Configuring LDAP for Directory Authentication and Authorization - Advanced SQL Engine - Teradata Database

Security Administration

Product
Advanced SQL Engine
Teradata Database
Release Number
17.05
17.00
Published
September 2020
Language
English (United States)
Last Update
2021-01-23
dita:mapPath
ied1556235912841.ditamap
dita:ditavalPath
lze1555437562152.ditaval
dita:id
B035-1100
lifecycle
previous
Product Category
Teradata Vantage™

To configure LDAP for authentication and authorization requires the following:

Because the user is authorized by the directory the directory username does not need an equivalent database username, as is the case for an authentication-only implementation
  • Make sure that the LDAP MechanismEnabled property is set to “yes” (the default).
  • Configure the LdapServerName property. See LdapServerName.
  • Optionally configure directory user identification options to speed directory searches for user authorization mapping. See Optimizing Directory Searches.

The procedure for configuring mechanism property values in the TdgssUserConfigFile.xml is shown in Making Changes to TdgssUserConfigFile.xml on Database Nodes.

You must also map directory users to other directory objects to define user database privileges in the directory. See Provisioning Directory Users with Teradata Schema Extensions or Using Native Directory Schema to Provision Directory Users.