClientTlsReqCert property specifies what checks to perform on directory server certificates (if any), in a TLS-protected session. This property is required when Teradata Vantage authenticates the directory server.
Valid Settings
Setting | Description |
---|---|
never (default) | The database does not require the directory server to provide a certificate, even if CA Certs or CRLs are configured. |
allow | Vantage asks the directory server for a certificate. If it does not provide a certificate, or if it provides an invalid certificate, the connection proceeds normally. |
try | Vantage asks the directory server for a certificate. If the directory server:
|
demand | Vantage asks the directory server for a certificate. If it does not provide a certificate, or if it provides an invalid certificate, the connection terminates. |
Editing Guidelines
- To set a value, you must manually add this property to the TDGSS configuration file for the needed mechanisms. See Editing Configuration Files.
- Edit this property on the database.
- This property is required for optional certificate chain verification. For information, see Verifying the Directory Server Certificate Chain
- Although you can configure this property only in the LDAP mechanism, the effects apply to all external authentication mechanisms.