Problem Note 45139: Unable to connect to the SAS® Metadata Server when using direct authentication to a load-balanced LDAP server using SSL
 |  |  |  |  |
If the SAS® Metadata Server is configured for direct authentication to a Lightweight Directory Access Protocol (LDAP) over Secure Sockets Layer (SSL), and the LDAPS server is configured for load–balancing, you might receive the following errors when attempting to log into the SAS Metadata Server:
In this scenario, the value of the LDAP_HOST in the SAS Metadata Server's configuration references the LDAP server load balancer. When an authentication request is sent to this load–balancing server, it forwards the request to one of the LDAP servers in the cluster. This "real" LDAP server answers with its own certificate, which contains references to its own server name.
The errors occur because the SAS Metadata Server compares the host name in the certficate with the name of the host defined in the LDAP_HOST configuration option and the values do not match.
Click the Hot Fix tab in this note to access the hot fix for this issue.
NOTE: In addtion to installing the hot fix, you must also create the NOSSLNAMECHECK environment variable to prevent the errors. You can create the environment variable by adding the following command to your sasv9.cfg file:
Another option, if you are launching SAS® from a script, is to define the environment variable in the script prior to the SAS command:
Operating System and Release Information
| Product Family | Product | System | Product Release | SAS Release | ||
| Reported | Fixed* | Reported | Fixed* | |||
| SAS System | SAS Metadata Server | z/OS | 9.3 | 9.3_M1 | 9.3 TS1M0 | 9.3 TS1M2 |
| Microsoft® Windows® for x64 | 9.3 | 9.3_M1 | 9.3 TS1M0 | 9.3 TS1M2 | ||
| Microsoft Windows Server 2003 Datacenter Edition | 9.3 | 9.3_M1 | 9.3 TS1M0 | 9.3 TS1M2 | ||
| Microsoft Windows Server 2003 Enterprise Edition | 9.3 | 9.3_M1 | 9.3 TS1M0 | 9.3 TS1M2 | ||
| Microsoft Windows Server 2003 Standard Edition | 9.3 | 9.3_M1 | 9.3 TS1M0 | 9.3 TS1M2 | ||
| Microsoft Windows Server 2003 for x64 | 9.3 | 9.3_M1 | 9.3 TS1M0 | 9.3 TS1M2 | ||
| Microsoft Windows Server 2008 | 9.3 | 9.3_M1 | 9.3 TS1M0 | 9.3 TS1M2 | ||
| Microsoft Windows Server 2008 for x64 | 9.3 | 9.3_M1 | 9.3 TS1M0 | 9.3 TS1M2 | ||
| Microsoft Windows XP Professional | 9.3 | 9.3_M1 | 9.3 TS1M0 | 9.3 TS1M2 | ||
| Windows 7 Enterprise 32 bit | 9.3 | 9.3_M1 | 9.3 TS1M0 | 9.3 TS1M2 | ||
| Windows 7 Enterprise x64 | 9.3 | 9.3_M1 | 9.3 TS1M0 | 9.3 TS1M2 | ||
| Windows 7 Home Premium 32 bit | 9.3 | 9.3_M1 | 9.3 TS1M0 | 9.3 TS1M2 | ||
| Windows 7 Home Premium x64 | 9.3 | 9.3_M1 | 9.3 TS1M0 | 9.3 TS1M2 | ||
| Windows 7 Professional 32 bit | 9.3 | 9.3_M1 | 9.3 TS1M0 | 9.3 TS1M2 | ||
| Windows 7 Professional x64 | 9.3 | 9.3_M1 | 9.3 TS1M0 | 9.3 TS1M2 | ||
| Windows 7 Ultimate 32 bit | 9.3 | 9.3_M1 | 9.3 TS1M0 | 9.3 TS1M2 | ||
| Windows 7 Ultimate x64 | 9.3 | 9.3_M1 | 9.3 TS1M0 | 9.3 TS1M2 | ||
| Windows Vista | 9.3 | 9.3_M1 | 9.3 TS1M0 | 9.3 TS1M2 | ||
| Windows Vista for x64 | 9.3 | 9.3_M1 | 9.3 TS1M0 | 9.3 TS1M2 | ||
| 64-bit Enabled AIX | 9.3 | 9.3_M1 | 9.3 TS1M0 | 9.3 TS1M2 | ||
| 64-bit Enabled HP-UX | 9.3 | 9.3_M1 | 9.3 TS1M0 | 9.3 TS1M2 | ||
| 64-bit Enabled Solaris | 9.3 | 9.3_M1 | 9.3 TS1M0 | 9.3 TS1M2 | ||
| HP-UX IPF | 9.3 | 9.3_M1 | 9.3 TS1M0 | 9.3 TS1M2 | ||
| Linux | 9.3 | 9.3_M1 | 9.3 TS1M0 | 9.3 TS1M2 | ||
| Linux for x64 | 9.3 | 9.3_M1 | 9.3 TS1M0 | 9.3 TS1M2 | ||
| Solaris for x64 | 9.3 | 9.3_M1 | 9.3 TS1M0 | 9.3 TS1M2 | ||
A fix for this issue for SAS Threaded Kernel Core Routines 9.3_M1 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/G01.html#45139| Type: | Problem Note |
| Priority: | high |
| Topic: | System Administration ==> Communication System Administration ==> Security ==> Authentication System Administration ==> Security ==> Identity Management System Administration ==> Servers ==> Metadata Third Party ==> Products ==> LDAP |
| Date Modified: | 2012-03-28 09:55:07 |
| Date Created: | 2011-12-14 10:44:17 |