17.10 - Configuring LDAP for Authentication Only - Advanced SQL Engine - Teradata Database

Teradata Vantage™ - Advanced SQL Engine Security Administration

Advanced SQL Engine
Teradata Database
Release Number
Release Date
July 2021
Content Type
Publication ID
English (United States)

Teradata GSS provides a large number of LDAP properties to support various directory-based security strategies. Teradata recommends that you start by implementing LDAP authentication for a few users and then add other options, for example, authorization of user privileges in the directory, as needed.

If you only configure LDAP authentication, user privileges are authorized by the database. Authenticated users must have the same username in the database and the directory.

The following LDAP mechanism property settings are required for the authentication-only strategy:
  • Make sure that the MechanismEnabled property is set to ‘yes’ (the default).
  • Configure the LdapServerName property. See LdapServerName.

The procedure configuring mechanism property values in the TdgssUserConfigFile.xml is shown in Making Changes to TdgssUserConfigFile.xml on Database Nodes.