16.10 - LdapUserBaseFQDN - Teradata Database

Teradata Database Security Administration

prodname
Teradata Database
vrm_release
16.10
created_date
June 2017
category
Administration
Security
featnum
B035-1100-161K

This property helps narrow the directory search to the children of the object that contains user objects, when LDAP authenticates a user.

Default Property Value

TDGSS initially sets the value of this property to “”for all mechanisms, that is, it does not define an FQDN

Valid Settings

  • “” (default), that is, the property does not specify an object to narrow the search
  • The FQDN of the directory object that contains directory user objects

Supporting Mechanisms for LdapUserBaseFQDN

This property applies to all mechanisms that can specify directory authorization.

Mechanisms that are not listed in the table do not support this property. The Property Editable column indicates if the setting for a property may be edited.
Mechanism Property Editable?
KRB5 May Be Edited
SPNEGO
LDAP
This property appears only in the library configuration file. You must manually add it to the TdgssUserConfigFile.xml before you can configure it. See About Editing Configuration Files.

Editing Guidelines

  • You must set a value for this property if the directory is Active Directory, ADAM, AD LDS or any uncertified LDAPv3-compliant directory. See About Certified Directories
  • The value of the LdapUserBaseFQDN property often corresponds to the value of the identity search or identity map Base attribute, but the Base attribute is not a substitute for the LdapUserBaseFQDN. If you configure an identity search and the search fails, LDAP uses the value of the LdapUserBaseFQDN property. See Optimizing Directory Searches.
  • Edit this property on database nodes and on the Unity server, if used. Also see Coordinating Mechanism Property Values.