Architecting, installing and maintaining your SAS environment

How to implement both AD and LDAP for user authentication?

Accepted Solution Solved
Reply
Occasional Contributor
Posts: 10
Accepted Solution

How to implement both AD and LDAP for user authentication?

Our SAS VA located on UNIX Environment. currently we are using AD for authenticate a group of people(Eg: UK users). Another group(Eg: US users) of users need authenticate and access the SAS applications, But they are not present in current AD that we are using and present in a LDAP server. So, is this possible to implement both the authentication processes in sasv9_usermods.cfg (both AD and LDAP)?

As like.

/*-----------------Active Directory Authentication---------------------- */
/* Environment variables that describe your Active Directory server */ -set AD_HOST myhost /* Define authentication provider */ -authpd ADIR:mycomapny.com -primpd mycompany.com

/*------------------------LDAP Authentication--------------------------- */
/* Environment variables that describe your LDAP server */
-set LDAP_HOST myhost
-set LDAP_BASE "ou=emp, o=us"
/* Define authentication provider */
-authpd LDAP:mycompany.com
-primpd aus.mycompany.com

 

or is there any other way to achieve this? please suggest.

 

 

Thanks in advance


Accepted Solutions
Solution
‎09-22-2016 01:49 AM
PROC Star
Posts: 426

Re: How to implement both AD and LDAP for user authentication?

Posted in reply to Saikrishna979

Have you tried this?

 

-authpd (ADIR:mydomain LDAP:mycompany.com)

 

For more info see the documentation for the AUTHPROVIDERDOMAIN System Option

View solution in original post


All Replies
PROC Star
Posts: 426

Re: How to implement both AD and LDAP for user authentication?

Posted in reply to Saikrishna979

See the How to Configure Direct LDAP Authentication, Multiple LDAP Servers section in the SAS 9.4 Intelligence Platform: Security Administration Guide.

 

You could also talk to your sysadmin about the possibility of configuring your UNIX platform for authentication against multiple providers and just leave SAS to do host authentication.

Occasional Contributor
Posts: 10

Re: How to implement both AD and LDAP for user authentication?

Posted in reply to PaulHomes

Dear @PaulHomes,

 

thanks for your reply.

 

"You could also talk to your sysadmin about the possibility of configuring your UNIX platform for authentication against multiple providers and just leave SAS to do host authentication". could you please elaborate this point in more detail?

 

 

PROC Star
Posts: 426

Re: How to implement both AD and LDAP for user authentication?

Posted in reply to Saikrishna979

I mean that you could consider shifting the burden of authenticating users across multiple providers from the SAS platform layer to the operating system platform layer. If you can configure the UNIX server, where your metadata server runs, to authenticate against multiple providers (and it is appropriately aligned with your IT security policies) then SAS can be configured for simple host authentication. An example could be using SSSD with multiple domains.

 

Another possibility with VA is to shift the authentication to the mid-tier, where there are many authentication configuration options, then use (Trusted) Web Authentication possibly in combination with SAS Token Authenticaiton. Have a read through the Authentication Mechanisms section of the SAS 9.4 Intelligence Platform: Security Administration Guide for more background. You may also find the following papers and resources provide you with more ideas: 

 

Since there are lots of options around authentication, without an understanding of your environment, SAS product mix, and business requirements it is hard to give specific advice. I would suggest contacting SAS Professional Services or a SAS Partner in your local region if you need more in-depth assistance.

Occasional Contributor
Posts: 10

Re: How to implement both AD and LDAP for user authentication?

Posted in reply to PaulHomes

Dear @PaulHomes,

 

We are currently using direct active directory authentication model. So my only question now is, is it possible to authenticate sas with both Active Directory and IBM Directory server at the same time. I have read http://support.sas.com/documentation/cdl/en/bisecag/67045/HTML/default/viewer.htm#n0w8oa3erw568vn192...
which mentions that multiple LDAP servers can be configured. I would like to know if we can configure in such a way that the AD and IBM LDAP server both can be used as authentication providers in the same sas machine.

 

I have also raised a ticket with technical support regarding this. I would like to understand this topic before sas support contact me. Hence the repeated questions.

 

 

Thank you

Solution
‎09-22-2016 01:49 AM
PROC Star
Posts: 426

Re: How to implement both AD and LDAP for user authentication?

Posted in reply to Saikrishna979

Have you tried this?

 

-authpd (ADIR:mydomain LDAP:mycompany.com)

 

For more info see the documentation for the AUTHPROVIDERDOMAIN System Option

Occasional Contributor
Posts: 10

Re: How to implement both AD and LDAP for user authentication?

[ Edited ]
Posted in reply to PaulHomes

@PaulHomes Thanks a lot for your kind support, we are proccedding for test with -authpd (ADIR:mydomain LDAP:mycompany.com).

☑ This topic is solved.

Need further help from the community? Please ask a new question.

Discussion stats
  • 6 replies
  • 2014 views
  • 7 likes
  • 2 in conversation