![]() |
![]() |
Authentication Mechanisms |
Summary | The metadata server validates some users against an LDAP provider such as Active Directory. |
Scope |
|
Benefits | Enables users to use their Windows accounts to authenticate to a metadata server that runs on UNIX. |
Limits |
|
Use | Optional |
1 Direct LDAP enables the metadata server to recognize accounts that aren't known to its host; direct LDAP doesn't modify the host's behavior. |
The following figure contrasts back-end use and direct use.
Two Ways to Use an LDAP Authentication Provider
Many hosts use an LDAP provider as a back-end authentication mechanism. From the perspective of the SAS server, this is host authentication, so no direct LDAP configuration is needed. For example:
Active Directory is the standard back-end authentication provider on Windows.
Some UNIX hosts recognize LDAP accounts (or can be configured to do so). See Pluggable Authentication Modules (PAM).
See How to Configure Direct LDAP Authentication.
![]() |
![]() |
Copyright © 2011 by SAS Institute Inc., Cary, NC, USA. All rights reserved.