16.10 - LDAP Authentication with Database Authorization - Teradata Database

Teradata Database Security Administration

prodname
Teradata Database
vrm_release
16.10
created_date
June 2017
category
Administration
Security
featnum
B035-1100-161K
  • The directory should be LDAPv3-compliant. See About Certified Directories.
  • Verify that the LDAP mechanism is enabled on all Kerberos clients, on all databases to which they connect, and the Unity server, if used. Set the LDAP mechanism as the client default, or the user must specify it at logon.
  • The directory username used at logon must match a Teradata Database username. For acceptable logon username forms, see Logging on Using Sign-on As.
  • The matching Teradata Database username must have LOGON WITH NULL PASSWORD privileges. See Working with User Privileges in the Database.
  • The LDAP AuthorizationSupported property must be set to no in the TdgssUserConfigFile.xml on the database and on the Unity server if used. See Changing the TDGSS Configuration.
  • For LDAP authenticated users logging on through Unity, see Teradata Unity Installation, Configuration, and Upgrade Guide for Customers (B035-2523) and Teradata Unity User Guide (B035-2520).