Integration with OpenLDAP and TLS/SSL

New Contributor
Posts: 3

Integration with OpenLDAP and TLS/SSL

Hello Folks,

Have any of you implemented SAS apps to authenticate users in a OpenLDAP server?

I have a LDAP server working and I can see my client server can authenticate users in my OpenLDAP server, this works fine.

When I open my SAS Management Console and attempt to authenticate, it doesn't work and retusn this message to me:

LDAP SSL Message ldapsNegotiate() failed -2139099117

Possible cause: Server certificate not found, port not SSL enabled

Unable to contact the LDAP server.

Access denied.

The application could not log on to the server "". The user ID "sas_etl_bi" or the password is incorrect.

I rulled out password issues because I'm able to authenticate with the user "sas_etl_bi" directly using SSH.

I need some help to understand and clarify the certificates thing... I've been reading the following links, but still not clear.

My LDAP Server is: PRISMA

Server where SAS installation is on: GOLF

Initially I thought that the certication should be copied from my ldap server to my sas installation server, but this doesn't seem to be the case.

Pls, any guidance here is much appreciated.

SAS(R) 9.3 Intelligence Platform: Security Administration Guide

Encryption in SAS(R) 9.4, Second Edition



/* Configuração para autenticar no servidor de LDAP / */


-set LDAP_BASE "dc=netdomain,dc=com"

-set LDAP_PORT 636


/* System options that make LDAP the primary authentication provider */

-authpd LDAPSmiley -primpd

Thanks in advance.


New Contributor
Posts: 3

Re: Integration with OpenLDAP and TLS/SSL

Posted in reply to dszortyka

additional information for posteriority.. I still have hope someone will help here! Smiley Happy

running the command at the metadata server (golf) against my LDAP server (prisma), I got apparently good results:

openssl s_client -tls1 -connect -showcerts

Trusted Advisor
Posts: 3,215

Re: Integration with OpenLDAP and TLS/SSL

Posted in reply to dszortyka

Why not use the LDAP being at the host level (Unix I assume) than using host-autentication

A lot easier as you local session started in a persons-context (ldap defined) can be highly secures at the OS level.

You can not secure the OS with SAS Metadata-security, but you can secure the OS with sandboxing on group and user accounts in a way the system will be safe even making a mess in metadata-security.  Let the users use SSH SFTP X-cmd on the system when you did the security well they can not go outside their own sandbox.

---->-- ja karman --<-----
Ask a Question
Discussion stats
  • 2 replies
  • 2 in conversation