This property helps narrow the directory search to the children of the object that contains user objects, when LDAP authenticates a user.
Default Property Value
TDGSS initially sets the value of this property to “”for all mechanisms, that is, it does not define an FQDN
- “” (default), that is, the property does not specify an object to narrow the search
- The FQDN of the directory object that contains directory user objects
Supporting Mechanisms for LdapUserBaseFQDN
This property applies to all mechanisms that can specify directory authorization.
|KRB5||May Be Edited|
- You must set a value for this property if the directory is Active Directory, ADAM, AD LDS or any uncertified LDAPv3-compliant directory. See About Certified Directories
- The value of the LdapUserBaseFQDN property often corresponds to the value of the identity search or identity map Base attribute, but the Base attribute is not a substitute for the LdapUserBaseFQDN. If you configure an identity search and the search fails, LDAP uses the value of the LdapUserBaseFQDN property. See Optimizing Directory Searches.
- Edit this property on database nodes and on the Unity server, if used. Also see Coordinating Mechanism Property Values.