The distinguished name (DN) that HPE Community Component uses to access the group object when you authenticate with an LDAP security repository, and you use GroupDN to specify a group that the user must belong to.

By default, HPE Community Component uses the security details of the user who is logging on to the LDAP server to retrieve details stored in the group that you specify with GroupDN. You must set BaseDN if the user does not have permission to retrieve the details in the group object.

If you have set KeyUserName, HPE Community Component also uses the BaseDN user to bind to the LDAP server and search for a user. In this case, you must set BaseDN if the LDAP server does not allow anonymous binding.

If you set BaseDN, you must specify a BaseDNPassword.


When you are using a Kerberized LDAP server, set BaseDN to the name of a user who can get a Ticket-Granting-Ticket within Kerberos, and BaseDNPassword to the password for this user.

Type: String
Required: No
Configuration Section: MySecurityRepository
Example: BaseDN=Distinguished Name
See Also: BaseDNPassword