For authenticating user and determing the roles given to this user, Hudson performs multiple LDAP queries. Since an LDAP database is conceptually a big tree and the search is performed recursively, in theory if we can start a search starting at a sub-node (as opposed to root), you get a better performance because it narrows down the scope of a search. This field specifies the DN of such a subtree.

But in practice, LDAP servers maintain an extensive index over the data, so specifying this field is rarely necessary — you should just let Hudson figure this out by talking to LDAP.

If you do specify this value, the field normally looks something like "dc=sun,dc=com"