LDAP Properties for Narrowing Search Base | Teradata Vantage - 17.20 - Configuring LDAP Properties to Narrow the Search Base - Analytics Database - Teradata Vantage

Teradata Vantage™ - Analytics Database Security Administration - 17.20

Deployment
VantageCloud
VantageCore
Edition
Enterprise
IntelliFlex
VMware
Product
Analytics Database
Teradata Vantage
Release Number
17.20
Published
June 2022
Language
English (United States)
Last Update
2023-03-07
dita:mapPath
hjo1628096075471.ditamap
dita:ditavalPath
qkf1628213546010.ditaval
dita:id
zuy1472246340572

You can configure certain LDAP properties on database nodes to help narrow the search base for directory objects to the children of specified parent objects, rather than searching the entire directory.

This feature is not dependent upon bind type.
  1. Make changes to the TdgssUserConfigFile.xml as shown in Making Changes to TdgssUserConfigFile.xml on Database Nodes.
  2. Edit the LDAP needed search properties to enhance searches.

where:

Property Description
LdapGroupBaseFQDN Contains the FQDN of the directory object that contains group objects.

When you authorize database users in a directory, you have the option to create role objects in the directory, and then map them to groups with user members. You can configure the LdapGroupBaseFQDN property to enhance the search for directory groups and speed user authorization.

See LdapGroupBaseFQDN.

LdapUserBaseFQDN Contains the FQDN of a directory group object that contains directory user objects.

You can configure this property to narrow the search base for directory users to enhance user authentication.

See LdapUserBaseFQDN.