Procedure - Advanced SQL Engine - Teradata Database

Security Administration
Product
Advanced SQL Engine
Teradata Database
Release Number
17.05
17.00
Published
September 2020
Language
English (United States)
Last Update
2021-01-23
dita:mapPath
ied1556235912841.ditamap
dita:ditavalPath
lze1555437562152.ditaval
dita:id
B035-1100
lifecycle
previous
Product Category
Teradata Vantage™
  1. From the TDGSS/bin directory, use ldapmodify to run the schema installation script:
    #!/bin/sh
#
# usage: loadschema  server 
#
#
  - if [ $# != 1 ]; then
  -   echo "Wrong # args"
  -   echo "usage: $0  server"
  -   exit 1
  - fi
  - cd /opt/teradata/tdgss/etc
  - SNC=‘ldapsearch -H ldap://$1 -b "" -s base schemanamingcontext | \
  -      grep -i schemanamingcontext | \
  -      cut -d’ ’ -f2‘
  - if [ "$SNC" = "" ]; then
  -   echo "Schema naming context not found on server $1"
  -   exit 1
  - fi
  - cat tdat.actdir.schema ipfilter.actdir.schema policy.actdir.schema| \
  -   sed -e "s/CN=Schema/$SNC/" | \
  -   ldapmodify -c -H ldap://$1 -x -D  admin_DN  -W -Z

    where the ldapmodify syntax operates as follows:

    Syntax Element Explanation
    server Names an Active Directory, ADAM, or AD LDS directory server where the schema extensions are loaded.
    -c Causes ldapmodify to ignore errors and keep running.
    -H ldap://$1 Specifies the ldap server naming convention according to binding type:
    • For TLS protection (requires concurrent use of the -Z option): ldap://server/
    • For SSL protection (not compatible with concurrent use of the -Z option): ldaps://server/
    -x Requests simple binding.
    -D admin_DN Specifies the DN of a user with administrative privileges in the directory.
    -W Causes ldapmodify to prompt for the password of the user identified in -D
    -Z Requests TLS protection and requires a successful response before continuing.
  2. The system prompts for the directory password of the user running the ldapmodify command. Enter the password.

You can use the script as shown above based on the following assumptions:

  • The Teradata GSS server package, which includes the tdat.actdir.schema file, has already been installed on the Teradata Vantage nodes.
  • The administrator specified in the script must have the required access privileges.
  • Active Directory/ADAM is running on Windows 2003 or later.
  • If you have already installed the base schema and only want to add the IP restriction schema or the security policy schema, omit the tdat.actdir.schema.

Do the following to use the script to install schema from Teradata Vantage to Active Directory, ADAM, or AD LDS running on the system, for example, system esroot:

  1. From the Vantage command prompt, after pasting in the install script, run the script by entering:
    ./loadschema esroot
  2. The administrator is prompted for a password with the following: 
    Please enter your password:
    With simple binding you must include a -W specification to initiate a password prompt. The password you submit must be the correct password for the username shown in the script.
  3. The system then returns the following output, showing that the Teradata schema extensions are installed in the directory:
    The output shown below is not complete. It was edited to provide a brief example of what you would see at the completion of schema installation.
    adding entry "cn=tdatProfileMember,CN=Schema,CN=Configuration,
DC=esrootdom,DC=esdev,DC=tdat"
adding entry "cn=tdatProfileMemberOf,CN=Schema,CN=Configuration,
DC=esrootdom,DC=esdev,DC=tdat"
...snipped...
adding entry "cn=tdatUser,CN=Schema,CN=Configuration,
DC=esrootdom,DC=esdev,DC=tdat"
adding entry "cn=tdatRole,CN=Schema,CN=Configuration,
DC=esrootdom,DC=esdev,DC=tdat"
modifying entry ""
$