16.10 - Identity Search Implementation Process - Teradata Database

Teradata Database Security Administration

prodname
Teradata Database
vrm_release
16.10
created_date
June 2017
category
Administration
Security
featnum
B035-1100-161K
  1. Make sure you understand the format and function of the configuration files. See About the TDGSS Configuration Files.
  2. Create the required identity search in a text editor, such as Notepad. See Configuring an Identity Search.
  3. Use the text editor to add the following items to the authentication mechanism(s) in the TdgssUserConfigFile.xml on Teradata Database nodes and on the Unity server, if used. See Making Changes to the TdgssUserConfigFile.xml on Database Nodes.
    • Add the identity search created in step 2 above.
    • Add the LdapServiceFQDN and LdapServicePassword properties, and configure them as shown in Directory Identification and Search Properties.

      The LdapServicePasswordProtected property indicates whether the password is stored in encrypted form. You do not need to add this property to use the default setting (not protected). If you want to encrypt the password, use the tdspasswd tool to generate an encrypted password for the passphrase that is used to encrypt the private key file.

      You can store the password in plain text, but it is not recommended. If you use plain text, be sure to limit access to the TDGSS configuration files and the TDGSSCONFIG.GDO. See Controlling Access to the Operating System.

      Also see LdapServicePasswordProtected.

  4. If the configuration is not useful, you can revert to the previous configuration. See Returning to an Old Configuration.