This property helps LDAP narrow the directory search during user authorization, when directory groups are mapped to one or more Teradata Database external roles.
For additional information on optimizing directory searches, see Configuring LDAP Properties to Narrow the Search Base.
- “” (default), that is, the property does not specify an object to narrow the search
- The FQDN of a directory object that contains the group objects that map to Teradata Database role objects in the directory.
Supporting Mechanisms for LdapGroupBaseFQDN
|KRB5||May Be Edited|
- You should specify a value for LdapGroupBaseFQDN if the AuthorizationSupported property for the mechanism is set to yes.
- For best results, set the value of LdapGroupBaseFQDN to the FQDN of an object one level higher in the directory tree than the highest level group object that maps to Teradata Database external role objects.
- If you do not edit the default value for this property (“”), LDAP uses the value of the LdapBaseFQDN to search the directory, however, because LdapBaseFQDN is deprecated, this approach is not recommended.
- Edit this property on database nodes and on the Unity server, if used. Also see Coordinating Mechanism Property Values.