16.10 - LdapClientTlsCert - Teradata Database

Teradata Database Security Administration

prodname
Teradata Database
vrm_release
16.10
created_date
June 2017
category
Administration
Security
featnum
B035-1100-161K

The LdapClientTlsCert property specifies the file that contains the TDGSS or OpenLdap client certificate that the directory server uses to authenticate the database.

Default Property Value

The default value of the LdapClientTlsCert property is “”, meaning that no cert file is specified.

Valid Settings

A valid file name.

Supporting Mechanisms for LdapClientTlsCert

The LdapClientTlsCert property is supported for all mechanisms configured for SSL or TLS protection.

Mechanisms that are not listed in the table do not support this property. The Property Editable column indicates if the setting for a property may be edited.
Mechanism Property Editable?
KRB5 May Be Edited
LDAP
To set a value, you must manually add this property to the TdgssUserConfigFile.xml for the needed mechanisms. See About Editing Configuration Files.

Editing Guidelines

  • You must edit this property if you configure SSL or TLS mutual authentication of the directory and Teradata Database.
  • Configure this property for all mechanisms that have the Authorization Supported property set to yes.
  • Edit this property on the database nodes and the Unity server. Also see Coordinating Mechanism Property Values for Unity.
  • Specify the name of the cert file that contains the TDGSS or OpenLdap client certificate that the directory server uses to authenticate the database..
    The Linux user under which Teradata Database runs must own and have read access to this file. For sites that configured this property before Release 14.0, the permission is granted automatically by a script upon upgrade to Release 14.0. For sites that configure this property on Release 14.0 or later, you must grant the permission manually.