BookmarkSubscribeRSS Feed
rkgrc000
Obsidian | Level 7

Hello, I am wondering how to best set up authentication via Lightweight Directory Access Protocol (LDAP) for users from many different organizations outside my own who need to access individualized SAS 9.3 BI dashboards that my organization is creating.  Tech support has been helpful so far, but, as someone with little configuration/deployment/administration experience who has nonetheless been asked to take care of this, I'm afraid I need more basic help. 

Here are the steps I've taken so far:

1) Added the Active Directory Lightweight Directory Services (AD LDS) role on our Windows 2008 R2 Enterprise Server.

2) Added 2 lines to sasv9_usermods.cfg (SAS(R) 9.3 Intelligence Platform: Security Administration Guide). I did not add the 3rd line (/* System options that make LDAP the primary authentication provider */ -authpd LDAP:company.com -primpd company.com) yet because I don't fully understand the implications of making the change.  If I make LDAP the primary authentication provider, will that create problems for all the SAS users within our organization who connect to SAS servers through Integrated Windows authentication (IWA)?  In other words, do I have to choose either IWA or LDAP?

I restarted the Metadata server after updating the sasv9_usermods.cfg file.

3) I created a new authentication domain in Management Console, created a user, and set the user's authentication domain to the new one just created.  However, nothing seems to have actually happened.  For example, I cannot log in to SAS BI Dashboard with the login information I entered, either in AD LDS or Management Console.  

4) Following tech support's advice, have run this code (40147 - Test connection to LDAP or Active Directory server from within SAS® 9) for a single user account I set up in AD LDS.  I modified the code with one small edit (30425 - "ERROR: Invalid handle specified" occurs when running the sample program IMPORTAD.SAS) after encountering an "Invalid handle specified" error.  The code executes with 1 warning and the following messages in the log:

"LDAPS_OPEN call successful.

WARNING: No results found.

LDAPS_FREE call successful.

LDAPS_CLOSE call successful."

So, I clearly still have some issues to address, but it appears that some sort of connection is being made to AD LDS. 

Sorry in advance for my rookie mistakes.  Any help to keep moving forward would be greatly appreciated!

3 REPLIES 3
rkgrc000
Obsidian | Level 7

In case anyone is trying to do something similar, I thought I would provide an update to this post to say that we ended up creating local Windows users ( Create a user account - Microsoft Windows Help) and then running a generic bulk load macro (SAS(R) 9.3 Intelligence Platform: Security Administration Guide) to create new SAS accounts based on the local Windows accounts.  Following this approach, the SAS accounts need to have the prefix "WIN\" for the local domain and the SAS user would log in with the password set in the local Windows account.  We had issues with metadata that may have prevented us from taking the AD LDS / LDAP approach.

MichelleHomes
Meteorite | Level 14

Thanks for sharing your end result. I was going to suggest checking out a blog post, SAS and IWA: Two Hops in case that helps. There may be other SAS platform administration related topics that you may find useful at http://platformadmin.com

Cheers,

Michelle

//Contact me to learn how Metacoda software can help keep your SAS platform secure - https://www.metacoda.com

sas-innovate-2024.png

Join us for SAS Innovate April 16-19 at the Aria in Las Vegas. Bring the team and save big with our group pricing for a limited time only.

Pre-conference courses and tutorials are filling up fast and are always a sellout. Register today to reserve your seat.

 

Register now!

How to Concatenate Values

Learn how use the CAT functions in SAS to join values from multiple variables into a single value.

Find more tutorials on the SAS Users YouTube channel.

Click image to register for webinarClick image to register for webinar

Classroom Training Available!

Select SAS Training centers are offering in-person courses. View upcoming courses for:

View all other training opportunities.

Discussion stats
  • 3 replies
  • 1546 views
  • 4 likes
  • 2 in conversation