16.10 - Standard LDAP Properties Used for All Policy Configurations - Teradata Database

Teradata Database Security Administration

Product
Teradata Database
Release Number
16.10
Release Date
June 2017
Content Type
Administration
Security
Publication ID
B035-1100-161K
Language
English (United States)

You can configure the following properties for any Service element (directory) that contains a security policy structure. When adding Policy elements to services previously configured for LDAP authentication, you may find that some of these properties are already configured. For information on configuring Service elements for LDAP, see Configuring LDAP to Use Multiple Directory Services.

Property Name Description
LdapServerName Required, Identifies the directory that contains the policy being configured.

Must be a valid URI or DNS SRV RR specification. For details, see LdapServerName.

LdapServiceFQDN Required unless the service is anonymously readable. Identifies the bindable object in the directory that represents the service identity, that is, the Teradata Database system or Unity server that contains the TdgssUserConfigFile.xml that is being configured. For details, see LdapServiceFQDN.
Directories that serve multiple Teradata Database systems should contain a separate bindable object for each system and for the Unity server, if used.
LdapServicePassword If your site security policy requires a password for the service FQDN, configure a password as the value of this property. For details, see LdapServicePassword.
LdapServicePasswordProtected Indicates whether the LDAP service password (if used) is encrypted.
  • Yes means that TDGSS stores the LdapServicePassword in encrypted form.
  • No (the default) means that TDGSS stores the LdapServicePassword in plain text.

For details, see LdapServicePasswordProtected.

LdapSystemFQDN Identifies the FQDN of the tdatSystem directory object, to assist in constructing the DNs of Teradata users and profiles.
LdapBaseFQDN Specifies the FQDN of the directory object that contains directory users and groups, which provides the search base for locating user and group objects.

Not required if the LdapNetworkBaseFQDN is configured. See Configuring Policy-Related Properties for a Global Security Policy and Configuring Policy-Related Properties for a Local Security Policy.

For additional information on configuring LDAP properties, see TDGSS Configuration Files, Valid Settings, and Editing Guidelines.