Architecting, installing and maintaining your SAS environment

Can SAS authentication be done against IBM Tivoli Directory Server

Accepted Solution Solved
Reply
Contributor
Posts: 54
Accepted Solution

Can SAS authentication be done against IBM Tivoli Directory Server

Hi, 

 

Can you please let me know if SAS will support using the LDAP v3 compliant IBM Security Directory Server to authenticate against instead of using Active Directory for this. What should be the changes that should be implemented for this.


Accepted Solutions
Solution
‎08-19-2016 05:25 AM
SAS Super FREQ
Posts: 299

Re: Can SAS authentication be done against IBM Tivoli Directory Server

Posted in reply to naveenraj

Hi,

 

yes, SAS can authenticate against IBM Tivoli Dir Server. The LDAP server should be RFC 2307 compatible, which it is.

(LDAP v2 / v3 compliant).

 

Not knowing which SAS version you are running, the following is for SAS 9.4.

Please see http://support.sas.com/documentation/cdl/en/itechdsref/64885/HTML/default/viewer.htm#italdap.htm

 

Everything about SAS Integration Technologies:

http://support.sas.com/software/products/inttech/index.html#s1=1

 

Hope this helps.

Best

Anja

View solution in original post


All Replies
Solution
‎08-19-2016 05:25 AM
SAS Super FREQ
Posts: 299

Re: Can SAS authentication be done against IBM Tivoli Directory Server

Posted in reply to naveenraj

Hi,

 

yes, SAS can authenticate against IBM Tivoli Dir Server. The LDAP server should be RFC 2307 compatible, which it is.

(LDAP v2 / v3 compliant).

 

Not knowing which SAS version you are running, the following is for SAS 9.4.

Please see http://support.sas.com/documentation/cdl/en/itechdsref/64885/HTML/default/viewer.htm#italdap.htm

 

Everything about SAS Integration Technologies:

http://support.sas.com/software/products/inttech/index.html#s1=1

 

Hope this helps.

Best

Anja

Contributor
Posts: 54

Re: Can SAS authentication be done against IBM Tivoli Directory Server

[ Edited ]

Hi @anja

 

Thank you for your response. I was going throught the same documents. I have one more doubt. 

Suppose we have configured SAS using Active Directory server. Like below.

 

Active Directory
/* Environment variables that describe your Active Directory server  */
-set AD_HOST myhost
/* Define authentication provider  */
-authpd ADIR:mycomapny.com
-primpd mycompany.com
But not all the users are present within this AD and we need to introduce another LDAP IBM Tivoli Directory Server. Is this possible by just changing the properties in sasv9_usermods.cfg of metadataserver folder like below along with AD settings mentioned above such that it will check both the AD and LDAP server and provide authentication.  My question is, is it possible to check both the LDAP and AD servers at the same time and provide authentication if user(even if domain name is differant) is present in either of the server
 
LDAP
/* Environment variables that describe your LDAP server  */
-set LDAP_HOST myhost
-set LDAP_BASE "ou=emp, o=us"
/* Define authentication provider */
-authpd LDAP:mycompany.com
-primpd aus.mycompany.com
SAS Super FREQ
Posts: 299

Re: Can SAS authentication be done against IBM Tivoli Directory Server

Posted in reply to naveenraj

Hi,

 

in SAS 9.3, only one was recognized. In SAS 9.4, take a look at the following:

http://support.sas.com/documentation/cdl/en/bisecag/67045/HTML/default/viewer.htm#n0w8oa3erw568vn192...

 

Is this what you are looking for?

 

Thanks

Anja

Occasional Contributor
Posts: 10

Re: Can SAS authentication be done against IBM Tivoli Directory Server

 Hi @anja,

 

i have similar case in my requirement.

 

currently we are using AD for authentication for a group of people(Eg: UK users). Another group(Eg: US users) of users also need authentication, they are not present in current AD that we are using. But US users are present in a LDAP server. So, is this possible to implement both the authentication processes in sasv9_usermods.cfg (both AD and LDAP)?

As like.

/*-----------------Active Directory Authentication---------------------- */
/* Environment variables that describe your Active Directory server */ -set AD_HOST myhost /* Define authentication provider */ -authpd ADIR:mycomapny.com -primpd mycompany.com

/*------------------------LDAP Authentication--------------------------- */
/* Environment variables that describe your LDAP server */
-set LDAP_HOST myhost
-set LDAP_BASE "ou=emp, o=us"
/* Define authentication provider */
-authpd LDAP:mycompany.com
-primpd aus.mycompany.com

 

not able to get proper solution in the link that you shared: http://support.sas.com/documentation/cdl/en/bisecag/67045/HTML/default/viewer.htm#n0w8oa3erw568vn192... , whether both AD and LDAP can be implement together for authenticate the users.

 

or is there any other way to achieve this? please suggest.

 

 

Thanks in advance

☑ This topic is solved.

Need further help from the community? Please ask a new question.

Discussion stats
  • 4 replies
  • 381 views
  • 0 likes
  • 3 in conversation