16.10 - LdapClientMechanism - Teradata Database

Teradata Database Security Administration

prodname
Teradata Database
vrm_release
16.10
created_date
June 2017
category
Administration
Security
featnum
B035-1100-161K

The LdapClientMechanism property specifies the bind type TDGSS must use to bind the user, during LDAP user authentication. See LDAP Binding Options.

Valid Settings

  • sasl/digest-md5 (default)
    Although the sasl/digest-md5 setting is the default (for legacy compatibility), it is not recommended for use.
  • simple (recommended)

Supporting Mechanisms

The LdapClientMechanism property appears by default in the library configuration file for the LDAP mechanism. Other mechanisms do not support this property.

To reset the value from the default, you must manually add this property to the TdgssUserConfigFile.xml for the LDAP mechanism. See About Editing Configuration Files.

Editing Guidelines

  • Edit this property on database nodes and on the Unity server, if used. Also see Coordinating Mechanism Property Values.
  • Change the setting to simple to support simple binds.
  • Regardless of the LdapClientMechanism setting, Teradata strongly recommends that you also setup SSL or TLS protection to guard against man-in-the-middle and other attacks. See SSL/TLS Protection Options.