Summary of Methods for LDAP Integration

SAS supports the following methods for integration with LDAP:
host use of LDAP
The SAS server’s host uses an LDAP provider as a back-end authentication provider. From the perspective of the SAS server, this is host authentication. For example:
  • Active Directory is the standard back-end authentication provider on Windows.
  • Some UNIX hosts recognize LDAP accounts (or can be configured to do so). See Pluggable Authentication Modules (PAM).
sasauth use of LDAP (UNIX only)
This method provides a direct connection from sasauth (the UNIX host authentication module) to an LDAP database for authentication. This method provides an authenticated UNIX host identity for each user. For configuration instructions, see Configuration Guide for SAS Foundation for UNIX Environments at http://support.sas.com/documentation/installcenter.
metadata server use of LDAP
The metadata server validates some users against an LDAP provider such as Active Directory. This method enables the metadata server to recognize accounts that aren't known to its host. It doesn't provide SAS with an authenticated UNIX host identity for each user. See Direct LDAP Authentication.
LDAP integration support is for authentication purposes only, not for authorization.