TDGSS LdapClientDeref Property | Teradata Vantage - 17.10 - LdapClientDeref - Advanced SQL Engine - Teradata Database

Teradata Vantage™ - Advanced SQL Engine Security Administration

Product
Advanced SQL Engine
Teradata Database
Release Number
17.10
Release Date
July 2021
Content Type
Administration
Security
Publication ID
B035-1100-171K
Language
English (United States)

The LdapClientDeref property tells the directory server what to do with any referral objects it encounters in the directory information tree.

The LdapClientDeref property applies to mechanisms that support referral chasing.

Do not change the default setting for this property without first contacting Teradata Support Center for assistance.

Valid Settings

Setting Description
never (default) Do not chase referrals of any kind to bind the user, even if LdapClientReferrals is set to on (preferred).
always Chase referrals only if the object containing the referral is in the search base.
finding Chase referrals only if the object that contains the referral isthe search base.
searching Chase any referral to any object that is subordinate to the search base. Return any objects found in the referred directory as if they came from the local directory

Editing Guidelines

Do not attempt to reset this value without Teradata Support Center assistance.
  • To set a value, you must manually add this property to the TDGSS configuration file on needed mechanisms. See About Editing Configuration Files.
  • Edit this property on database nodes and on the Unity server, if used. Also see Coordinating Mechanism Property Values for Unity.
  • Use the default setting, never, for all external authentication mechanisms to prevent referral chasing, unless you have a good reason to follow referrals.
  • If LdapClientReferrals is set to yes, use the LdapClientDeref property to tell the directory how to handle the referrals it finds. Also see LdapClientReferrals.