Hi,

if i am not mistaken, you could add it as::

....

..
-authpd (ADIR:us.company.com, ADIR:company.com)

-authproviderdomain (HOSTUSER:'....', ADIR:us.company.com')
-authproviderdomain (HOSTUSER:'....', ADIR:'company.com')

....

Have you tried it that way?

I do not want to put Paul on the spot 🙂  but .. he is THE ldap king super expert, he might have

a better / different suggestion (there is no one i trust more than Paul when it comes to security matters!)

Thanks

Anja

Thanks for the nice words Anja 🙂

@EPV3 - can you clarify what your authentication environment look like now. Is it a single LDAP server or two LDAP servers? If a single server are you trying to support both user id formats or just the new format? You mentioned the old user id format is UserName.us.company.com. Are you talking about the format you have in SAS metadata? Is it not UserName@us.company.com? When your users log in do they provide the long form user id UserName.us.company.com (or UserName@us.company.com) or the short form of just UserName?

The best place to look for more info on this in the SAS 9.2 documentation is the How to Configure Direct LDAP Authentication section in the SAS 9.2 Intelligence Platform: Security Administration Guide (though there is a bit more detail in the SAS 9.4 equivalent page).

The AUTHPROVIDERDOMAIN (AUTHPD) system option provides one or more authentication providers that can be used. If you need to use two LDAP servers then you can add extra domains in this option.

The PRIMARYPROVIDERDOMAIN (PRIMPD) system option is used to specify the primary domain that should be used for unqualified user ids (or PRIMPD qualified or an unknown qualifier). For example if you user specifies an unqualified bob as the user id and the primpd is example.com then bob@example.com will be used as the qualified userid. Have a look at the SAS documentation for more examples of how and when PRIMPD is used.