The LdapClientTlsReqCert property specifies what checks to perform on directory server certificates (if any), in a TLS-protected session. This property is required when Teradata Vantage authenticates the directory server.
|never (default)||The database does not require the directory server to provide a certificate, even if CA Certs or CRLs are configured.|
|allow||Vantage asks the directory server for a certificate. If it does not provide a certificate, or if it provides an invalid certificate, the connection proceeds normally.|
|try||Vantage asks the directory server for a certificate. If the directory server:
|demand||Vantage asks the directory server for a certificate. If it does not provide a certificate, or if it provides an invalid certificate, the connection terminates.|
- To set a value, you must manually add this property to theTDGSS configuration file for the needed mechanisms. See Editing Configuration Files.
- Edit this property on the database and on Unity, if used. Also see Coordinating Mechanism Property Values for Unity.
- This property is required for optional certificate chain verification. For information, see Verifying the Directory Server Certificate Chain
- Although you can configure this property only in the LDAP mechanism, the effects apply to all external authentication mechanisms.