16.10 - Configuring TDGSS - Teradata Database

Teradata Database Security Administration

Product
Teradata Database
Release Number
16.10
Release Date
June 2017
Content Type
Administration
Security
Publication ID
B035-1100-161K
Language
English (United States)

After verifying that the SRV RR service name for the GC can find the GC servers for a site, configure the LdapServerName property with the SRV RR service name for the site, for example:

<Mechanism Name="ldap">

    <MechanismProperties
        MechanismEnabled="yes"
        AuthorizationSupported="no"
        .
        .
        LdapClientMechanism="simple"
        LdapServerName="_ldap._tcp.SanDiegoHQ._sites.rootdomain.com"
        LdapServerPort="0"
        .
        .
        />

    </Mechanism>
You can configure other properties for the LDAP mechanism, if needed. For instructions, see Changing the TDGSS Configuration and other feature-specific chapters in this publication.

where:

Configuration Option Description
<Mechanism Name="ldap"> Site awareness requires directory authentication of the user, using the LDAP mechanism.
MechanismEnabled="yes" The LDAP mechanism must be enabled.
AuthorizationSupported="no" Site awareness functions whether or not the directory authorizes the user.
LdapClientMechanism="simple" The example is for a system using simple binding, but site awareness also supports DIGEST-MD5 binding.
LdapServerName="_ldap._tcp.SanDiegoHQ._sites.rootdomain.com" This setting requires a DNS SRV RR namd formatted site name, which identifies the local GC directories available to authenticate the user.

When you configure the LdapServerName property for GC site awareness, LDAP selects a directory at random from among the available GC directories for the site.