SSO Integration through site minder or LDAP

Connectivity
Enthusiast

SSO Integration through site minder or LDAP

In our project setup BO uses hard coded user id and password to fetch the data from teradata.
So for each user the generic ID is there in DBQL.

Now we want to integrate the SSO authentication either using LDAP or site minder.
Like if user ABC is the entered from BO then the same id should be there in DBQL rather then generic id.

Any Idea ?

Regards,
Subhash

7 REPLIES
Enthusiast

Re: SSO Integration through site minder or LDAP

Or can provide me the link or any URL for the same........
Enthusiast

Re: SSO Integration through site minder or LDAP

Check the Teradata Security Administration pdf in documentation set, TeraGSS package on Teradata node can be configured to accept LDAP/Kerbros/TD2 authentications. Once enabled LDAP authentication on Teradata node (change tdgssuserconfigfile.xml ldap section pointing to ldap server, get SSL enabled if site secure policy requires so, you may need Teradata GSC involved to properly configure your teragss xml file, coz there were quite a few flags and properties are not clearly presented in the teradata documentation and run teragssconfig and tpareset) , the business object software can be configured to use LDAP. For kerbros, there was a internal flag in BO that you can set to make it passing kerbros. But I do not have that information in hand. I can go back check my notes.
Enthusiast

Re: SSO Integration through site minder or LDAP

Great.....
I will check this PDF and can you please check and let me know the further information.

Effort is appreciated....

Enthusiast

Re: SSO Integration through site minder or LDAP

Great.....
I will check this PDF and can you please check and let me know the further information.

Effort is appreciated....

Enthusiast

Re: SSO Integration through site minder or LDAP

Hello,

I neither do get LDAP working in my environment.

I've a simple LDAP service on Win2K3 and trying to authenticate users thouth this ldap on SUSE and MPRAS Teradata v12 platforms.

tdsbind is working great but bteq is giving me the generic SOO logon failed by gateway.

Please is anyone was able to do that and how?

My basic actions were:

1. modify the TdgssUserconfigFile.xml
2. run_tdgssconfig
3. tpareset as in the documentation
4. created a user granted with null password

and tried with some
.logmech ldap
.logdata authcid... password ...

with no success

Thanks for any advice/help

JW

Re: SSO Integration through site minder or LDAP

Hi JW,

I'm having the same issue.  I also am able to do a tdsbind.  Did you ever find a solution?

Thanks, Nathan

Enthusiast

Re: SSO Integration through site minder or LDAP

Ok, Bob Walpole (Teradata) helped me get connected.  HE IS THE MAN!

Here's what I learned:

1) Need to run gtwcontrol -d on the node and make sure:

External Authentication: on

Append Domain Name: no

2) Need to grant null password logons like this:

GRANT LOGON ON ALL TO [UserID] WITH NULL PASSWORD;

3) When you configure TdgssUserConfigFile.xml:

Set AuthorizationSupported="no"

4) Make sure you can ping your ldap server.  If not add the ip and name to your /etc/hosts file.

5) Configure the TdgssUserConfigFile.xml on the node not the client.

For our installation it's at /opt/teradata/tdat/tdgss/site/

Good luck getting connected and God bless you.