BookmarkSubscribeRSS Feed
nambhanushali
Fluorite | Level 6

Hi Team,

 

I am new to SAS admin.How do I upgrade current LDAP to more secure LDAP authentication?

What is the process?Any documents to refer?

Also what kind of certificates will be needed to install it for authentication ? and where can I find those certificates?

There are 2 servers which SAS needs to access to connect to 3rd party software (Labware LIMS) to extract/fetch the data in reports.

Thank You

 

Regards,

Namrata

10 REPLIES 10
alexal
SAS Employee

@nambhanushali,


SAS has multiple ways to configure the authentication. Please clarify, are you talking about direct LDAP authentication method on the metadata server, LDAP authentication in sasauth.conf or LDAP authentication within PAM?

JuanS_OCS
Amethyst | Level 16

Hello @nambhanushali,

 

what is the SAS version of your servers? The certificates must be always imported in the SASPrivateJavaRuntimeEnvironment certificate store.

 

Please read the following links, it should give you much more than enough information.

https://communities.sas.com/t5/Administration-and-Deployment/How-to-implement-both-AD-and-LDAP-for-u...

http://support.sas.com/kb/48/142.html

https://www.sas.com/content/dam/SAS/fr_fr/doc/support-clients/articles/us2016_q3_implementation-d-un...

 

The last line about the Labware LIMS servers.... what is the relevance of it for the question?

 

 

 

 

nambhanushali
Fluorite | Level 6

HI I still did not get the solution as in from where to start?

I got access to SAS Management Console & server access, but I dont know how do I check current LDAP config.

Like below ???

  1. Direct LDAP authentication method on the metadata server,
  2. LDAP authentication in sasauth.conf or
  3. LDAP authentication within PAM (Pluggable authentication modules?
alexal
SAS Employee

@nambhanushali,

 

I would like to see an output from the commands shown below:

 

grep methods /<SASHome>/SASFoundation/9.4/utilities/bin/sasauth.conf
grep AD_HOST /<SASConfig>/Lev<X>/SASMeta/MetadataServer/sasv9_usermods.cfg
nambhanushali
Fluorite | Level 6

Output of sasauth.conf attached & Output of sasv9_usermods.cfg below in mentioned path 

SASConfig>/Lev<X>/SASMeta/MetadataServer/sasv9_usermods.cfg

/*
* sasv9_usermods.cfg
*
* This config file extends options set in sasv9.cfg. Place your site-specific
* options in this file. Any options included in this file are common across
* all server components in this application server.
*
* Do NOT modify the sasv9.cfg file.
*
*/
-secpackagelist "Kerberos"

alexal
SAS Employee

@nambhanushali,

 

You are using host-based authentication. I do not see any references to PAM or LDAP in your configuration files.

nambhanushali
Fluorite | Level 6

ok so whats next now? how do I implement new secured LDAP?

Any docs to refer for host based authentication?

nambhanushali
Fluorite | Level 6

So now we need to upgrade from host based to LDAPS . What all configuration changes needed to move the SAS environments to support LDAP Secure (LDAPS)?

 

alexal
SAS Employee

@nambhanushali,

 

SAS supports the following methods for integration with LDAP:

  • host use of LDAP
    The SAS server’s host uses an LDAP provider as a back-end authentication provider. From the perspective of the SAS server, this is host authentication. For example:
    Active Directory is the standard back-end authentication provider on Windows.
    Some UNIX hosts recognize LDAP accounts (or can be configured to do so). See Pluggable Authentication Modules (PAM).
  • sasauth use of LDAP (UNIX only)
    This method provides a direct connection from sasauth (the UNIX host authentication module) to an LDAP database for authentication. This method provides an authenticated UNIX host identity for each user. For configuration instructions, see Configuration Guide for SAS Foundation for UNIX Environments at http://support.sas.com/documentation/installcenter.
  • metadata server use of LDAP
    The metadata server validates some users against an LDAP provider such as Active Directory. This method enables the metadata server to recognize accounts that are not known to its host. It does not provide SAS with an authenticated UNIX host identity for each user. See Direct LDAP Authentication.
    LDAP integration support is for authentication purposes only, not for authorization.
nambhanushali
Fluorite | Level 6

HI All,

 

I need to know how do we set newly created authentication as default auth in SAS Management Console (SMC) which will be applicable to new & existing users also.

 

Currently under SMC-->User manager->(right click)properties-->Accounts-->new

By default auth showing for new & existing user is "defaultauth". How do we change this default setting for new & existing users?

Is there any way to get it done once for all or do I need to go into individual user & select newly created auth.

 

I went through into the below link

http://support.sas.com/documentation/cdl/en/mcsecug/69854/HTML/default/viewer.htm#p1q3sdzivhqesin1ol...

 

But how to set default auth is not mentioned.

 

Regards,

Namrata

suga badge.PNGThe SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment. 

Join SUGA 

Get Started with SAS Information Catalog in SAS Viya

SAS technical trainer Erin Winters shows you how to explore assets, create new data discovery agents, schedule data discovery agents, and much more.

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 10 replies
  • 3777 views
  • 3 likes
  • 3 in conversation