16.10 - LdapClientUseTLS - Teradata Database

Teradata Database Security Administration

prodname
Teradata Database
vrm_release
16.10
created_date
June 2017
category
Administration
Security
featnum
B035-1100-161K

The LdapClientUseTls property specifies whether TLS protection is enabled. Teradata strongly recommends TLS protection when you use simple binds, including service binds.

This property must be set to yes to enable use of advanced TLS capabilities, such as certificate chain verification or mutual authentication.

Valid Settings

Setting Description
yes TLS protection is enabled
no (default) TLS protection is not enabled

Supported Mechanisms for LdapClientUseTLS

The LdapClientUseTls property is supported for mechanisms that can use simple binds.

Mechanisms that are not listed in the table do not support this property. The Property Editable column indicates if the setting for a property may be edited.
Mechanism Property Editable?
KRB5 May Be Edited
LDAP
To set a value, you must manually add this property to the TdgssUserConfigFile.xml for the needed mechanism(s). See About Editing Configuration Files.

Editing Guidelines

  • Set the LdapClientUseTls property to yes to protect passwords on systems that use simple binds, including service binds. For information on binding, see LDAP Binding Options.
    Teradata recommends that you set the LdapClientUseTls property to yes on systems that use simple binds, even if the LdapServerName property specifies SSL protection, to maintain protection in the event someone later modifies the LdapServerName property to contain an non-SSL URL.
  • If you decide to use TLS protection, edit this property for all mechanisms that have the AuthorizationSupported property set to yes.
  • Edit this property on the database and on Unity, if used. Also see Coordinating Mechanism Property Values for Unity.

For detailed procedures on configuring TLS options, see SSL/TLS Protection Options.