Hi,
I have installesd SAS VIYA 3.5 on Linux, now, after I configured sas.identities.providers.ldap.group, I don't see in SAS the user under the groups.
For example I have in LDAP:
but on SAS I don't see the member:
My SAS configuration:
In general: wich objectClass I have to use for users and for groups? Which field for this objextClasses I have to use in SAS configuration? Thanks a lot in advance!
@mctrit8 ,
Please check the most recent log file in /opt/sas/viya/config/var/log/identities/default directory. Do you see any errors there?
I verified, no errors in it.
Hi @mctrit8,
Are you able to see the member users when examining the user list?
Hi,
I can see the users whne I select Users on SAS but when I select Groups on SAS I see the groups but I don't see the member of the groups.
Hi,
sorry, I'm new in LDAP and I don't know what is the right object type for groups, I see there are Objectclass= Organizationalunit but this hasn't the member attribute and the Objectclass=groupOfNames that has the member attribute; exctly what is the Object class you say?
I'm using OpenLDAP for server.
Can you give me an example of a simple group in LDAP? Thank you very much.
Thanks @mctrit8 ,
Often a OU is created named something like "Groups" that contains the various groups. So you'd have an organizational unit. This is from OpenLDAP's documentation:
Note you have two OUs, Group and People, and one user within the "People" OU (dn: uid=test1,ou=People,dc=example,dc=com), and one group within the "Group" OU (dn: cn=testgroup,ou=Group,dc=example,dc=com) with a "member" defined as the user:
cat memberof.ldif dn: dc=example,dc=com objectclass: domain dc: example dn: ou=Group,dc=example,dc=com objectclass: organizationalUnit ou: Group dn: ou=People,dc=example,dc=com objectclass: organizationalUnit ou: People dn: uid=test1,ou=People,dc=example,dc=com objectclass: account uid: test1 dn: cn=testgroup,ou=Group,dc=example,dc=com objectclass: groupOfNames cn: testgroup member: uid=test1,ou=People,dc=example,dc=com
Hi,
I've tried to structure an LDAP tree as you say:
On SAS-VIYA:
Then I see th user and the group but I don't see the user as member of the group still:
Thank you for the support.
Thanks @mctrit8
You may wish to use the steps here to get more detail in the identities service log on the cause of the member list being empty:
Usage Note 61882: Troubleshooting identities and the identities service in SAS® Viya®
The SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment.
SAS technical trainer Erin Winters shows you how to explore assets, create new data discovery agents, schedule data discovery agents, and much more.
Find more tutorials on the SAS Users YouTube channel.