16.10 - Enabling XML-Based IP Restrictions with the ipxml2bin Utility - Teradata Database

Teradata Database Security Administration

Product
Teradata Database
Release Number
16.10
Release Date
June 2017
Content Type
Administration
Security
Publication ID
B035-1100-161K
Language
English (United States)

You must run the ipxml2bin utility to transfer the saved restrictions to the GDO. The utility looks for the file in the /opt/teradata/tdat/tdgss/site directory.

The ipxml2bin syntax is:

ipxml2bin [-f  output_file_name|-G  input_file_name]

where:

The Tdsbind option Specifies...
-f output_file_name

(deprecated)

An alternate file location for the ipxml2bin output, for use when testing the restrictions before committing them to the IP GDO.
-G input_file_name The IP XML document file saved in /site directory.
  1. From the /site directory on the lowest numbered Teradata Database node, run the ipxml2bin utility to commit IP restrictions to the GDO.
    $ ipxml2bin -G  input_file_name 
    Parse successful
    784 bytes written to the ipfilter GDO.

    where input_file_name is the saved IP XML document file.

    The command populates the GDO and distributes it to all database nodes.

  2. Check for errors:
    • XML errors that indicate syntax errors in the IP XML document.
    • Non-XML errors, for example:
      • GDO support not available

        The user specified the -G utility option on a system where PDE is not installed.

      • GDO size limit exceeded; need #, limit #.

        The data in the XML file exceeds the GDO size limit (128K bytes). You must either reduce the amount of data in the XML file or switch to a directory-based solution.

  3. Run the tpareset utility to enable the restrictions.
    This step is only necessary for the initial implementation of IP restrictions, and does not apply to revising the XML document.