SPD Server Lightweight Directory Access Protocol (LDAP) Authentication

In SPD Server 4.5, clients can be authenticated by psmgr or by an LDAP server that is running on the SPD Server host. LDAP authentication integrates with the SPD Server password facility and offers a centralized approach to user ID and password management. SPD Server clients that use LDAP authentication should have user accounts in the domain in which the LDAP and SPD servers are running. The user ID and password information must be stored on an LDAP server that the SPD Server can access. The user ID must be entered into the SPD Server's password database through psmgr or the SAS Management Console utility so that all other SPD Server user information is recorded.
When a client uses LDAP authentication to connect to an SPD Server, the LDAP server that is configured in the SPD Server's parameter file does the authentication. After the client is verified, SPD Server uses the client's password database record for all other SPD Server operations.
To set up LDAP authentication, add the following parameters to the SPD Server's spdsserv.parm file:
(NO)LDAP
turns on LDAP authentication. If the LDAP parameter is found during start-up, the SPD Server creates a context for LDAP authentication. The default setting is NOLDAP.
LDAPSERVER
specifies a valid IP address, or the host machine for the LDAP server. This address is usually the same as the IP address of the SPD Server host. The default value is the IP address of the SPD Server host.
Note: If you use the LDAP_HOST value for LDAPSERVER, SPD Server might fail during start-up.
LDAPPORT
specifies the TCP/IP port that is used to communicate with the LDAP server. This value is usually the default LOCAL_HOST value or port 389. Valid values are in the range 0-65536. The default setting is the LDAP_PORT value.
LDAPBINDDN
the distinguished name (DN), or the location in the LDAP Server’s database where the client’s information is stored. LDAPBINDDN is a Lightweight Directory Access Protocol term. LDAPBINDDN is the combination of the user name and the network domain in which they operate. The form of this string is "ID= , rdn1=RDN1, rdn2=RDN2, ...", where ID is the identifier of the relative distinguished name (RDN) of a user ID that exists in the LDAP server database. The default value of the DN is "uid= , dc=DOM1, dc=DOM2, dc=DOM3", and the default value of the LDAPBINDDN parameter is null.
If no distinguished name is specified in the spdsserv.parm file, SPD Server uses the LDAP server host's domain name to generate values for DOM1, DOM2, and DOM3. The SPD Server user ID becomes the value for uid. The resulting value becomes the default user location for LDAP database members.
For example, suppose the LDAP host machine is sunhost.unx.sun.com and the user ID is sunjws. The resulting default distinguished name is "uid=sunjws, dc=unx, dc=sun, dc=com"., The distinguished name is used to locate the user sunjws. Then the sunjws user password is compared to the password that is stored in the LDAP database. If SPD Server users are located in a specific location in your LDAP database, be sure to specify it using LDAPBINDDN.
See the LDAP server administrator at your site if you need more information about LDAP parameters for your spdsserv.parm file. To use the default value for any LDAP parameter, omit the parameter specification from the spdsserv.parm file. Undeclared parameters automatically assume default values.