16.10 - LdapClientReferrals - Teradata Database

Teradata Database Security Administration

prodname
Teradata Database
vrm_release
16.10
created_date
June 2017
category
Administration
Security
featnum
B035-1100-161K

The setting of the LdapClientReferrals property determines whether TDGSS chases any referrals the directory presents. The directory makes referrals when the user DN that TDGSS sends to the directory is ambiguous, that is, when the DN conforms to more than one directory naming context. When the value of LdapClientReferrals is set to on, TDGSS searches the directory for each naming context (referral) it receives.

Do not enable this property without first contacting Teradata Customer Service for assistance.

For additional information on chasing referrals, see Optimizing Directory Searches.

Valid Settings

Setting Description
off (default) TDGSS does not chase referrals
on TDGSS chases referrals

Supporting Mechanisms for LdapClientReferrals

The LdapClientReferrals property applies to any mechanism that searches for users in a directory.

Mechanisms that are not listed in the table do not support this property. The Property Editable column indicates if the setting for a property may be edited.
Mechanism Property Editable?
KRB5 May Be Edited
SPNEGO
LDAP
To set a value, you must manually add this property to the TdgssUserConfigFile.xml on the mechanisms that require it. See About Editing Configuration Files.

Editing Guidelines

  • Edit this property on database nodes and on the Unity server, if used. Also see Coordinating Mechanism Property Values.
  • The recommended setting is off.
  • If you use referral chasing, you should review the function of the LdapClientDeref property, which tells the directory how to process referrals, and configure it, if required.