SAS Environment Manager for SAS Viya might return a message similar to the following when you view the properties of an LDAP group:
Members
An error occurred loading the members list.
exception:
org.springframework.ldap.InvalidNameException
Caused by: javax.naming.InvalidNameException:
Invalid Name: <userID>
correlator: 9faabfa-519f-4a32-a1c0-b7092b53fbc4
path: /identities/groups/<LDAP-group-name>/members
You might also encounter the following symptoms:
- the members property for a group shows ► Members(0)
- the memberOf property for a user shows ► Member Of(0)
This error occurs when the LDAP attribute value that is named in the sas.identities.providers.ldap.group/member property is one of the following:
- a relative distinguished name (RDN)
- a user ID
The Identities service requires that the LDAP attribute value be a fully qualified distinguished name (DN) value.
For example, the error would occur in the following scenario:
You set the sas.identities.providers.ldap.group/member property value to memberUid. With this setting, your LDAP group members are identified by the memberUid attribute:
dn: cn=LDAPNonAdminGroup,ou=groups,dc=example,dc=com
objectClass: posixGroup
objectClass: top
cn: LDAPNonAdminGroup
gidNumber: 50000
memberUid: user1
memberUid: user2
memberUid: user3
To work around this issue, modify the LDAP data so that the member property value and the memberOf property value contain a fully qualified DN rather than an RDN. Most LDAP providers (Active Directory, OpenLDAP, and so on) provide schemas to use a fully qualified DN.
Click the Hot Fix tab in this note for a link to instructions about accessing and applying the software update.
Verify That the Update Is Installed
It is important that you now verify that the fix is installed. To do so, run the following rpm command:
rpm -q sas-identities
To complete this process, make sure that the package version that is shown in the rpm output either matches or is newer than the following:
sas-identities-2.13.21-20180308.1520533992174.x86_64
Additional Steps
After the update is installed, the identities service supports a non-distinguished name value for the member and memberOf properties. You must perform the following additional steps after installing the update:
- Set the sas.identities.providers.ldap.group/member property value to the attribute that identifies the members of the group, such as memberUid.
- Set the sas.identities.providers.ldap.group/memberOf property value to none.
- Set the sas.identities.providers.ldap.user/memberOf property to a value of none.
Additional Assistance
If you need additional assistance, contact SAS Technical Support.
Operating System and Release Information
SAS System | SAS Viya | Linux for x64 | 3.2 | 3.4 | | Viya |
*
For software releases that are not yet generally available, the Fixed
Release is the software release in which the problem is planned to be
fixed.