https://communities.sas.com/t5/Administration-and-Deployment/How-do-I-configure-Multiple-LDAP-Server-for-Metadata-Server-with/m-p/459913#M13035 <P>I suppose you might want to think about the higher intent here and try provide some more details.</P> <P>&nbsp;</P> <P>What is the problem you are attempting to solve, try provide some context.</P> <P>&nbsp;</P> <P>eg. The company I work for just aquired a new company. Users are now split across two active directory domains which are not in the same forest. The SAS team need to update our existing configuration to allow users from both Active Directory domains to be autheticated and use SAS using their existing domain accounts. How might we configure the SAS Metadata Server to authenitcate users from two different Active Directory domains?</P> <P>&nbsp;</P> <P>If its something like two district Active Directory setups then I'd not use the LDAP bits inside SAS but rather configure sasauth to use PAM then simply just have my Linux/UNIX system administrators ensure the krb5 configuration on that system is able to talk to both KDCs for those two realms and SAS will seamlessly authenticate both annie@REALMA.COMPANY and bob@REALMB.COMPANY if the krb5 configuration is correct.</P> Fri, 04 May 2018 03:20:00 GMT SimonDawson 2018-05-04T03:20:00Z https://communities.sas.com/t5/Administration-and-Deployment/How-do-I-configure-Multiple-LDAP-Server-for-Metadata-Server-with/m-p/458703#M12988 <P>I tried to configure two LDAP Server with different hosts with the documentation <A href="http://documentation.sas.com/?docsetId=bisecag&amp;docsetTarget=n0w8oa3erw568vn192xwf0872npk.htm&amp;docsetVersion=9.4&amp;locale=de" target="_blank">http://documentation.sas.com/?docsetId=bisecag&amp;docsetTarget=n0w8oa3erw568vn192xwf0872npk.htm&amp;docsetVersion=9.4&amp;locale=de</A></P><P>My configuration is like this:</P><PRE><CODE class=" language-sas">-authproviderdomain (LDAP:Name1, LDAP:Name2) -primpd Name1 -set LDAP_PRIV_DN_Name2 "..." -set LDAP_PRIV_PW_Name2 "..." -set LDAP_BASE_Name2 "..." -set LDAP_HOST_Name2 "..." -set LDAP_PORT "636" -set LDAP_TLSMODE "1" -set LDAP_PRIV_DN_Name1 "..." -set LDAP_PRIV_PW_Name1 "..." -set LDAP_BASE_Name1 "..." -set LDAP_HOST_Name1 "..." -set LDAP_IDATTR_Name1 "racfid"</CODE></PRE><P>But it didn't work. I got the ERROR message:</P><PRE><CODE class=" language-sas">2018-04-30T17:31:47,872 ERROR [00000020] :sasadm - Unable to authenticate due to missing environment variable: LDAP_HOST.</CODE></PRE><P>Any ideas?</P> Mon, 30 Apr 2018 15:41:23 GMT https://communities.sas.com/t5/Administration-and-Deployment/How-do-I-configure-Multiple-LDAP-Server-for-Metadata-Server-with/m-p/458703#M12988 eddi 2018-04-30T15:41:23Z https://communities.sas.com/t5/Administration-and-Deployment/How-do-I-configure-Multiple-LDAP-Server-for-Metadata-Server-with/m-p/458959#M12994 <P>The SAS metadata server can only connect to on LDAP server. You'd need to provide a single LDAP endpoint that can provide a view of more than one directory tree. This is possible in the Microsoft AD space by joining domains under and single forest and querying the global catalogue.&nbsp;A Google search shows there are some software solutions that can provide a virtual directory backed by more than one LDAP tree, this is a potential solution.</P> Tue, 01 May 2018 13:02:07 GMT https://communities.sas.com/t5/Administration-and-Deployment/How-do-I-configure-Multiple-LDAP-Server-for-Metadata-Server-with/m-p/458959#M12994 SimonDawson 2018-05-01T13:02:07Z https://communities.sas.com/t5/Administration-and-Deployment/How-do-I-configure-Multiple-LDAP-Server-for-Metadata-Server-with/m-p/459913#M13035 <P>I suppose you might want to think about the higher intent here and try provide some more details.</P> <P>&nbsp;</P> <P>What is the problem you are attempting to solve, try provide some context.</P> <P>&nbsp;</P> <P>eg. The company I work for just aquired a new company. Users are now split across two active directory domains which are not in the same forest. The SAS team need to update our existing configuration to allow users from both Active Directory domains to be autheticated and use SAS using their existing domain accounts. How might we configure the SAS Metadata Server to authenitcate users from two different Active Directory domains?</P> <P>&nbsp;</P> <P>If its something like two district Active Directory setups then I'd not use the LDAP bits inside SAS but rather configure sasauth to use PAM then simply just have my Linux/UNIX system administrators ensure the krb5 configuration on that system is able to talk to both KDCs for those two realms and SAS will seamlessly authenticate both annie@REALMA.COMPANY and bob@REALMB.COMPANY if the krb5 configuration is correct.</P> Fri, 04 May 2018 03:20:00 GMT https://communities.sas.com/t5/Administration-and-Deployment/How-do-I-configure-Multiple-LDAP-Server-for-Metadata-Server-with/m-p/459913#M13035 SimonDawson 2018-05-04T03:20:00Z https://communities.sas.com/t5/Administration-and-Deployment/How-do-I-configure-Multiple-LDAP-Server-for-Metadata-Server-with/m-p/460359#M13046 <P>Thank you! My question is answered sufficiently.</P> Mon, 07 May 2018 07:30:38 GMT https://communities.sas.com/t5/Administration-and-Deployment/How-do-I-configure-Multiple-LDAP-Server-for-Metadata-Server-with/m-p/460359#M13046 eddi 2018-05-07T07:30:38Z