16.10 - Configuring the Directory Services - Teradata Database

Teradata Database Security Administration

prodname
Teradata Database
vrm_release
16.10
created_date
June 2017
category
Administration
Security
featnum
B035-1100-161K

You can refer to the example configuration in Use Case for Configuring Global and Local Security Policies as an aid in understanding configuration steps.

To ensure uninterrupted operation, configure duplicate security policies in a backup directory and configure the LdapServerName property to automatically switch to the alternate directory in the event of failure. See LdapServerName.
  1. Add the <LdapConfig> section to the TdgssUserConfigFile.xml on Teradata Database nodes, and on the Unity server, if used. See Adding Multiple Directory Services to the TDGSS Configuration. Use this procedure for configuring security policies even if you have only one directory service to configure.
    If you have already configured multiple directory services in an <LdapConfig> section for LDAP authentication (as shown in Configuring LDAP to Use Multiple Directory Services), the existing configuration contains many of the elements necessary for policy configuration. You only need to add the required policy-related elements to the configuration.
    1. Open the TdgssUserConfigFile.xml for editing.
    2. Disable the existing LDAP mechanism, saving property settings for use in the <LdapConfig> section.
    3. Create the <LdapConfig> section.
    4. Add the optional <Tls> section, if required at your site. See Chapter 20 SSL/TLS Protection Options.
  2. Configure an entry for each directory service using the standard LDAP properties needed for security policies. See Standard LDAP Properties Used for All Policy Configurations.
  3. Optionally configure a service element for a global security policy. See Configuring Policy-Related Properties for a Global Security Policy.
  4. Add the necessary policy-specific properties to each local service. See Configuring Policy-Related Properties for a Local Security Policy.
  5. After you complete the required edits to the TdgssUserConfigFile.xml, run the run_tdgssconfig utility to update the TDGSSCONFIG GDO.
    /opt/teradata/tdgss/bin/run_tdgssconfig
  6. Test the policy configuration using the tdspolicy tool. See Investigating Security Policy Assignments.
  7. Run tpareset to activate the changes to the TDGSS configuration.
    tpareset -f “use updated TDGSSCONFIG GDO”