16.10 - LDAP Authentication with Database Authorization - Teradata Database

Teradata Database Security Administration

Product
Teradata Database
Release Number
16.10
Release Date
June 2017
Content Type
Administration
Security
Publication ID
B035-1100-161K
Language
English (United States)
  • The directory should be LDAPv3-compliant. See About Certified Directories.
  • Verify that the LDAP mechanism is enabled on all Kerberos clients, on all databases to which they connect, and the Unity server, if used. Set the LDAP mechanism as the client default, or the user must specify it at logon.
  • The directory username used at logon must match a Teradata Database username. For acceptable logon username forms, see Logging on Using Sign-on As.
  • The matching Teradata Database username must have LOGON WITH NULL PASSWORD privileges. See Working with User Privileges in the Database.
  • The LDAP AuthorizationSupported property must be set to no in the TdgssUserConfigFile.xml on the database and on the Unity server if used. See Changing the TDGSS Configuration.
  • For LDAP authenticated users logging on through Unity, see Teradata Unity Installation, Configuration, and Upgrade Guide for Customers (B035-2523) and Teradata Unity User Guide (B035-2520).