Teradata GSS provides a large number of LDAP properties to support various directory-based security strategies. Teradata recommends that you start by implementing LDAP authentication for a few users and then add other options, for example, authorization of user privileges in the directory, as needed.
If you only configure LDAP authentication, user privileges are authorized by the database. Authenticated users must have the same username in the database and the directory.
The following LDAP mechanism property settings are required for the authentication-only strategy:
- Make sure that the MechanismEnabled property is set to ‘yes’ (the default)
- Configure the LdapServerName property. See LdapServerName.
The procedure configuring mechanism property values in the TdgssUserConfigFile.xml is shown in Making Changes to the TdgssUserConfigFile.xml on Database Nodes.