16.10 - Configuring LDAP Properties to Narrow the Search Base - Teradata Database

Teradata Database Security Administration

Product
Teradata Database
Release Number
16.10
Release Date
June 2017
Content Type
Administration
Security
Publication ID
B035-1100-161K
Language
English (United States)

You can configure certain LDAP properties on database nodes, and on the Unity server, if used, to help narrow the search base for directory objects to the children of specified parent objects, rather than searching the entire directory.

This feature is not dependent upon bind type.
  1. Make changes to the TdgssUserConfigFile.xml as shown in Making Changes to the TdgssUserConfigFile.xml on Database Nodes.
  2. Edit the LDAP needed search properties to enhance searches.

where:

Property Description
LdapGroupBaseFQDN Contains the FQDN of the directory object that contains group objects.

When you authorize database users in a directory, you have the option to create role objects in the directory, and then map them to groups with user members. You can configure the LdapGroupBaseFQDN property to enhance the search for directory groups and speed user authorization.

See LdapGroupBaseFQDN.

LdapUserBaseFQDN Contains the FQDN of a directory group object that contains directory user objects.

You can configure this property to narrow the search base for directory users to enhance user authentication.

See LdapUserBaseFQDN.