From what I have read about similar topics in this forum, it looks like the JDBC driver can be configured with "Password_Protected", "LDAP" and "KRB5". Should I assume that this also means encrypted LDAP (LDAPS)? Does the Teradata JDBC driver accept what in the TD GSS configuration file is configured? I.e. LDAPS port 636 with a Service Account and SSL/TLS trusted connection.
LDAP authentication occurs on the server-side by the Teradata Database Gateway. It is not a function of the client-side Teradata Studio or client-side Teradata JDBC Driver.
Here is the response from the Teradata Database Gateway team:
We do support LDAP through SSL. It's 100% server-side so there should be no issue using the Teradata JDBC Driver with an SSL-enabled LDAP mechanism. Whether we use SSL, TLS, or nothing at all has no impact on the token exchange. And since it's all server-side, this is a detail that is completely opaque to the client side.
There are two server-side (Teradata Database or Unity Director) configuration choices:
1. Configure the LdapServerName property to contain an LDAPS URL, e.g. ldaps://myserver.mycorp.com/
2. Configure the LdapServerName property to contain a normal LDAP URL, e.g. ldap://myserver.mycorp.com/ along with setting the LdapClientUseTls property to yes.
#2 is the method we consider a best practice for because LDAPS was deprecated by the LDAPv3 standard. But the operative word is deprecated, not complete withdrawal of the capability.