- Mark as New
- Bookmark
- Subscribe
- Mute
- RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Trying to connect from SAS server to LDAP server using TCP port 636 is the common communications port for SSL, getting error as "ERROR: Unable to contact the LDAP server.".
I am able to connect LDAP server with TCP port 389 port from Solaris where SAS 9.1.3 has installed.
%let ADServer = "xxxxxxxxxx";
%let ADPort = 389;
%let ADPerBaseDN ="ou=users,ou=internal,o=xxxxxx";
%let ADBindUser = "uid=xxxxxx,ou=users,ou=internal,o=xxxxx";
%let ADBindPW = "xxxx";
call ldaps_open( handle, &ADServer, &ADPort, &ADPerBaseDN, &ADBindUser, &ADBindPW, rc, option );
Installed Verisign certificate in "/etc/certs/ldapCert/cert8.db" path on source system to use 636 port, Any environment variable to pass this certificate path while connecing from sas to ldap.
your help would be much appreciated
- Mark as New
- Bookmark
- Subscribe
- Mute
- RSS Feed
- Permalink
- Report Inappropriate Content
Check with your network specialist regarding port 636. It is common practice these days to protect servers with firewalls, and then open ports in the firewalls only as required plus restrict traffic to only specified servers. In my organisation everytime we want to add a new server we need to change the firewall rules for our SAS server.
- Mark as New
- Bookmark
- Subscribe
- Mute
- RSS Feed
- Permalink
- Report Inappropriate Content
But i am able to connect with 636 by using verisign installed path (Z -P "/etc/certs/ldapCert/cert8.db") in below shell script
ldapsearch -h ecd.ldap.se -p 636 -D "uid=EXXXXXX,ou=Users,ou=Internal,o=XXXXXX" -T -w 8HrS7iQ2 -Z -P "/etc/certs/ldapCert/cert8.db" -1 -b "ou=users,ou=internal,o=XXXXXX" "(&(objectclass=ldap)(idmaccess=XXXXXX*))"
I want to use "/etc/certs/ldapCert/cert8.db" certification path to run it from SAS Code. Is there any way to pass this path thru variable or any alternative
sas code:
data useraccess (keep=entryname attrName value filter displayName);
length entryname $600 attrName $100 value $600 filter $500
displayName $600 ;
handle = 0;
rc = 0;
option = "OPT_REFERRALS_ON";
/* open connection to LDAP server */
call ldaps_open( handle, &ADServer, &ADPort, &ADPerBaseDN, &ADBindUser, &ADBindPW, rc, option );
timeLimit=0;
sizeLimit=0;
base=''; /* use default set at _open time */
referral = "OPT_REFERRALS_ON";
restart = ""; /* use default set at _open time */
call ldaps_setOptions(handle, timeLimit, sizeLimit, base, referral, restart, rc);
%include groups;
/* close connection to LDAP server */
call ldaps_close(handle,rc);
run;
- Mark as New
- Bookmark
- Subscribe
- Mute
- RSS Feed
- Permalink
- Report Inappropriate Content
In that case I suggest you open a track with Tech Support.
- Mark as New
- Bookmark
- Subscribe
- Mute
- RSS Feed
- Permalink
- Report Inappropriate Content
Hi sunilreddy,
We have a track still opened for months on a similar issue.
- a SAS 9.3 (TS1/M1) Metadata Server on Linux x64 is unable to authenticate against an LDAP server through SSL (LDAPS) using a chained Verisign Certificate.
it works fine using a self-signed certificate but fails with a chained Verisign. SAS tech support has tried to replicate our issue but we disagree on the minimal requirements
and, unfortunately, this is still unresolved despite upgrading the ssl SAS code up to 9.4.
In our case, the LDAPS certificate should be declared with SSLCALISTLOC SAS sytem option. Be aware that SAS awaits the SSL certificate to be read as a plain text file (ASCII);
I am note sure it can retrieve the certificate from a *.dlb key store. Since I'm not familiar with SAS 9.1 on Solaris, check the documentation.
I'll be curious to know if you can open the LDAPS call at all. Please, keep us informed.
Ronan