BookmarkSubscribeRSS Feed
Calcite | Level 5

     We use our company ID to log in to SAS 9.2, the user ID format is


We now have an ID in the format of, without the us.


How do I add multiplue ID formats to sasv9_usermods.cfg file for LDAP authentication?


Would I add -primpd after -authpd


Thank you,
/*--------------------Original LDAP Authentication Code----------------------*/


 * sasv9_usermods.cfg
 *   This config file extends options set in sasv9.cfg.  Place your site-specifi                                                                                                                     c
 *   options in this file.  Any options included in this file are common across
 *   all server components in this application server.
 *   Do NOT modify the sasv9.cfg file.

-set LDAP_PORT 389


-set LDAP_BASE "c=us,ou=bluepages,"

-set LDAP_IDATTR "primaryuserid"

SAS Employee



if i am not mistaken, you could add it as::


-authpd (,

-authproviderdomain (HOSTUSER:'....',')
-authproviderdomain (HOSTUSER:'....', ADIR:'')



Have you tried it that way?


I do not want to put Paul on the spot 🙂  but .. he is THE ldap king super expert, he might have

a better / different suggestion (there is no one i trust more than Paul when it comes to security matters!)




Rhodochrosite | Level 12

Thanks for the nice words Anja 🙂


@EPV3 - can you clarify what your authentication environment look like now. Is it a single LDAP server or two LDAP servers? If a single server are you trying to support both user id formats or just the new format? You mentioned the old user id format is Are you talking about the format you have in SAS metadata? Is it not When your users log in do they provide the long form user id (or or the short form of just UserName?


The best place to look for more info on this in the SAS 9.2 documentation is the How to Configure Direct LDAP Authentication section in the SAS 9.2 Intelligence Platform: Security Administration Guide (though there is a bit more detail in the SAS 9.4 equivalent page).


The AUTHPROVIDERDOMAIN (AUTHPD) system option provides one or more authentication providers that can be used. If you need to use two LDAP servers then you can add extra domains in this option.


The PRIMARYPROVIDERDOMAIN (PRIMPD) system option is used to specify the primary domain that should be used for unqualified user ids (or PRIMPD qualified or an unknown qualifier). For example if you user specifies an unqualified bob as the user id and the primpd is then will be used as the qualified userid. Have a look at the SAS documentation for more examples of how and when PRIMPD is used.


suga badge.PNGThe SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment. 

Join SUGA 

CLI in SAS Viya

Learn how to install the SAS Viya CLI and a few commands you may find useful in this video by SAS’ Darrell Barton.

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 2 replies
  • 3 in conversation