16.10 - Sample Configuration Containing Both Local and Global Policies - Teradata Database

Teradata Database Security Administration

prodname
Teradata Database
vrm_release
16.10
created_date
June 2017
category
Administration
Security
featnum
B035-1100-161K

The following example shows configured policy elements in the TdgssUserConfigFile.xml.

<LdapConfig>

   <Tls ... />
   <Services>
      <Service
         Id="globalpolicysvc"
         LdapServerName="_ldap.tcp.domain.com"
         LdapServiceFQDN="cn=div1,ou=services,dc=domain1,dc=com"
         LdapSystemFQDN="cn=system1,cn=tdat,dc=domain1,dc=com"
         LdapServicePassword="password"... />
      <Service
         Id="domain1" ... />
      <Service
         Id="domain2" ... />
      <Service
         Id="domain3" ... />
         LdapServerName="_ldap.tcp.domain.com"
         LdapServiceFQDN="cn=div1,ou=services,dc=domain,dc=com"
         LdapSystemFQDN="cn=systemone,cn=tdat,dc=domain,dc=com"
         LdapServicePassword="password" ... />
         <Policy
            LdapPolicyFQDN="cn=policy1,ou=tdatrootP,dc=domain1,dc=com"
            LdapNetworkBaseFQDN="dc=networks,dc=domain1,dc=com"/>
         </Policy>
      </Service>
   <Services>
   <Canonicalizations>
   ...
   </Canonicalizations>
   <Policy
      Ref="globalpolicysvc"
      LdapPolicyFQDN="cn=policyGLO,ou=tdatrootP,dc=domain1,dc=com"
      LdapNetworkBaseFQDN="dc=networks,dc=domain1,dc=com"/>
</LdapConfig>
The example above shows an entry of: LdapServiceFQDN="cn=div1,ou=services,dc=domain1,dc=com"

which is valid only for Active Directory, ADAM and AD LDS. For other directory types, the configuration must specify:

LdapServiceFQDN="uid=div1,ou=services,dc=domain1,dc=com"