You can refer to the example configuration in Use Case for Configuring Global and Local Security Policies as an aid in understanding configuration steps.
To ensure uninterrupted operation, configure duplicate security policies in a backup directory and configure the LdapServerName property to automatically switch to the alternate directory in the event of failure. See LdapServerName.
- Add the <LdapConfig> section to the TdgssUserConfigFile.xml on Teradata Vantage nodes, and to the TdgssUnityConfig.xml on the Unity server, if used. See Adding Multiple Directory Services to the TDGSS Configuration. Use this procedure for configuring security policies even if you have only one directory service to configure.If you have already configured multiple directory services in an <LdapConfig> section for LDAP authentication (as shown in Configuring LDAP to Use Multiple Directory Services), the existing configuration contains many of the elements necessary for policy configuration. You only need to add the required policy-related elements to the configuration.
- Open the TdgssUserConfigFile.xml for editing.
- Disable the existing LDAP mechanism, saving property settings for use in the <LdapConfig> section.
- Create the <LdapConfig> section.
- Add the optional <Tls> section, if required at your site. See SSL/TLS Protection Options.
- Configure an entry for each directory service using the standard LDAP properties needed for security policies. See Standard LDAP Properties Used for All Policy Configurations.
- Optionally configure a service element for a global security policy. See Configuring Policy-Related Properties for a Global Security Policy.
- Add the necessary policy-specific properties to each local service. See Configuring Policy-Related Properties for a Local Security Policy.
- After you complete the required edits to the TdgssUserConfigFile.xml, run the run_tdgssconfig utility to update the TDGSSCONFIG GDO.
/opt/teradata/tdgss/bin/run_tdgssconfig
- Test the policy configuration using the tdspolicy tool. See Investigating Security Policy Assignments.
- Run tpareset to activate the changes to the TDGSS configuration.
tpareset -f “use updated TDGSSCONFIG GDO”