16.10 - LdapAllowUnsafeServerConnect - Teradata Database

Teradata Database Security Administration

Product
Teradata Database
Release Number
16.10
Release Date
June 2017
Content Type
Administration
Security
Publication ID
B035-1100-161K
Language
English (United States)

The setting of the LdapAllowUnsafeServerConnect property is based on whether the directory supports IETF RFC 5746 “Transport Layer Security (TLS) Renegotiation Indication Extension.” Older directory software versions may not support this standard. Teradata Database software can operate with either a supporting or non-supporting directory, depending on the property setting.

This property is applicable only for systems that use simple binding and SSL or TLS protection.

Default Property Value

The default setting is yes, that is, Teradata Database operates with directories that do not support IETF RFC 5746.

Valid Settings

Setting Description
"yes" (default) Allows connection to the database using directories that do not support IETF RFC 5746.
"no" Requires that the directory support IETF RFC 5746 to connect to the database.

Supporting Mechanisms for LdapClientTlsCRLCheck

Mechanisms that are not listed in the table do not support this property. The Property Editable column indicates if the setting for a property may be edited.
Mechanism Property Editable?
KRB5 May Be Edited
SPNEGO
LDAP
To set a value, you must manually add this property to the TdgssUserConfigFile.xml for the needed mechanisms. See About Editing Configuration Files.

Editing Guidelines

  • Edit this property on the database and on Unity, if used. Also see Coordinating Mechanism Property Values for Unity.
  • Although you can configure this property only in the LDAP mechanism, the setting applies to all external authentication mechanisms.
  • Before changing the default property value, make sure your directory software supports IETF RFC 5746 “Transport Layer Security (TLS) Renegotiation Indication Extension.” Consult your directory software vendor for details.