17.10 - Directory Service Setup in the TdgssUserConfigFile.xml - Advanced SQL Engine - Teradata Database

Teradata Vantage™ - Advanced SQL Engine Security Administration

Product
Advanced SQL Engine
Teradata Database
Release Number
17.10
Published
July 2021
Language
English (United States)
Last Update
2022-02-15
dita:mapPath
ppz1593203596223.ditamap
dita:ditavalPath
wrg1590696035526.ditaval
dita:id
zuy1472246340572

The following example shows the configuration of the three directory services in the <LdapConfig> section of the TdgssUserConfigFile.xml

The basic configuration structure required for defining security policies may have already been set up as part of configuring LDAP authentication using multiple directory services. See Configuring LDAP to Use Multiple Directory Services.
<LdapConfig>

    <Tls .../>

    <Services>

        <Service
            Id="hrsvc"
            LdapServerName="_ldap._tcp.hr.domain.com"
            LdapBaseFQDN="dc=hr,dc=domain,dc=com"
            LdapServiceFQDN="uid=dbcsvc,ou=services,dc=hr,dc=domain,  dc=com"
            LdapServicePassword="secret"
            .../>

        <Service
            Id="devsvc"
            LdapServerName="_ldap._tcp.dev.domain.com"
            LdapBaseFQDN="dc=dev,dc=domain,dc=com"
            LdapServiceFQDN="uid=dbcsvc,ou=services,dc=dev,dc=domain,  dc=com"
            LdapServicePassword="secret"
            .../>

        <Service
            Id="mktsvc"
            LdapServerName="_ldap._tcp.mkt.domain.com"
            LdapBaseFQDN="dc=mkt,dc=domain,dc=com"
            LdapServiceFQDN="uid=dbcsvc,ou=services,dc=mkt,dc=domain,  dc=com"
            LdapServicePassword="secret"
            .../>

    </Services>

    <Canonicalizations>

        <IdentitySearch
            Ref="hrsvc"
            Match="hr_(.+)"
            Base="dc=hr,dc=domain,dc=com"
            Filter="(uid=${1})"
            Scope="subtree"
            DatabaseName="${1}"/>

        <IdentitySearch
            Ref="devsvc"
            Match="dev_(.+)"
            Base="dc=dev,dc=domain,dc=com"
            Filter="(uid=${1})"
            Scope="subtree"
            DatabaseName="${1}"/>

        <IdentitySearch
            Ref="mktsvc"
            Match="mkt_(.+)"
            Base="dc=mkt,dc=domain,dc=com"
            Filter="(uid=${1})"
            Scope="subtree"
            DatabaseName="${1}"/>

    </Canonicalizations>

</LdapConfig>