TDGSS LdapSystemFQDN Property | Teradata Vantage - LdapSystemFQDN - Advanced SQL Engine - Teradata Database

Security Administration

Product
Advanced SQL Engine
Teradata Database
Release Number
17.10
Published
July 2021
Language
English (United States)
Last Update
2022-02-15
dita:mapPath
ppz1593203596223.ditamap
dita:ditavalPath
wrg1590696035526.ditaval
dita:id
B035-1100
lifecycle
previous
Product Category
Teradata Vantage™

The LdapSystemFQDN property identifies the FQDN of the tdatSystem object that is the parent of the structure used for LDAP user authorization. This information helps LDAP locate objects and mappings applicable to the system without making a deep search of the directory.

This value is useful only when the AuthorizationSupported property is set to yes.

Valid Settings

  • “” (default), that is, the property does not specify an object to help the search
  • The FQDN of a tdatSystem directory object.

For information about the tdatSystem object, see Creating the Top-Level Objects in the DIT.

Editing Guidelines

  • The LdapSystemFQDN property appears by default only in the LDAP mechanism. You must add the LdapSystemFQDN to the TDGSS configuration file and specify a value for any mechanism where AuthorizationSupported=yes, including KRB5 and SPNEGO. See Changing the TDGSS Configuration.
  • You must set a value for the LdapSystemFQDN property in any authentication mechanism that has the AuthorizationSupported property set to yes.
  • If the directory serves one Teradata Vantage system, the LdapSystemFQDN properties configured on that system name the tdatSystem object that represents the system.
  • If the directory serves multiple Vantage systems, the LdapSystemFQDN on each system points to the tdatSystem object that contains the authorization structure for the system. Several database systems can point to the same tdatSystem object if they have identical authorization requirements.
  • If users log on only through Unity, the Unity server must point to the tdatSystem object that contains the LDAP authorization structure.
  • If users can log on through Unity and directly to database systems, each logon must point to the tdatSystem object that contains its authorization structure. Also see Coordinating Mechanism Property Values for Unity.