16.10 - LdapSystemFQDN - Teradata Database

Teradata Database Security Administration

prodname
Teradata Database
vrm_release
16.10
created_date
June 2017
category
Administration
Security
featnum
B035-1100-161K

The LdapSystemFQDN property identifies the FQDN of the tdatSystem object that is the parent of the structure used for LDAP user authorization. This information helps LDAP locate objects and mappings applicable to the system without making a deep search of the directory.

This value is useful only when the AuthorizationSupported property is set to yes.

Valid Settings

  • “” (default), that is, the property does not specify an object to help the search
  • The FQDN of a tdatSystem directory object.

For information about the tdatSystem object, see Creating the Top Level Objects in the DIT.

Supporting Mechanisms for LdapSystemFQDN

Mechanisms that are not listed in the table do not support this property. The Property Editable column indicates if the setting for a property may be edited.
Mechanism Property Editable?
KRB5 May Be Edited
SPNEGO
LDAP
The LdapSystemFQDN property appears by default only in the LDAP mechanism. You must add the LdapSystemFQDN to the TdgssUserConfigFile.xml and specify a value for any mechanism where AuthorizationSupported=yes, including KRB5 and SPNEGO. See Changing the TDGSS Configuration.

Editing Guidelines

  • You must set a value for the LdapSystemFQDN property in any authentication mechanism that has the AuthorizationSupported property set to yes.
  • If the directory serves one Teradata Database system, the LdapSystemFQDN properties configured on that system name the tdatSystem object that represents the system.
  • If the directory serves multiple Teradata Database systems, the LdapSystemFQDN on each system points to the tdatSystem object that contains the authorization structure for the system. Several database systems can point to the same tdatSystem object if they have identical authorization requirements.
  • If users log on only through Unity, the Unity server must point to the tdatSystem object that contains the LDAP authorization structure.
  • If users can log on through Unity and directly to database systems, each logon must point to the tdatSystem object that contains its authorization structure. Also see Coordinating Mechanism Property Values.