cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
BookmarkSubscribeRSS Feed
ASHISH2525
Quartz | Level 8 ASHISH2525
Quartz | Level 8

How to configuring Multiple AD server using LDAP

Posted 09-20-2019 01:21 AM (1145 views)

Hi All,

 

We have two AD servers XYZ.COM & ABC.COM.
WE have configured LDAP configuration in SASV9_USERMODE.CFG in metadata.

if we attempt to use one at a time it works but when we try to use both at same time. we are only able to login through second one.

 

-set AD_HOST XYZ.COM
-set AD_PORT 389
-authpd ADIR:XYZ.COM
-primpd XYZ.COM

-set AD_HOST ABC.COM
-set AD_PORT 389
-authpd ADIR:ABC.COM
-primpd ABC.COM


/sasconf/Lev1/SASMeta/MEATADAServer

Sasv9_usermod.cfg

 

Regards,

Ashish

0 Likes
Reply
3 REPLIES 3
Anand_V
Ammonite | Level 13 Anand_V
Ammonite | Level 13

Re: How to configuring Multiple AD server using LDAP

Posted 09-20-2019 01:57 AM (1138 views)  |   In reply to ASHISH2525

Hi @ASHISH2525 ,

 

Did you try the format provided in the admin guide?

 

https://documentation.sas.com/?docsetId=bisecag&docsetTarget=n0w8oa3erw568vn192xwf0872npk.htm&docset...

 

Multiple LDAP Servers

SAS can recognize multiple LDAP servers as authentication providers, regardless of whether there are trust relationships among those servers.
For example, to cause the metadata server to search three Active Directory servers (AD1, AD2, and AD3) when authenticating users, set the AUTHPROVIDERDOMAIN system option as follows:
-authpd (ADIR:AD1, ADIR:AD2, ADIR:AD3)
To enable SAS to locate all three LDAP servers, supply information about each server through associated environment variables. To indicate which LDAP server each variable describes, append the server's name to the variable name. For example, with the preceding AUTHPD syntax, you might set server-specific variables as follows:
set AD_HOST_AD1=machine1.company1.com
set AD_HOST_AD2=machine1.company2.com
set AD_HOST_AD3=machine1.company3.com

AUTHPROVIDERDOMAIN=(provider:domain-name)

specifies an alternative authentication provider. When the AUTHPROVIDERDOMAIN parameter is omitted from the metadata server start command, the metadata server uses host authentication to authenticate users. AUTHPD is an alias for AUTHPROVIDERDOMAIN. For usage information, see Direct LDAP Authentication in SAS Intelligence Platform: Security Administration Guide.

Note: In UNIX operating environments, you must insert an escape character before each parenthesis. For example:-authproviderdomain = \(ADIR:MyDomain\)

Thanks!

Reply
ASHISH2525
Quartz | Level 8 ASHISH2525
Quartz | Level 8

Re: How to configuring Multiple AD server using LDAP

Posted 09-20-2019 02:35 AM (1119 views)  |   In reply to Anand_V

@Anand_V 

 

Hi,

 

Thanks for your quick response. Right now we are doing this.

 

-set AD_HOST_ABC ABC.in
-set AD_HOST_XYZ xyz.XX.XX.in
-authpd (ADIR:ABC, ADIR:XYZ)
-set AD_PORT 389

 

Can you recommend the changes we should do in above. we are on Linux Os.

 

 

Regards,

Ashish

0 Likes
Reply
Anand_V
Ammonite | Level 13 Anand_V
Ammonite | Level 13

Re: How to configuring Multiple AD server using LDAP

Posted 09-20-2019 02:56 AM (1114 views)  |   In reply to ASHISH2525
Can try this?

-authpd \(ADIR:ABC, ADIR:XYZ\)
-set AD_HOST_ABC ABC.in
-set AD_HOST_XYZ XYZ.xx.xx.in
-set AD_PORT 389
0 Likes
Reply

suga badge.PNGThe SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment. 

Join SUGA 

Get Started with SAS Information Catalog in SAS Viya

SAS technical trainer Erin Winters shows you how to explore assets, create new data discovery agents, schedule data discovery agents, and much more.

Watch Get Started with SAS Information Catalog in SAS Viya on YouTube

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 3 replies
  • ‎09-20-2019 01:21 AM
  • 1146 views
  • 1 like
  • 2 in conversation