17.10 - Configuring TDGSS - Advanced SQL Engine - Teradata Database

Teradata Vantage™ - Advanced SQL Engine Security Administration

Advanced SQL Engine
Teradata Database
Release Number
Release Date
July 2021
Content Type
Publication ID
English (United States)

After verifying that the SRV RR service name for the GC can find the GC servers for a site, configure the LdapServerName property with the SRV RR service name for the site, for example:

<Mechanism Name="ldap">


You can configure other properties for the LDAP mechanism, if needed. For instructions, see Changing the TDGSS Configuration.
Configuration Option Description
<Mechanism Name="ldap"> Site awareness requires directory authentication of the user, using the LDAP mechanism.
MechanismEnabled="yes" The LDAP mechanism must be enabled.
AuthorizationSupported="no" Site awareness functions whether or not the directory authorizes the user.
LdapClientMechanism="simple" The example is for a system using simple binding.

Site awareness also supports DIGEST-MD5 binding.

The DIGEST-MD5 authentication protocol used by LDAP is deprecated. Teradata strongly recommends you use simple binding with TLS protection, and stop using DIGEST-MD5.
LdapServerName="_ldap._tcp.SanDiegoHQ._sites.rootdomain.com" This setting requires a DNS SRV RR formatted site name, which identifies the local GC directories available to authenticate the user.

When you configure the LdapServerName property for GC site awareness, LDAP selects a directory at random from among the available GC directories for the site.