tlsmodeldap.md
Enable TLS or LDAPS (the exact protocol used depends on the value of host
in the AUTHENTICATION object) by setting the TLSMODE to one of the following. TRY_VERIFY
or higher requires a CA certificate:
-
ENABLE
: Enables TLS. Vertica does not check the LDAP server's certificate. -
TRY_VERIFY
: Establishes a TLS connection if one of the following is true:-
The LDAP server presents a valid certificate.
-
The LDAP server doesn't present a certificate.
If the LDAP server presents an invalid certificate, a plaintext connection is used.
-
-
VERIFY_CA
: Connection succeeds if Vertica verifies that the LDAP server's certificate is from a trusted CA. Using this TLSMODE forces all connections without a certificate to use plaintext. -
VERIFY_FULL
: Connection succeeds if Vertica verifies that the LDAP server's certificate is from a trusted CA and thecn
(Common Name) orsubjectAltName
attribute matches the hostname or IP address of the LDAP server.The
cn
is used for the username, sosubjectAltName
must match the hostname or IP address of the LDAP server.