Hi, I am implementing SAS Forecast Server on a Google Cloud Platform (GCP) Compute Instance/VM. I am having problem configuring sasauth.conf to connect back to our on-prem LDAP server for password authentication. One item of note is that the ldap server IP is actually the load balancer for our ldap servers. Not sure if this is significant for my situation or not.
I am able to perform an ldapsearch from the command line with an embedded fetch of the target DN as follows:
ldapsearch -x -LLL \
-H ldaps://<ldaphost.domain.com>:636 \
-D "$(ldapsearch -x -LLL \
-H ldaps://<ldaphost.domain.com>:636 \
-b 'o=,c=us' \
-s sub 'uid=<tgt_uid>' dn | grep dn | \
cut -d' ' -f2-)" \
-s sub "uid=<tgt_uid>" \
-b "o=,c=us" \
-w <user_psw>
Please note also that I have been unable to get an ldapsearch command to work using the form '-h <ldaphost.domain.com> -p 636' for the ldap host reference.
The above ldapsearch command fetches the DN first (and strips off the chars 'dn: '), and then uses it in the outer query with the associated password to confirm the password.
This is how I am interpreting the doc for LDAP_AUTH_METHOD=QUERY in sasauth.conf to work...
# QUERY = Search for the user's name in a specified attribute to determine
# the user's DN, then BIND using that DN and the user's credentials.
# (Useful for large enterprises with multiple AD domains.)
However, I have been unable to figure out how to set up sasauth.conf to connect using simple authentication (-x) and ldapuri (-H ldaps://....) and am hoping that this is my problem. Can someone provide guidance on how to configure sasauth.conf to create its query using the form '-x -H ldaps://...:nnn' (or where it is discussed in the manuals) and where I can find the logging for this activity so that I can debug it? I have been unable to find the logs for this anywhere.
Thanks in advance, Dennis