TDGSS LdapClientTlsCACertDir Property | Teradata Vantage - 17.20 - LdapClientTlsCACertDir - Analytics Database - Teradata Vantage

Teradata Vantage™ - Analytics Database Security Administration - 17.20

Deployment
VantageCloud
VantageCore
Edition
Enterprise
IntelliFlex
VMware
Product
Analytics Database
Teradata Vantage
Release Number
17.20
Published
June 2022
Language
English (United States)
Last Update
2023-03-07
dita:mapPath
hjo1628096075471.ditamap
dita:ditavalPath
qkf1628213546010.ditaval
dita:id
zuy1472246340572

The LdapClientTlsCACertDir property specifies the path of a directory that contains individual CA certificates in separate files. You can use the LdapClientTlsCACert property to support TLS certificate chain verification, but LdapClientTlsCACertDir is preferred.

To assign a value to the LdapClientTlsCACertDir property, you must generate symbolic links, using the TDGSS certlink utility, which point to the actual certificate files. See Creating the CA Certificate Symlinks for instructions on using the certlink utility.

Valid Settings

Setting Description
"" (default) No cert directory is specified
A valid directory path The path to a directory that contains individual CA certificates, in separate files, for all of the Certificate Authorities the client recognizes. The file system you use for the path must support symbolic links.

Editing Guidelines

  • The LdapClientTlsCACertDir property appears only in the library configuration file. To set a value, you must manually add it to the TDGSS configuration file for the needed mechanisms. See Editing Configuration Files.
  • If you decide to use TLS protection, edit this property for all mechanisms that have the AuthorizationSupported property set to yes.
  • Edit this property on the database.
  • Specify the path of a directory that contains individual CA certificates in separate files for all of the certificate authorities the client recognizes.
    The Linux user under which Teradata Vantage runs must own and have read access to this file. For sites that configured this property before Release 14.0, the permission is granted automatically by a script upon upgrade to Release 14.0. For sites that configure this property on Release 14.0 or later, you must grant the permission manually.