Configuring TDGSS - Advanced SQL Engine - Teradata Database

Security Administration

Product
Advanced SQL Engine
Teradata Database
Release Number
17.05
17.00
Published
September 2020
Language
English (United States)
Last Update
2021-01-23
dita:mapPath
ied1556235912841.ditamap
dita:ditavalPath
lze1555437562152.ditaval
dita:id
B035-1100
lifecycle
previous
Product Category
Teradata Vantage™

After verifying that the SRV RR service name for the GC can find the GC servers for a site, configure the LdapServerName property with the SRV RR service name for the site, for example:

<Mechanism Name="ldap">

    <MechanismProperties
        MechanismEnabled="yes"
        AuthorizationSupported="no"
        .
        .
        LdapClientMechanism="simple"
        LdapServerName="_ldap._tcp.SanDiegoHQ._sites.rootdomain.com"
        LdapServerPort="0"
        .
        .
        />

    </Mechanism>
You can configure other properties for the LDAP mechanism, if needed. For instructions, see Changing the TDGSS Configuration.

where:

Configuration Option Description
<Mechanism Name="ldap"> Site awareness requires directory authentication of the user, using the LDAP mechanism.
MechanismEnabled="yes" The LDAP mechanism must be enabled.
AuthorizationSupported="no" Site awareness functions whether or not the directory authorizes the user.
LdapClientMechanism="simple" The example is for a system using simple binding.

Site awareness also supports DIGEST-MD5 binding.

The DIGEST-MD5 authentication protocol used by LDAP is deprecated. Teradata strongly recommends you use simple binding with TLS protection, and stop using DIGEST-MD5.
LdapServerName="_ldap._tcp.SanDiegoHQ._sites.rootdomain.com" This setting requires a DNS SRV RR formatted site name, which identifies the local GC directories available to authenticate the user.

When you configure the LdapServerName property for GC site awareness, LDAP selects a directory at random from among the available GC directories for the site.