17.10 - Identity Search Implementation Process - Advanced SQL Engine - Teradata Database

Teradata Vantage™ - Advanced SQL Engine Security Administration

Advanced SQL Engine
Teradata Database
Release Number
July 2021
English (United States)
Last Update
  1. Make sure you understand the format and function of the configuration files. See About the TDGSS Configuration Files.
  2. Create the required identity search in a text editor, such as Notepad. See Configuring an Identity Search.
  3. Use the text editor to add the following items to the authentication mechanism(s) in the TdgssUserConfigFile.xml on Teradata Vantage nodes and to the TdgssUnityConfig.xml on the Unity server, if used. See Making Changes to TdgssUserConfigFile.xml on Database Nodes.
    • Add the identity search created in step 2 above.
    • Add the LdapServiceFQDN and LdapServicePassword properties, and configure them as shown in Directory Identification and Search Properties.

      The LdapServicePasswordProtected property indicates whether the password is stored in encrypted form. You do not need to add this property to use the default setting (not protected). If you want to encrypt the password, use the tdspasswd tool to generate an encrypted password for the passphrase that is used to encrypt the private key file.

      You can store the password in plain text, but it is not recommended. If you use plain text, be sure to limit access to the TDGSS configuration files and the TDGSSCONFIG.GDO. See Controlling Access to the Operating System.

      Also see LdapServicePasswordProtected.

  4. If the configuration is not useful, you can revert to the previous configuration. See Returning to an Old Configuration.