Configuring the Directory Services | Teradata Vantage - Configuring the Directory Services - Advanced SQL Engine - Teradata Database

Security Administration
Product
Advanced SQL Engine
Teradata Database
Release Number
17.05
17.00
Published
September 2020
Language
English (United States)
Last Update
2021-01-23
dita:mapPath
ied1556235912841.ditamap
dita:ditavalPath
lze1555437562152.ditaval
dita:id
B035-1100
lifecycle
previous
Product Category
Teradata Vantage™

You can refer to the example configuration in Use Case for Configuring Global and Local Security Policies as an aid in understanding configuration steps.

To ensure uninterrupted operation, configure duplicate security policies in a backup directory and configure the LdapServerName property to automatically switch to the alternate directory in the event of failure. See LdapServerName.
  1. Add the <LdapConfig> section to the TdgssUserConfigFile.xml on Teradata Vantage nodes, and to the TdgssUnityConfig.xml on the Unity server, if used. See Adding Multiple Directory Services to the TDGSS Configuration. Use this procedure for configuring security policies even if you have only one directory service to configure.
    If you have already configured multiple directory services in an <LdapConfig> section for LDAP authentication (as shown in Configuring LDAP to Use Multiple Directory Services), the existing configuration contains many of the elements necessary for policy configuration. You only need to add the required policy-related elements to the configuration.
    1. Open the TdgssUserConfigFile.xml for editing.
    2. Disable the existing LDAP mechanism, saving property settings for use in the <LdapConfig> section.
    3. Create the <LdapConfig> section.
    4. Add the optional <Tls> section, if required at your site. See SSL/TLS Protection Options.
  2. Configure an entry for each directory service using the standard LDAP properties needed for security policies. See Standard LDAP Properties Used for All Policy Configurations.
  3. Optionally configure a service element for a global security policy. See Configuring Policy-Related Properties for a Global Security Policy.
  4. Add the necessary policy-specific properties to each local service. See Configuring Policy-Related Properties for a Local Security Policy.
  5. After you complete the required edits to the TdgssUserConfigFile.xml, run the run_tdgssconfig utility to update the TDGSSCONFIG GDO.
    /opt/teradata/tdgss/bin/run_tdgssconfig
  6. Test the policy configuration using the tdspolicy tool. See Investigating Security Policy Assignments.
  7. Run tpareset to activate the changes to the TDGSS configuration.
    tpareset -f “use updated TDGSSCONFIG GDO”