16.10 - LdapClientMechanism - Teradata Database

Teradata Database Security Administration

Teradata Database
Release Number
Release Date
June 2017
Content Type
Publication ID
English (United States)

The LdapClientMechanism property specifies the bind type TDGSS must use to bind the user, during LDAP user authentication. See LDAP Binding Options.

Valid Settings

  • sasl/digest-md5 (default)
    Although the sasl/digest-md5 setting is the default (for legacy compatibility), it is not recommended for use.
  • simple (recommended)

Supporting Mechanisms

The LdapClientMechanism property appears by default in the library configuration file for the LDAP mechanism. Other mechanisms do not support this property.

To reset the value from the default, you must manually add this property to the TdgssUserConfigFile.xml for the LDAP mechanism. See About Editing Configuration Files.

Editing Guidelines

  • Edit this property on database nodes and on the Unity server, if used. Also see Coordinating Mechanism Property Values.
  • Change the setting to simple to support simple binds.
  • Regardless of the LdapClientMechanism setting, Teradata strongly recommends that you also setup SSL or TLS protection to guard against man-in-the-middle and other attacks. See SSL/TLS Protection Options.