Example Configuration - Analytics Database - Teradata Vantage

Security Administration

Deployment
VantageCloud
VantageCore
Edition
Enterprise
IntelliFlex
VMware
Product
Analytics Database
Teradata Vantage
Release Number
17.20
Published
June 2022
Language
English (United States)
Last Update
2024-04-05
dita:mapPath
hjo1628096075471.ditamap
dita:ditavalPath
qkf1628213546010.ditaval
dita:id
zuy1472246340572
lifecycle
latest
Product Category
Teradata Vantage™

Make the following changes to the TdgssUserConfigFile.xml file in the TDGSS site directory on database nodes.

See Changing the TDGSS Configuration.
  • Add the LdapClientTlsCACertDir property, and specify the full path to the site/ssl/cacerts directory for the property value. This property points to the absolute path of the directory where the two PEM files and the two symlinks are located.
    If all the CA certs are contained in a single file, you can alternately use the LdapClientTlsCACert property to specify the file name.
  • Add the LdapClientTlsReqCert property and set the property value to “demand”. This value causes Teradata Vantage to request the directory server for a certificate each time a directory user logs on to the database. If the directory does not provide a certificate, or it provides an invalid certificate, TDGSS terminates the connection.

For configuration information, see LDAP Protection Properties.

The following example shows an LDAP mechanism TdgssUserConfigFile.xml that includes configured certificate properties. This example also applies to KRB5 or SPNEGO if AuthorizationSupported is set to “yes”.

<Mechanism Name="ldap">
    <MechanismProperties
        ...
        LdapServerName="ldap://someserver/"
        LdapClientUseTls="yes"
        LdapClientTlsCACertDir="/opt/teradata/tdat/tdgss/site/ssl/cacerts/"
        LdapClientTlsReqCert="demand"
        />
</Mechanism>
For configuration requirements when authentication is set for multiple directory services, see Creating the <LdapConfig> Section in the TdgssUserConfigFile.xml.