How to solve Teradata LDAP configuration error Major status 0x000d0000 - Failure Minor status 0xe3000233 - No matching canonicalizations available?

Question

I am trying to config the Teradata with LDAP windows server 2016. I have configured the /opt/teradata/tdat/tdgss/site/TdgssUserConfigFile.xml correctly. When I try to run the test with /opt/teradata/tdgss/bin/tdgsstestcfg and use command /opt/teradata/tdgss/bin/tdgssauth -u my_name -m ldap -i 123.123.123.123 I see this error

*** WARNING: Running as root may affect the ability of this tool to detect
***          certain kinds of errors involving file permissions.  It is
***          recommended that the tool be run as the user under which the
***          gateway or Unity runs.

Please enter a password:

The TDGSS function tdgss_accept_sec_context returned an error
  Major status 0x000d0000 - Failure
  Minor status 0xe3000233 - No matching canonicalizations available.

I have tried everything and am not able to fix this error. I just found this TD question which is not clear enough about the solution. Please Advise I have been struggling with this for the last 5 days. Thanks.

Thoughts: I am not sure if the issue is with the LDAP server configuration on Teradata or if it's the issue of the Windows server LDAP setup. As the same setup of Teradata TdgssUserConfigFile.xml with old LDAP it work.

----------------      UPDATE  ---------------------

I have installed the Teradata Vantage 17.20 on the Localhost VMware player. I still face errors in the same stage. Now the error message is different.

The TDGSS function tdgss_accept_sec_context returned an error
  Major status 0x000d0000 - Failure
  Minor status 0xe3000232 - Error in the acquired cache entry.

This is my configuration settings this helps to find the core problem here.

                CredentialUsage="0"
                LdapClientMechanism="simple"
                LdapClientUseTls="no"
                LdapServicePasswordProtected="yes"             
   LdapServiceFQDN="cn=tauqer,ou=Users,ou=TDLDAP,dc=mydomain,dc=ldap"
LdapServerName="123.123.123.123"
                LdapServerPort="389"
                LdapServerRealm="mydomain.ldap"
          
 LdapSystemFQDN="cn=tauqer,ou=Users,ou=TDLDAP,dc=mydomain,dc=ldap"
                LdapServicePassword="configured"
                LdapServiceBindRequired="yes"

/>
                <IdentitySearch
                Match="(.*)"
                Base="dc=ncratleos,dc=ldap"
                Scope="subtree"
                Filter="(sAMAccountName=${1})"
                />

                <AuthSearch
                  ObjectClass="Groups"
                  Scope="subtree"
                  NamingAttribute="cn"
                  Base="dc=ncratleos,dc=ldap"
                 >
               <AuthSearchMap Match="regex" Pattern=".*"
                >
               </AuthSearchMap>
               </AuthSearch>

I am using the Windows Server 2016 LDAP. Please help me to find this issue. I am sure the issue is related to my configuration.

Answer 1

I am not sure if it is a bug or if it is supposed to work that way. in my config file, I added LdapClientUseTls="no"Somehow this was not working and in the error log

gtwBindAddressList.cpp @110 (67123528): Thu Feb 15 03:38:55 2024bind IP(::) port(443), successful without listen, gateway will listen to this port after installing a valid cert/key pair.

The only option that worked was to delete LdapClientUserTls line completely. After that create a Password

/opt/teradata/tdgss/bin # ./tdspasswd

Add that password in the config file with the place

LdapServicePassword="configured"

Now everything should work. It took 6 days to figure it out. I wish Documentation is more clear on this.