Direct LDAP Authentication

Direct Use of LDAP Authentication
Summary
The metadata server validates some users against an LDAP provider such as Active Directory. Direct LDAP enables the metadata server to recognize accounts that aren't known to its host; direct LDAP doesn't modify the host's behavior.
Scope
  • Primarily used for connections to the metadata server.
  • Can also be used for direct connections from a data provider to the OLAP server.
Benefits
Enables users to use their Windows accounts to authenticate to a metadata server that runs on UNIX.
Limits
  • Not an alternative to storing user IDs in the metadata (that requirement applies to all configurations).
  • Not supported for workspace servers or stored process servers.
  • Might involve appending a special qualifier to user IDs that are stored in the metadata.
Use
Optional.
The following figure contrasts back-end use and direct use.
Comparison of Back-End and Direct Use of LDAP
Comparison of Back-End and Direct Use of LDAP
Configuring the metadata server to directly use LDAP is one of several methods for integration with LDAP, and it is not a first-choice alternative. See Summary of Methods for LDAP Integration.

See Also

How to Configure Direct LDAP Authentication
How to Configure SSL between the Metadata Server and an LDAP Server
Pluggable Authentication Modules (PAM)
Copyright © SAS Institute Inc. All rights reserved.