Directory Service Setup in the TdgssUserConfigFile.xml - Advanced SQL Engine - Teradata Database

Security Administration

Product
Advanced SQL Engine
Teradata Database
Release Number
17.05
17.00
Published
September 2020
Language
English (United States)
Last Update
2021-01-23
dita:mapPath
ied1556235912841.ditamap
dita:ditavalPath
lze1555437562152.ditaval
dita:id
B035-1100
lifecycle
previous
Product Category
Teradata Vantageā„¢

The following example shows the configuration of the three directory services in the <LdapConfig> section of the TdgssUserConfigFile.xml

The basic configuration structure required for defining security policies may have already been set up as part of configuring LDAP authentication using multiple directory services. See Configuring LDAP to Use Multiple Directory Services.
<LdapConfig>

    <Tls .../>

    <Services>

        <Service
            Id="hrsvc"
            LdapServerName="_ldap._tcp.hr.domain.com"
            LdapBaseFQDN="dc=hr,dc=domain,dc=com"
            LdapServiceFQDN="uid=dbcsvc,ou=services,dc=hr,dc=domain,  dc=com"
            LdapServicePassword="secret"
            .../>

        <Service
            Id="devsvc"
            LdapServerName="_ldap._tcp.dev.domain.com"
            LdapBaseFQDN="dc=dev,dc=domain,dc=com"
            LdapServiceFQDN="uid=dbcsvc,ou=services,dc=dev,dc=domain,  dc=com"
            LdapServicePassword="secret"
            .../>

        <Service
            Id="mktsvc"
            LdapServerName="_ldap._tcp.mkt.domain.com"
            LdapBaseFQDN="dc=mkt,dc=domain,dc=com"
            LdapServiceFQDN="uid=dbcsvc,ou=services,dc=mkt,dc=domain,  dc=com"
            LdapServicePassword="secret"
            .../>

    </Services>

    <Canonicalizations>

        <IdentitySearch
            Ref="hrsvc"
            Match="hr_(.+)"
            Base="dc=hr,dc=domain,dc=com"
            Filter="(uid=${1})"
            Scope="subtree"
            DatabaseName="${1}"/>

        <IdentitySearch
            Ref="devsvc"
            Match="dev_(.+)"
            Base="dc=dev,dc=domain,dc=com"
            Filter="(uid=${1})"
            Scope="subtree"
            DatabaseName="${1}"/>

        <IdentitySearch
            Ref="mktsvc"
            Match="mkt_(.+)"
            Base="dc=mkt,dc=domain,dc=com"
            Filter="(uid=${1})"
            Scope="subtree"
            DatabaseName="${1}"/>

    </Canonicalizations>

</LdapConfig>