All Forums Teradata Studio
sl186029 3 posts Joined 09/12
07 Feb 2014
Teradata Embedded JDBC driver includes encryption?

Hello,
From what I have read about similar topics in this forum, it looks like the JDBC driver can be configured with "Password_Protected", "LDAP" and "KRB5". Should I assume that this also means encrypted LDAP (LDAPS)? Does the Teradata JDBC driver accept what in the TD GSS configuration file is configured? I.e.  LDAPS port 636 with a Service Account and SSL/TLS trusted connection.
Thanks.
Regards
Salvatore ILardo

tomnolan 594 posts Joined 01/08
07 Feb 2014

LDAP authentication occurs on the server-side by the Teradata Database Gateway. It is not a function of the client-side Teradata Studio or client-side Teradata JDBC Driver.
 
Here is the response from the Teradata Database Gateway team:
 
We do support LDAP through SSL. It's 100% server-side so there should be no issue using the Teradata JDBC Driver with an SSL-enabled LDAP mechanism.  Whether we use SSL, TLS, or nothing at all has no impact on the token exchange.  And since it's all server-side, this is a detail that is completely opaque to the client side. 
 
There are two server-side (Teradata Database or Unity Director) configuration choices:
1. Configure the LdapServerName property to contain an LDAPS URL, e.g. ldaps://myserver.mycorp.com/
2. Configure the LdapServerName property to contain a normal LDAP URL, e.g. ldap://myserver.mycorp.com/ along with setting the LdapClientUseTls property to yes.
 
#2 is the method we consider a best practice for because LDAPS was deprecated by the LDAPv3 standard.  But the operative word is deprecated, not complete withdrawal of the capability.
 

sl186029 3 posts Joined 09/12
08 Feb 2014

Thanks.
Salvatore ILardo

You must sign in to leave a comment.