@nambhanushali,

SAS has multiple ways to configure the authentication. Please clarify, are you talking about direct LDAP authentication method on the metadata server, LDAP authentication in sasauth.conf or LDAP authentication within PAM?

Hello @nambhanushali,

what is the SAS version of your servers? The certificates must be always imported in the SASPrivateJavaRuntimeEnvironment certificate store.

Please read the following links, it should give you much more than enough information.

https://communities.sas.com/t5/Administration-and-Deployment/How-to-implement-both-AD-and-LDAP-for-u...

http://support.sas.com/kb/48/142.html

https://www.sas.com/content/dam/SAS/fr_fr/doc/support-clients/articles/us2016_q3_implementation-d-un...

The last line about the Labware LIMS servers.... what is the relevance of it for the question?

HI I still did not get the solution as in from where to start?

I got access to SAS Management Console & server access, but I dont know how do I check current LDAP config.

Like below ???

1. Direct LDAP authentication method on the metadata server,
2. LDAP authentication in sasauth.conf or
3. LDAP authentication within PAM (Pluggable authentication modules?

@nambhanushali,

I would like to see an output from the commands shown below:

grep methods /<SASHome>/SASFoundation/9.4/utilities/bin/sasauth.conf
grep AD_HOST /<SASConfig>/Lev<X>/SASMeta/MetadataServer/sasv9_usermods.cfg

Output of sasauth.conf attached & Output of sasv9_usermods.cfg below in mentioned path 

SASConfig>/Lev<X>/SASMeta/MetadataServer/sasv9_usermods.cfg

/*
* sasv9_usermods.cfg
*
* This config file extends options set in sasv9.cfg. Place your site-specific
* options in this file. Any options included in this file are common across
* all server components in this application server.
*
* Do NOT modify the sasv9.cfg file.
*
*/
-secpackagelist "Kerberos"

@nambhanushali,

You are using host-based authentication. I do not see any references to PAM or LDAP in your configuration files.

ok so whats next now? how do I implement new secured LDAP?

Any docs to refer for host based authentication?

So now we need to upgrade from host based to LDAPS . What all configuration changes needed to move the SAS environments to support LDAP Secure (LDAPS)?

@nambhanushali,

SAS supports the following methods for integration with LDAP:

• host use of LDAP
  The SAS server’s host uses an LDAP provider as a back-end authentication provider. From the perspective of the SAS server, this is host authentication. For example:
  Active Directory is the standard back-end authentication provider on Windows.
  Some UNIX hosts recognize LDAP accounts (or can be configured to do so). See Pluggable Authentication Modules (PAM).
• sasauth use of LDAP (UNIX only)
  This method provides a direct connection from sasauth (the UNIX host authentication module) to an LDAP database for authentication. This method provides an authenticated UNIX host identity for each user. For configuration instructions, see Configuration Guide for SAS Foundation for UNIX Environments at http://support.sas.com/documentation/installcenter.
• metadata server use of LDAP
  The metadata server validates some users against an LDAP provider such as Active Directory. This method enables the metadata server to recognize accounts that are not known to its host. It does not provide SAS with an authenticated UNIX host identity for each user. See Direct LDAP Authentication.
  LDAP integration support is for authentication purposes only, not for authorization.

HI All,

I need to know how do we set newly created authentication as default auth in SAS Management Console (SMC) which will be applicable to new & existing users also.

Currently under SMC-->User manager->(right click)properties-->Accounts-->new

By default auth showing for new & existing user is "defaultauth". How do we change this default setting for new & existing users?

Is there any way to get it done once for all or do I need to go into individual user & select newly created auth.

I went through into the below link

http://support.sas.com/documentation/cdl/en/mcsecug/69854/HTML/default/viewer.htm#p1q3sdzivhqesin1ol...

But how to set default auth is not mentioned.

Regards,

Namrata