16.10 - LdapClientTlsCert - Teradata Database

Teradata Database Security Administration

Product
Teradata Database
Release Number
16.10
Release Date
June 2017
Content Type
Administration
Security
Publication ID
B035-1100-161K
Language
English (United States)

The LdapClientTlsCert property specifies the file that contains the TDGSS or OpenLdap client certificate that the directory server uses to authenticate the database.

Default Property Value

The default value of the LdapClientTlsCert property is “”, meaning that no cert file is specified.

Valid Settings

A valid file name.

Supporting Mechanisms for LdapClientTlsCert

The LdapClientTlsCert property is supported for all mechanisms configured for SSL or TLS protection.

Mechanisms that are not listed in the table do not support this property. The Property Editable column indicates if the setting for a property may be edited.
Mechanism Property Editable?
KRB5 May Be Edited
LDAP
To set a value, you must manually add this property to the TdgssUserConfigFile.xml for the needed mechanisms. See About Editing Configuration Files.

Editing Guidelines

  • You must edit this property if you configure SSL or TLS mutual authentication of the directory and Teradata Database.
  • Configure this property for all mechanisms that have the Authorization Supported property set to yes.
  • Edit this property on the database nodes and the Unity server. Also see Coordinating Mechanism Property Values for Unity.
  • Specify the name of the cert file that contains the TDGSS or OpenLdap client certificate that the directory server uses to authenticate the database..
    The Linux user under which Teradata Database runs must own and have read access to this file. For sites that configured this property before Release 14.0, the permission is granted automatically by a script upon upgrade to Release 14.0. For sites that configure this property on Release 14.0 or later, you must grant the permission manually.