Installing LDAP Schema for Sun One, Netscape, and SecureWay
After you install the LDAP directory server, you must change the configuration
so that SAS software can use the server correctly. The steps for performing this configuration are as follows:
- Locate the LDAP configuration files in your IT Administrator directory.
- Copy the appropriate LDAP configuration file(s) into your server configuration directory.
- Take the necessary steps to identify the configuration files to the server.
- Restart the server.
- Locate and edit the file named containers.ldif.
- Make sure that the directory contains an entry representing your suffix.
- Add or import the containers to the directory.
- Check the success of the import or add procedure.
- Set the access control on the directory.
- Set up indexes on the LDAP server.
- Set the server limits to improve search performance.
The detailed procedures for performing these steps are as follows:
Locate the LDAP configuration files in the directory where Integration Technologies (IT) Administrator was installed. You will find the files in admin_loc\ldap, where admin_loc
is the drive and directory where IT Administrator is installed. The default location is C:\itadmin\ldap.
The LDAP configuration files define the attributes and object classes that are used by SAS Integration Technologies and other related SAS software.
The files are as follows:
- contains the schema data for Sun ONE Directory Server 5.1
- contains the attribute schema data for Netscape Directory Server 4
- contains the object class schema data for Netscape Directory Server 4
- contains the attribute schema data for an OpenLDAP directory server.
- contains the object class schema data for an OpenLDAP directory server.
- contains the schema data for an IBM SecureWay V3 server.
- contains the schema data for a Microsoft Active Directory server.
- creates the containers for SAS application data.
Depending on which server software you are using, copy the appropriate LDAP configuration file(s) into your server configuration directory.
For Sun ONE Directory Server 5.1, copy 75sas.ldif to the server's schema directory. As a default, the schema directory is in the following path: slapd-localhost\config\schema.
For Netscape Directory Server 4, copy nsslapd.sas_at.conf and nsslapd.sas_oc.conf into the server's configuration directory. As a default, the configuration directory is in the following path: drive:\netscape\server4\slapd-instance\config
For an OpenLDAP directory server, copy slapd.sas_at.conf and slapd.sas_oc.conf into the server's configuration directory.
- For an IBM SecureWay V3 server, copy V3.sas.oc into the server's configuration directory.
If you are using Microsoft Active Directory, refer to Installing the LDAP Schema for Microsoft Active Directory for instructions on loading the msadClassesAttrs.ldif schema file.
Take the necessary steps to identify the configuration files to the server. Generally, this is performed by placing
include statements in the server's configuration file. Check the documentation for your server to verify
For Netscape Directory Server 4, the procedure is as follows:
Use a text editor to open the slapd.conf file.
Search for an
include directive at
the beginning of a line.
After the last existing
include, add a new
include directive that contains the full path of the new nsslapd.sas_at.conf file. The new line should have the same syntax as the line above it.
include directive for the file nsslapd.sas_oc.conf.
The new lines should be similar to the following examples:
Note: This procedure is not necessary for Sun ONE Directory Server 5.1.
Restart the server so that the server reads the new configuration information.
For a Sun ONE Directory Server or a Netscape Directory Server, the procedure is as follows:
Start the directory console. To start the console from a Windows/NT desktop, select Start Programs Netscape Server Products Netscape Console.
Restart the server from the console.
Locate and edit the file named containers.ldif. This file contains the entries that SAS expects to find when it starts using the directory server.
Edit containers.ldif to replace each instance of $SAS_CONTEXT$ with the correct LDAP suffix for your installation. Place this suffix everywhere that $SAS_CONTEXT$ appears. For example, if your suffix is
o=ACE Industries, c=US, you would edit the first line of containers.ldif to read as follows:
dn: cn=SAS,o=ACE Industries,c=US.
Alternatively, you can put the $SAS_CONTEXT$ entry lower in the directory tree. However, if you put it below the root, you must be sure that all entries between the root and the suffix are in place in the directory tree. For example, if the SAS tree starts at
ou=Finance,o=Alphalite Airways,c=US and the database suffix is
o=Alphalite Airways,c=US, then the organizational unit entry for
ou=Finance,o=Alphalite Airways,c=US must be in the directory before you import the SAS containers.
Make sure that the directory contains an entry representing the suffix that you specified in the containers.ldif file. For example, if your suffix is o=ACE Industries, c=US, make sure the directory includes the entry
dn: o=ACE Industries,c=US.
If your database is completely empty, then you must create the root object, which is usually an organization object class. An example of a simple organization entry
dn: o=Alphalite Airways,c=US
o: Ace Industries
Either use the command
ldapmodify -a -D manager DN -w manager password
to insert the root object entry into the directory,
or add the command to the containers.ldif file.
After you edit the containers.ldif file, use the
ldapadd command to add the containers to the directory. Use a bind DN that has the appropriate permissions.
If you are using Sun ONE Directory Server or Netscape Directory Server, you can import the containers.ldif file using the following procedure:
- Start the console.
- Open the Directory Server.
- Select the Configuration tab in the Directory Server window.
- Select the database icon.
- Select Import from the console menu.
- Enter the path for the containers.ldif file.
- Select Append to Database in order to import the file.
Check the success of the import or ldapadd procedure by noting the number of rejected entries. If more than one or two entries are rejected, check the two most likely reasons:
- The schema was not updated correctly.
- The parent entry of the first container was not created.
See the previous step for information about creating the parent entry.
Set the access control on the directory. The installation process may have
created some default access control lists (ACLs). Normally, the installation
process will create an ACL called "anonymous access" that allows anonymous
users to search the data in the directory. Until you understand access control,
modify this value to allow all access.
Although this is not a permanent solution, it lets you operate until
you can create users and groups and can define ACLs that give those groups appropriate access to the data.
For more information about LDAP access control, refer to Adding Person Entries to the Directory and LDAP Configuration Access Control Overview.
Set up indexes on the LDAP server. These indexes will improve the
performance of SAS with the server. Consult the documentation for your
server for information on creating the indexes.
Create these indexes:
Set the server limits to improve search performance. Using the directory
console software, set the look-through limit, size limit, and
time limit to -1 (minus 1). This value disables all three limits, and
permits searches against the LDAP directory to return accurate results.
The server is now ready for use by SAS software.