LDAP Properties for Narrowing Search Base | Teradata Vantage - 17.10 - Configuring LDAP Properties to Narrow the Search Base - Advanced SQL Engine - Teradata Database

Teradata Vantage™ - Advanced SQL Engine Security Administration

Product
Advanced SQL Engine
Teradata Database
Release Number
17.10
Release Date
July 2021
Content Type
Administration
Security
Publication ID
B035-1100-171K
Language
English (United States)

You can configure certain LDAP properties on database nodes, and on the Unity server, if used, to help narrow the search base for directory objects to the children of specified parent objects, rather than searching the entire directory.

This feature is not dependent upon bind type.
  1. Make changes to the TdgssUserConfigFile.xml as shown in Making Changes to TdgssUserConfigFile.xml on Database Nodes.
  2. Edit the LDAP needed search properties to enhance searches.

where:

Property Description
LdapGroupBaseFQDN Contains the FQDN of the directory object that contains group objects.

When you authorize database users in a directory, you have the option to create role objects in the directory, and then map them to groups with user members. You can configure the LdapGroupBaseFQDN property to enhance the search for directory groups and speed user authorization.

See LdapGroupBaseFQDN.

LdapUserBaseFQDN Contains the FQDN of a directory group object that contains directory user objects.

You can configure this property to narrow the search base for directory users to enhance user authentication.

See LdapUserBaseFQDN.