SAS System Options

AUTHPROVIDERDOMAIN System Option

Associates a domain suffix with an authentication provider.

Valid in:	configuration file, SAS invocation
Alias:	AUTHPD
Category:	Environment control: Initialization and operation
PROC OPTIONS GROUP=	EXECMODES

Syntax
Syntax Description
Details
Examples
See Also

Syntax

AUTHPROVIDERDOMAIN provider : domain

AUTHPROVIDERDOMAIN (provider-1 : domain-1<, ...provider-n : domain-n>)

Note:

In UNIX operating environments, you must insert an escape character before each parenthesis. For example,

-authproviderdomain \(ADIR:MyDomain, LDAP:sas\)

[cautionend]

Syntax Description

provider

specifies the authentication provider that is associated with a domain. The following are valid values for provider:

ADIR

specifies that the authentication provider be a Microsoft Active Directory server that accepts a bind containing user names and passwords for authentication.

HOSTUSER

specifies that user names and passwords be authenticated by using the authentication processing that is provided by the host operating system.

Operating Environment Information: Under the Windows operating environment, assigning the authentication provider using the HOSTUSER domain is the same as assigning the authentication provider using the AUTHSERVER system option. You might want to use the AUTHPROVIDERDOMAIN system option when you specify multiple authentication providers. [cautionend]

LDAP

specifies that the authentication provider use a directory server to specify the bind distinguished name (BINDDN) and a password for authentication.

domain

specifies a site-specific domain name. Quotation marks are required if the domain name contains blanks.

Details

SAS is able to provide authentication of a user through the use of many authentication providers. The AUTHPROVIDERDOMAIN= system option associates a domain suffix with an authentication provider. This association enables the SAS server to choose the authentication provider by the domain name that is presented.

When a domain suffix is not specified or the domain suffix is unknown, authentication is performed on the user ID and password by the host operating system.

Parenthesis are required when you specify more than one set of provider : domain pairs.

The maximum length for the AUTHPROVIDERDOMAIN option value is 1,024 characters.

To use the Microsoft Active Directory or LDAP authentication providers, these environment variables must be set in the server or spawner startup script:

Microsoft Active Directory Server:

	AD_PORT=Microsoft Active Directory port number
	AD_HOST=Microsoft Active Directory host name

LDAP Server:

	LDAP_PORT=LDAP port number
	LDAP_BASE=base distinguished name
	LDAP_HOST=LDAP host_name

LDAP Server for users connecting with a user ID instead of a distinguished name (DN):

LDAP_PRIV_DN=privileged DN that is allowed to search for users

LDAP_PRIV_PW=LDAP_PRIV_DN password

Note: If the LDAP server allows anonymous binds, then LDAP_PRIV_DN and LDAP_PRIV_PW are not required. [cautionend]

In addition to setting these environment variables, you can set the LDAP_IDATTR environment variable to the name of the person-entry LDAP attribute that stores the user ID if the attribute does not contain the default value of uid.

Examples

The following examples show you how to specify the AUTHPROVIDERDOMAIN option:

-authpd ldap:sas causes the SAS server to send credentials for users who log on as anything@sas to LDAP for authentication.
-authpd adir:sas causes the SAS server to send credentials for users who log on as anything@sas to Active Directory for authentication.
-authproviderdomain (hostuser:'my domain', ldap:sas) causes the SAS server to send credentials for users who log on as the following:
- When a user logs on as anything@'my domain', authentication is provided by the operating system authentication system
- When a user logs on as anything@sas, authentication is provided by LDAP