TDGSS LdapClientTlsReqCert Property | Teradata Vantage - LdapClientTlsReqCert - Analytics Database - Teradata Vantage

Security Administration

Deployment
VantageCloud
VantageCore
Edition
Enterprise
IntelliFlex
VMware
Product
Analytics Database
Teradata Vantage
Release Number
17.20
Published
June 2022
Language
English (United States)
Last Update
2023-07-11
dita:mapPath
hjo1628096075471.ditamap
dita:ditavalPath
qkf1628213546010.ditaval
dita:id
B035-1100
lifecycle
latest
Product Category
Teradata Vantage™

The LdapClientTlsReqCert property specifies what checks to perform on directory server certificates (if any), in a TLS-protected session. This property is required when Teradata Vantage authenticates the directory server.

Valid Settings

Setting Description
never (default) The database does not require the directory server to provide a certificate, even if CA Certs or CRLs are configured.
allow Vantage asks the directory server for a certificate. If it does not provide a certificate, or if it provides an invalid certificate, the connection proceeds normally.
try Vantage asks the directory server for a certificate. If the directory server:
  • Does not provide a certificate, the connection proceeds normally
  • Provides an invalid certificate, the connection terminates.
demand Vantage asks the directory server for a certificate. If it does not provide a certificate, or if it provides an invalid certificate, the connection terminates.

Editing Guidelines

  • To set a value, you must manually add this property to the TDGSS configuration file for the needed mechanisms. See Editing Configuration Files.
  • Edit this property on the database.
  • This property is required for optional certificate chain verification. For information, see Verifying the Directory Server Certificate Chain
  • Although you can configure this property only in the LDAP mechanism, the effects apply to all external authentication mechanisms.