16.10 - LdapClientDeref - Teradata Database

Teradata Database Security Administration

prodname
Teradata Database
vrm_release
16.10
created_date
June 2017
category
Administration
Security
featnum
B035-1100-161K

The LdapClientDeref property tells the directory server what to do with any referral objects it encounters in the directory information tree.

Do not change the default setting for this property without first contacting Teradata Support Center for assistance.

Valid Settings

Setting Description
never (default) Do not chase referrals of any kind to bind the user, even if LdapClientReferrals is set to on (preferred).
always Chase referrals only if the object containing the referral is in the search base.
finding Chase referrals only if the object that contains the referral isthe search base.
searching Chase any referral to any object that is subordinate to the search base. Return any objects found in the referred directory as if they came from the local directory

Supporting Mechanisms for LdapClientDeref

The LdapClientDeref property applies to mechanisms that support referral chasing.

Mechanisms that are not listed in the table do not support this property. The Property Editable column indicates if the setting for a property may be edited.
Mechanism Property Editable?
KRB5 Do not attempt to reset this value without Teradata Support Center assistance.
SPNEGO
LDAP
To set a value, you must manually add this property to the TdgssUserConfigFile.xml on needed mechanisms. See About Editing Configuration Files.

Editing Guidelines

  • Edit this property on database nodes and on the Unity server, if used. Also see Coordinating Mechanism Property Values.
  • Use the default setting, never, for all external authentication mechanisms to prevent referral chasing, unless you have a good reason to follow referrals.
  • If LdapClientReferrals is set to yes, use the LdapClientDeref property to tell the directory how to handle the referrals it finds. Also see LdapClientReferrals.