TDGSS LdapClientTlsCACert Property | Teradata Vantage - 17.20 - LdapClientTlsCACert - Analytics Database - Teradata Vantage

Teradata Vantage™ - Analytics Database Security Administration - 17.20

Deployment
VantageCloud
VantageCore
Edition
Enterprise
IntelliFlex
VMware
Product
Analytics Database
Teradata Vantage
Release Number
17.20
Published
June 2022
Language
English (United States)
Last Update
2023-03-07
dita:mapPath
hjo1628096075471.ditamap
dita:ditavalPath
qkf1628213546010.ditaval
dita:id
zuy1472246340572

The LdapClientTlsCACert property specifies the name of the file that contains all the certificate authorities (CAs), including the certificate for the CA that signed the directory server certificate that TDGSS and OpenLdap tools trust. If the signing CA is not a top-level (root) CA, certificates for the entire sequence of CAs from the signing CA to the top-level CA must be present. The certificate order is not significant.

You can use this property for certificate chain verification when all CAs are in one file, but LdapClientTlsCACertDir is preferred. See LdapClientTlsCACertDir.

Valid Settings

Setting Description
"" (default) No file is specified
A file name The file must contain concatenated CA certificates in PEM format.

Editing Guidelines

  • To set a value, you must manually add this property to the TDGSS configuration file for the needed mechanisms. See Editing Configuration Files.
  • Configure this property or LdapClientTlsCACertDir (preferred) when using TLS. See Verifying the Directory Server Certificate Chain.

  • If you decide to use TLS protection, edit this property for all mechanisms that have the AuthorizationSupported property set to yes.

  • Set the value on each node.

    The Linux user under which Teradata Vantage runs must own and have read access to this file. For sites that configured this property before Release 14.0, the permission is granted automatically by a script upon upgrade to Release 14.0. For sites that configure this property on Release 14.0 or later, you must grant the permission manually.