16.10 - Installing Schema Extensions on Novell eDirectory - Teradata Database

Teradata Database Security Administration

Product
Teradata Database
Release Number
16.10
Release Date
June 2017
Content Type
Administration
Security
Publication ID
B035-1100-161K
Language
English (United States)
  1. On the Teradata Database server, navigate to TDGSS/etc.
  2. Run the ldapmodify utility, bundled with TDGSS, to install the Teradata schema extensions on a directory server running Novell eDirectory.
    Specify simple binding for executing the ldapmodify command, and also the recommended SSL or TLS protection, to ensure a secure and successful schema installation. You may need to do additional configuration of SSL/TLS on the computer containing the schema extension files to ensure presence of the certificate chain. For information, see SSL/TLS Protection Options.

    Customize the ldapmodify command shown below to install the Teradata schema extension files you need, based on the protection scheme and schema file name. Install one schema file per command.

    For example, to install the main Teradata schema extension file:

    • With a connection to the directory server that uses simple binding and SSL protection:
      ../bin/ldapmodify -x -D  admin_DN  -W -H ldaps://dir_server  -f tdat.edir.schema
    • With a connection to the directory server that uses simple binding and TLS protection:
      ../bin/ldapmodify -x -D admin_DN -W -H ldap://dir_server -Z -f tdat.edir.schema
    • With a connection to the directory server without protection, that is, in plain text (not recommended):
      ../bin/ldapmodify -x -D admin_DN -W -H ldap://dir_server -f tdat.edir.schema
      Installation of other schema extensions is similar.

    where:

    Syntax Element Explanation
    -x Specifies simple binding.
    -D admin_DN Specifies the DN of a user with administrative privileges in the directory.
    -W Causes ldapmodify to prompt for the password of the user identified in -D.
    -H Specifies the ldap server naming convention according to binding type:
    • For TLS protection (requires concurrent use of the -Z option):

      ldap://server/

    • For SSL protection (not compatible with concurrent use of the -Z option):

      ldaps://server/

    -Z Requests TLS protection and requires a successful response before continuing.
    -f Specifies the name of the schema extension file, for example, tdat.edir.schema(base schema).
    Like Active Directory, eDirectory uses dynamic schema updates, so you do not have to restart the system after installation of the schema extensions. eDirectory also automatically updates all directories in a replicated environment.