TDGSS LdapServerName Property | Teradata Vantage - LdapServerName - Analytics Database

TDGSS LdapServerName Property | Teradata Vantage - LdapServerName - Analytics Database - Teradata Vantage

Security Administration

Deployment

VantageCloud

VantageCore

Edition

Enterprise

IntelliFlex

VMware

Product

Analytics Database

Teradata Vantage

Release Number

17.20

Published

June 2022

Language

English (United States)

Last Update

2024-04-05

dita:mapPath

hjo1628096075471.ditamap

dita:ditavalPath

qkf1628213546010.ditaval

dita:id

zuy1472246340572

lifecycle

latest

Product Category

Teradata Vantage™

The value of the LdapServerName property tells TDGSS which directory to use for authentication and authorization of directory users.

Valid Settings

"", that is, _ldap._tcp (default)
A valid URI or DNS SRV RR specification.

Sample Configuration for a LDAP Uniform Resource Identifier

"resource_identifier [...]"

resource_identifier

scheme://server[:port]/

The resource identifiers must be separated by spaces. The entire string, including double quotation marks, cannot exceed 256 characters.

Syntax Elements

scheme

A valid URL scheme: ldap, ldaps, gc, or gcs.

server

The FQDN or IP address of the directory server.

For fail-over protection, you can specify multiple directory servers, beginning with the primary server. TDGSS selects servers from the list in the order configured. If a server is unavailable, TDGSS tries the next server on the list.

For configuring systems connected to multiple directory services, see Creating the <LdapConfig> Section in the TdgssUserConfigFile.xml.

port

[Optional] The LDAP service port.

Default behavior: The system uses the default port designation for the specified scheme, for example:

ldap (389)
ldaps (636)
gc (3268)
gcs (3269)

Configuring DNS SRV Resource Records (RRs)

You can configure the LdapServerName property to tell LDAP to select an authenticating directory at random, from the DNS domain SRV RRs, if the RRs conform to IETF RFC 2782.

For details, see the following table or go to: http://www.ietf.org/rfc/rfc2782.txt.

Property Component and Value	Description
Specify the default domain: _scheme._tcp or “”.	Directs TDGSS to select a directory from those listed in the SRV RRs for the default domain.
Specify a non-default domain: _scheme._tcp.domain_name	Directs TDGSS to select a directory from those listed in SRV RRs for the domain you specify.
Configure a site-aware domain name, for example: _ldap._tcp.site_name._sites.domain	Directs TDGSS to select a directory that is local to the Teradata Vantage system to which the user logs on, from the SRV RRs for the domain. Also see Configuring LDAP for Site-Aware Authentication.

Editing Guidelines

LdapServerName appears by default in the LDAP mechanism. You must add LdapServerName to KRB5 and SPNEGO and specify a value if AuthorizationSupported=yes.
You must configure this property for any mechanism with AuthorizationSupported =yes.
Edit this property on database nodes.
If the default associated with the domain scheme is not the correct port, you can use the URI method to specify another port.
If the directory is not Active Directory, and you specify _ldaps._tcp or _gcs._tcp, you may need to manually register the location of the directory service in the DNS. For Active Directory, the process is automatic.
You can use the LdapServerName property to provide directory fail-over protection, by specifying multiple directory servers in a space-separated list.
If you use the LdapServerName property to configure site-aware authentication:
- If the DNS service for the domain in which the database resides is not the one where Active Directory registers its site-aware DNS SRV RRs (that is, a “foreign” service), then you must also manually configure the site-aware SRV RRs in the foreign DNS service. See Configuring LDAP for Site-Aware Authentication.
- If you configure multiple directory services, you need to configure an LdapServerName for each service entry. See Configuring LDAP to Use Multiple Directory Services.