|Summary||The metadata server validates some users against an LDAP provider such as Active Directory.|
|Benefits||Enables users to use their Windows accounts to authenticate to a metadata server that runs on UNIX.|
|1 Direct LDAP enables the metadata server to recognize accounts that aren't known to its host; direct LDAP doesn't modify the host's behavior.|
The following figure contrasts back-end use and direct use.
Two Ways to Use an LDAP Authentication Provider
Many hosts use an LDAP provider as a back-end authentication mechanism. From the perspective of the SAS server, this is host authentication, so no direct LDAP configuration is needed. For example:
Active Directory is the standard back-end authentication provider on Windows.
Some UNIX hosts recognize LDAP accounts (or can be configured to do so). See Pluggable Authentication Modules (PAM).