SAS 9.1.3 Integration Technologies » Administrator's Guide (LDAP Version)


Using the Integration Technologies (IT) Administrator
Requirements
Installation and Startup
How It Works
About the IT Administrator Interface
Directory Information
Adding Objects
Modifying Objects
Deleting Objects
Searching for Objects
Reloading Information
Getting Started

IT Administrator: How it Works

The Integration Technologies Administrator allows a user with administration privileges to create, modify, and delete objects on an LDAP server. The objects that the administrator can manage are grouped into five categories:

Publish Framework
Publish channels and subscribers, including subscriber groups
SAS Configuration
SAS servers, spawners, and SAS logins
SAS Archiving
Archives and archive paths
Applications
Stored SAS processes and stored process paths
SAS Data Sources
Identifiers for SAS libraries, tables, and columns, which can then be used by clients

To better understand the objects that the Administrator creates as well as the relationships between the objects, let's look at the structure of the LDAP directory.

LDAP Overview

The Lightweight Directory Access Protocol (LDAP) was created to help manage network data such as users, resources, and security from a central location.

Conceptually, an LDAP server maintains a hierarchy of objects. An object is made up of name/value pairs called attributes. An object is based on a class, which defines which attributes are required for the object, and which are optional. The set of defined classes and their attributes is called the Directory Schema.

The layout of the classes is called the Directory Information Tree (DIT). Beginning from the top of the tree, the path to each class in the tree is called its distinguished name. Each distinguished name in the tree is unique. Distinguished names are defined from the lower element up to the root, which is typically a country (c), followed by an organization (o).

In the tree below, the root of the tree is o=SAS Institute, c=US.

The distinguished name for the ABC Toys entry is cn=ABC Toys, o=SAS Institute, c=US.

c=US
  o=SAS Institute (the base)
    cn=ABC Toys
      cn=SAS
         sascomponent=sasPublishSubscribe
           cn=saschannels
           cn=sassubscribers 
         sascomponent=sasServer
           cn=sasservers
           cn=sasspawners
           cn=saslogins
         sascomponent=Archiving
           cn=sasarchivepaths

The cn= entries under the sascomponent= entries are the objects that the Administrator defines. Under the cn=sassubscribers entry will be a number of sassubscribercn objects, each of which defines a specific SAS subscriber or subscriber group. Likewise, a number of sasservercn objects will be defined under the cn=sasservers entry, each defining a specific SAS server. For example:

LDAP directory structure

Publish Framework objects

Selecting Publish Framework in the Integration Technologies Administrator gives you access to the LDAP definitions for

  • channels (saschannelcn objects)
  • subscribers (sassubscribercn objects)

Channels

The channel definition lets you specify a channel, which is a conduit for sending information from a publisher to all users subscribed to the channel. In addition to specifying descriptive information (such as name, description, and subject), you can also add subscribers to the channel. The subscribers you add must have entries in the LDAP directory.

You can create archive paths underneath a channel definition for use by that channel. The definitions for archive path and any archives contained in the path are displayed under the channel in the tree. See SAS Archiving objects for more information.

Subscribers

The subscriber definition lets you specify information for a subscriber, which is any recipient of information published to a channel. Each subscriber definition must point back to a person reference in the LDAP directory. In addition to identifying the person reference for the subscriber, you can also specify a number of options for the subscriber, including where the user receives information, what format to use when sending information, and what filters to apply to the information.

SAS Configuration objects

Selecting SAS Configuration in the Administrator lets you create and modify LDAP definitions for

  • servers
  • spawners
  • SAS logins

Creation of server and spawner definitions is automated through the Integration Technologies Server Wizard. The Wizard guides you through the process of defining a COM/DCOM or IOM Bridge server and spawner, if one is required.

Server definitions are grouped according to their purpose under a series of logical names. For example, you could use a logical name of Payroll to group all the servers that could be used for payroll operations. Because a single server can be used for more than one purpose, each server definition can be associated with several logical names.

The spawner definitions also use logical names, but their function is to determine which servers the spawner can connect to. When a request is sent to a spawner to start a SAS session on a server, the spawner checks the server definitions to find one that has logical names that are a subset of the spawner's.

