LDAP Properties for Narrowing Search Base | Teradata Vantage - Configuring LDAP Properties to Narrow the Search Base - Advanced SQL Engine - Teradata Database

Security Administration

Product
Advanced SQL Engine
Teradata Database
Release Number
17.05
17.00
Published
September 2020
Language
English (United States)
Last Update
2021-01-23
dita:mapPath
ied1556235912841.ditamap
dita:ditavalPath
lze1555437562152.ditaval
dita:id
B035-1100
lifecycle
previous
Product Category
Teradata Vantageā„¢

You can configure certain LDAP properties on database nodes, and on the Unity server, if used, to help narrow the search base for directory objects to the children of specified parent objects, rather than searching the entire directory.

This feature is not dependent upon bind type.
  1. Make changes to the TdgssUserConfigFile.xml as shown in Making Changes to TdgssUserConfigFile.xml on Database Nodes.
  2. Edit the LDAP needed search properties to enhance searches.

where:

Property Description
LdapGroupBaseFQDN Contains the FQDN of the directory object that contains group objects.

When you authorize database users in a directory, you have the option to create role objects in the directory, and then map them to groups with user members. You can configure the LdapGroupBaseFQDN property to enhance the search for directory groups and speed user authorization.

See LdapGroupBaseFQDN.

LdapUserBaseFQDN Contains the FQDN of a directory group object that contains directory user objects.

You can configure this property to narrow the search base for directory users to enhance user authentication.

See LdapUserBaseFQDN.