16.10 - Standard LDAP Properties Used for All Policy Configurations - Teradata Database

Teradata Database Security Administration

prodname
Teradata Database
vrm_release
16.10
created_date
June 2017
category
Administration
Security
featnum
B035-1100-161K

You can configure the following properties for any Service element (directory) that contains a security policy structure. When adding Policy elements to services previously configured for LDAP authentication, you may find that some of these properties are already configured. For information on configuring Service elements for LDAP, see Configuring LDAP to Use Multiple Directory Services.

Property Name Description
LdapServerName Required, Identifies the directory that contains the policy being configured.

Must be a valid URI or DNS SRV RR specification. For details, see LdapServerName.

LdapServiceFQDN Required unless the service is anonymously readable. Identifies the bindable object in the directory that represents the service identity, that is, the Teradata Database system or Unity server that contains the TdgssUserConfigFile.xml that is being configured. For details, see LdapServiceFQDN.
Directories that serve multiple Teradata Database systems should contain a separate bindable object for each system and for the Unity server, if used.
LdapServicePassword If your site security policy requires a password for the service FQDN, configure a password as the value of this property. For details, see LdapServicePassword.
LdapServicePasswordProtected Indicates whether the LDAP service password (if used) is encrypted.
  • Yes means that TDGSS stores the LdapServicePassword in encrypted form.
  • No (the default) means that TDGSS stores the LdapServicePassword in plain text.

For details, see LdapServicePasswordProtected.

LdapSystemFQDN Identifies the FQDN of the tdatSystem directory object, to assist in constructing the DNs of Teradata users and profiles.
LdapBaseFQDN Specifies the FQDN of the directory object that contains directory users and groups, which provides the search base for locating user and group objects.

Not required if the LdapNetworkBaseFQDN is configured. See Configuring Policy-Related Properties for a Global Security Policy and Configuring Policy-Related Properties for a Local Security Policy.

For additional information on configuring LDAP properties, see TDGSS Configuration Files, Valid Settings, and Editing Guidelines.