We have created users using LDAP and able to login to environment Manager. While logging in to sasstudio, Only few of them are able to login. But, few of them are not able to login to SASStudio and its saying Access Denied and For few others its saying password expired. Is there any thing going wrong while logging in. We had set the same password for all the users. I dont see any limitations in the validity of paswords though.
are you talking about SASStudio on Viya or on 9.4?
For Viya, the tip is that the authentication works on a slightly different way: the users will authenticate against the web (and web to LDAP, as your selected option), but it has to double-authenticate as well against the host servers where CAS is running. Meaning: either you have your users registered in the host itself, maintaining same passwords, or you have your linux server joined to the LDAP realm, hence the users can log, with the LDAP credentials, to the CAS servers and the home folders should be automatically generated (you can give a look into PAM options).
I am asking about viya. We use to login using our LDAP credentials to all products like Environment manager, SASHome, CAS monitor and SASStudio. But, suddenly, we found that few users are facing this issues. However my id and few sasdemo ids which we created for a general purpose are working fine.
the web applications (Environment Manager, VA, etc) all work with the authentication as set as web authentication: LDAP, SAML, etc. in your case, it is connected to LDAP/AD.
However, CAS sessions connect through web (SASStudio), but also it starts a process (the actual CAS one) in the host itself. That is why you need host authentication as well. And the users and passwords should match.
PAM is your friend here, and you can delegate authentications to it. So you can create users locally, and maintain the users and passwords, or you just join the machine/s to LDAP realm to allow users to log locally to the server (through SAS Studio) and the server should create the linux home folder for the user as well.