For example, if the definition for spawnerABC includes the logical names Payroll, Accounting and Finance, that spawner could start any of these servers:

  • server1 - logical name Payroll
  • server2 - logical name Accounting
  • server3 - logical name Payroll, Finance

However, it could not start this server:

  • server4 - logical name Inventory

Servers

The Administrator creates the server definitions through the Wizard, then lets you modify the definitions as needed through the properties panel. The server definition includes:

Domain
The server's domain. In order for a spawner to work with the server, the spawner must be defined for the same domain (in addition to having matching logical names).
Protocol
IOM Bridge or COM/DCOM protocols, as well applicable service or port IDs.
Logical name
All logical names under which this server can operate.
Machines
All machines on which the server can run.
Encryption
Client and server algorithms, what content to encrypt
SAS logins
The SAS logins available to start a SAS session.
Commands
The command to start the SAS session on the server.
Maximum workspaces per pool
The maximum number of workspaces that will be available for any workspace pool that is established with the server.

Spawners

When a server definition requires that a spawner also be defined, the Wizard automatically goes through the spawner definition process. As with the server definitions, you can then modify the definitions as needed through the properties panel. The spawner definition includes:

Domain
The spawner's domain. In order for a spawner to work with the server, the spawner must be defined for the same domain (in addition to having matching logical names).
Protocol
IOM Bridge or COM/DCOM protocols, as well applicable service or port IDs.
Logical name
All logical names under which this spawner can operate.
Connection information
Service, port and passwords for master, operator, and UUID connections
Machines
All machines on which the spawner can run.
Encryption
The modules path and key length for encryption
Logging
The path to the log file and whether to use verbose logging
OS/390
The z/OS logical unit name

SAS Logins

A SAS login may need to be available in order to start a SAS session on a server or to connect to a client. Each SAS login definition contains a user name, password, and domain, as well as a pointer to the user's person reference entry in the LDAP directory.

SAS logins may be used to provide credentials when creating a client connection. Whether or not SAS logins are required depends on the method calls used to start the server or create the connection. If the method calls request a logical name, SAS logins are required. Otherwise, SAS logins are not required, but if you do not use them, you must track and specify the user credentials manually.

The SAS login definition includes:

Person reference
The person reference entry in the LDAP directory for the user. The person reference entry is created outside of the Administrator application
User
The user ID
Password
The user's password
Domain
The domain on which the user ID is valid.
Logical name
The logical name of the SAS server with which this login is associated (used only with workspace pooling).
Min workspace size
The number of workspaces currently serving or waiting to service a request (used only with workspace pooling).
Min available workspaces
The number of workspaces waiting to service a request (used only with workspace pooling).

SAS Archiving objects

Selecting SAS Archiving in the Administrator lets you create and modify LDAP definitions for archive paths. Archives are stored copies of packages that have been published using SAS Publish and Subscribe. Archive paths and archives are also present in Publish Framework under individual channels. Archive paths created under individual channels are for use by that channel exclusively.

Archive Paths

The archive path contains the location where a server can publish an archive package. The archive path definition includes:

Archive path
The full path name for the location to which archives are to be published.
Logical name
The logical name for the path, used to identify valid publishing paths.

Archives

Because the archives are created outside of the Administrator, their LDAP information cannot be modified. However, you can view this information:

Creation date
The date the archive package was created
Channel
The channel to which the package was published. The channel is only present if the archive object is under an individual channel.

Stored Process objects

Selecting Applications in the Administrator lets you create and modify LDAP definitions for stored processes and stored process paths. A stored process is a SAS program that is saved (in a stored process path) and can be executed at a later time by an Integration Technologies user or application.

Stored Process Paths

The stored process path defines the location where stored processes are kept. The stored process path definition includes:

Stored process path
The full path name for the location where stored processes are kept.
Logical names
All logical names associated with the path.

Stored Processes

The stored process definitions provide information about saved SAS programs. The stored process definition includes:

Description
An identifying description of the process
Stored process value
The name of the stored SAS program
Portal JSP
The Java stored page (JSP) from which a user or application can access the program.
Parameters
Sets of parameters that are passed to the SAS program upon execution

Data Source Objects

Selecting SAS Data Sources in the Manager Bar lets you create and modify LDAP definitions for library, table, and column data source definitions. A data source is a SAS library, table, or column that is identified by an LDAP entry. Client applications can use the LDAP entry to locate the data source and access the information in the source.

Libraries

The library definition contains information to create a SAS LIBREF statement for the library, including the name, libref, path, and options. You can associate one or more logical names with the data source to identify the server on which the library resides.

Tables

The table definition contains information required to identify a SAS table, including the name, the distinguished name of the library containing the table, and any password protections needed for the table. As with the library definition, you can associate a table definition with a logical name to identify the location of the table.

Columns

The table definition contains the information required to identify a column in a table. You must have already identified the parent table as a data source before you can identify a column. The information required for a column definition includes the column name, type, and length, as well as any formats or informats applied to the column.