SPD Server Lightweight Directory Access Protocol (LDAP) Authentication

In SPD Server 4.5, clients can be authenticated by psmgr or by an LDAP server that is running on the SPD Server host. LDAP authentication integrates with the SPD Server password facility and offers a centralized approach to user ID and password management. SPD Server clients that use LDAP authentication should have user accounts in the domain in which the LDAP and SPD servers are running. The user ID and password information must be stored on an LDAP server that the SPD Server can access. The user ID must also be entered into the SPD Server's password database through psmgr or the SAS Management Console utility to record all other SPD Server user information.
When a client uses LDAP authentication to connect to an SPD Server, the LDAP server that is configured in the SPD Server's parameter file does the authentication. After the client is verified, SPD Server uses the client's password database record for all other SPD Server operations.
To set up LDAP authentication, the following parameters must be added to the SPD Server's spdsserv.parm file:
Parameters for the spdsserv.parm File
Parameter
Description
Values
Default Setting
(NO)LDAP:
directs user authentication
to LDAP Server
LDAP/NOLDAP
NOLDAP
LDAPSERVER:
LDAP Server IP address
a valid IP address
LOCAL_HOST
LDAPPORT:
LDAP Server port number
0-65536
LDAP_PORT
LDAPBINDDN:
LDAP bind distinguished name
char string
Null
The LDAP parameter turns on LDAP authentication. If the LDAP parameter is found during start-up, the SPD Server creates a context for LDAP authentication.
The LDAPSERVER parameter specifies a valid network IP address, or the host machine for the LDAP server. This is usually the same address as the IP address of the SPD Server host. The default value for LDAPSERVER is the IP address of the SPD Server host.
The LDAPPORT parameter specifies the TCP/IP port that is used to communicate with the LDAP server. This is usually the default LOCAL_HOST or port 389.
The LDAPBINDDN parameter is the "Distinguished Name" (DN), or the location in the LDAP Server's database where the client's information is stored. The form of this string is
"ID= , rdn1=RDN1, rdn2=RDN2, ...". 
ID is the identifier for the relative distinguished name of a user ID that exists in the LDAP server database. The default value of the DN is the following:
"uid= , dc=DOM1, dc=DOM2, dc=DOM3".
If no distinguished name is specified in the spdsserv.parm file, SPD Server uses the LDAP server host's domain name to generate values for DOM1, DOM2, and DOM3. The SPD Server user ID becomes the value for uid. The resulting value becomes the default user location for LDAP database members.
For example, suppose the LDAP host machine is sunhost.unx.sun.com and the user ID is sunjws. The resulting default distinguished name would be
"uid=sunjws, dc=unx, dc=sun, dc=com". 
The distinguished name is used to locate the user sunjws. Then, the sunjws user password is compared to the password that is stored in the LDAP database. If there is a specific location for SPD Server users in your LDAP database, be sure to specify it using LDAPBINDDN.
For more information about LDAP parameters for your spdsserv.parm file, see the LDAP server administrator at your site. To use the default value for any LDAP parameter, omit it from the spdsserv.parm file. Undeclared parameters automatically assume default values.
Note: Entering the LDAP_HOST value for LDAPSERVER causes SPD Server to fail during start-up.