https://communities.sas.com/t5/Administration-and-Deployment/SAS9-4-Metadata-Server-And-Direct-LDAP-User-Authentication/m-p/985475#M30761 <P>Thank you for your sharing.</P><P>Our system uses AD as the provider, so we use AD_HOST, AD_PORT, and AD_TLSMODE in our configuration.</P><P>&nbsp;</P><P>Then our infra colleague asked: under this configuration, which service account is being used to perform the ldap query? Any idea how to respond to them?</P> Fri, 27 Mar 2026 09:01:44 GMT Eddie305 2026-03-27T09:01:44Z https://communities.sas.com/t5/Administration-and-Deployment/SAS9-4-Metadata-Server-And-Direct-LDAP-User-Authentication/m-p/985446#M30759 <P>My infra colleague ask me about SAS9.4 metadata server configuration with&nbsp;Direct LDAP User Authentication.&nbsp;</P><P>&nbsp;</P><P>Our system is configure according to the doc&nbsp;<A href="https://documentation.sas.com/doc/en/bicdc/9.4/bisecag/n0w8oa3erw568vn192xwf0872npk.htm#n00wxuaqr9udn8n1a7y6f83b1oyx" target="_blank">https://documentation.sas.com/doc/en/bicdc/9.4/bisecag/n0w8oa3erw568vn192xwf0872npk.htm#n00wxuaqr9udn8n1a7y6f83b1oyx</A>&nbsp;</P><P>&nbsp;</P><P>My colleague is asking what account is being used to perform the ldap query to validate the user account and password during the authentication.</P><P>&nbsp;</P><P>I can't find any technical paper or document to discuss this topic. Can anyone show me the direction? Or have some good explanation?&nbsp;</P> Thu, 26 Mar 2026 14:59:38 GMT https://communities.sas.com/t5/Administration-and-Deployment/SAS9-4-Metadata-Server-And-Direct-LDAP-User-Authentication/m-p/985446#M30759 Eddie305 2026-03-26T14:59:38Z https://communities.sas.com/t5/Administration-and-Deployment/SAS9-4-Metadata-Server-And-Direct-LDAP-User-Authentication/m-p/985472#M30760 <P>This URL will take you to the configuration document for direct LDAP authentication.&nbsp;&nbsp;<A href="https://documentation.sas.com/doc/de/bicdc/9.4/bisecag/n0w8oa3erw568vn192xwf0872npk.htm" target="_blank" rel="noopener">SAS Help Center: How to Configure Direct LDAP Authentication</A></P><P>&nbsp;</P><P>Take a look at ...</P><TABLE><TBODY><TR><TD><P class="">LDAP_PRIV_DN</P></TD><TD><P class="">The privileged DN that is allowed to search for users (for example,<SPAN>&nbsp;</SPAN><CODE class="">cn=useradmin</CODE>).</P></TD></TR><TR><TD><P class="">LDAP_PRIV_PW</P></TD><TD><P class="">The password for LDAP_PRIV_DN. You can use the PWENCODE procedure to provide an encoded password.</P></TD></TR></TBODY></TABLE> Thu, 26 Mar 2026 18:44:04 GMT https://communities.sas.com/t5/Administration-and-Deployment/SAS9-4-Metadata-Server-And-Direct-LDAP-User-Authentication/m-p/985472#M30760 Victor_A 2026-03-26T18:44:04Z https://communities.sas.com/t5/Administration-and-Deployment/SAS9-4-Metadata-Server-And-Direct-LDAP-User-Authentication/m-p/985475#M30761 <P>Thank you for your sharing.</P><P>Our system uses AD as the provider, so we use AD_HOST, AD_PORT, and AD_TLSMODE in our configuration.</P><P>&nbsp;</P><P>Then our infra colleague asked: under this configuration, which service account is being used to perform the ldap query? Any idea how to respond to them?</P> Fri, 27 Mar 2026 09:01:44 GMT https://communities.sas.com/t5/Administration-and-Deployment/SAS9-4-Metadata-Server-And-Direct-LDAP-User-Authentication/m-p/985475#M30761 Eddie305 2026-03-27T09:01:44Z