Configuring the Server

After you install the LDAP directory server, you must change the configuration so that SAS software can use the server correctly. The steps for performing this configuration are as follows:

Locate the LDAP configuration files in your IT Administrator directory.
Copy the appropriate LDAP configuration file(s) into your server configuration directory.
Take the necessary steps to identify the configuration files to the server.
Restart the server.
Locate and edit the file named containers.ldif.
Make sure that the directory contains an entry representing your suffix.
Add or import the containers to the directory.
Check the success of the import or add procedure.
Set the access control on the directory.
Set up indexes on the LDAP server.
Set the server limits to improve search performance.

The detailed procedures for performing these steps are as follows:

Locate the LDAP configuration files in the directory where Integration Technologies (IT) Administrator was installed. You will find the files in admin_loc\ldap, where admin_loc is the drive and directory where IT Administrator is installed. The default location is C:\itadmin\ldap.

The LDAP configuration files define the attributes and object classes that are used by SAS Integration Technologies and other related SAS software.

The files are as follows:

nsslapd.sas_at.conf

contains the attribute schema data for a Netscape Directory Server.

nsslapd.sas_oc.conf

contains the object class schema data for a Netscape Directory Server.

slapd.sas_at.conf

contains the attribute schema data for an OpenLDAP directory server.

slapd.sas_oc.conf

contains the object class schema data for an OpenLDAP directory server.

V3.sas.oc

contains the the schema data for an IBM SecureWay V3 server.

msadClassesAttrs.ldif

contains the the schema data for a Microsoft Active Directory server.

containers.ldif

creates the containers for SAS application data.
Depending on which server software you are using, copy the appropriate LDAP configuration file(s) into your server configuration directory.
- For a Netscape Directory Server, copy nsslapd.sas_at.conf and nsslapd.sas_oc.conf into the server's configuration directory. As a default, the configuration directory is in the following path: drive:\netscape\server4\slapd-instance\config
- For an OpenLDAP directory server, copy slapd.sas_at.conf and slapd.sas_oc.conf into the server's configuration directory.
- For an IBM SecureWay V3 server, copy V3.sas.oc into the server's configuration directory.
- If you are using Microsoft Active Directory, refer to Installing the LDAP Schema for Microsoft Active Directory for instructions on loading the msadClassesAttrs.ldif schema file.
Take the necessary steps to identify the configuration files to the server. Generally, this is performed by placing include statements in the server's configuration file. Check the documentation for your server to verify the procedure.

For a Netscape Directory Server, the procedure is as follows:
1. Use a text editor to open the slapd.conf file.
2. Search for an include directive at the beginning of a line.
3. After the last existing include, add a new include directive that contains the full path of the new nsslapd.sas_at.conf file. The new line should have the same syntax as the line above it.
4. Add another include directive for the file nsslapd.sas_oc.conf.
  
  The new lines should be similar to the following examples:
```
include "c:/netscape/suitespot/slapd-D1354/config/nsslapd.sas_at.conf"
include "c:/netscape/suitespot/slapd-D1354/config/nsslapd.sas_oc.conf"
```
Restart the server so that the server reads the new configuration information.

For a Netscape Directory Server, the procedure is as follows:
1. Start the directory console. To start the console from a Windows/NT desktop, select Start Programs Netscape Server Products Netscape Console.
2. Restart the server from the console.
Locate and edit the file named containers.ldif. This file contains the entries that SAS expects to find when it starts using the directory server.

Edit containers.ldif to replace each instance of $SAS_CONTEXT$ with the correct LDAP suffix for your installation. Place this suffix everywhere that $SAS_CONTEXT$ appears. For example, if your suffix is o=ACE Industries, c=US, you would edit the first line of containers.ldif to read as follows: dn: cn=SAS,o=ACE Industries,c=US.

Alternatively, you can put the $SAS_CONTEXT$ entry lower in the directory tree. However, if you put it below the root, you must be sure that all entries between the root and the suffix are in place in the directory tree. For example, if the SAS tree starts at ou=Finance,o=Alpine Airways,c=US and the database suffix is o=Alpine Airways,c=US, then the organizational unit entry for ou=Finance,o=Alpine Airways,c=US must be in the directory before you import the SAS containers.
Make sure that the directory contains an entry representing the suffix that you specified in the containers.ldif file. For example, if your suffix is o=ACE Industries, c=US, make sure the directory includes the entry dn: o=ACE Industries,c=US.

If your database is completely empty, then you must create the root object, which is usually an organization object class. An example of a simple organization entry is
```
   dn: o=Alpine Airways,c=US
   objectclass: organization
   o: Ace Industries
```
Either use the command
```
 ldapmodify -a -D manager DN -w manager password
```
to insert the root object entry into the directory, or add the command to the containers.ldif file.
After you edit the containers.ldif file, use the ldapadd command to add the containers to the directory. Use a bind DN that has the appropriate permissions.

If you are using Netscape Directory Server, you can import the containers.ldif file using the following procedure:
1. Start the console.
2. Open the Directory Server.
3. Select the Configuration tab in the Directory Server window.
4. Select the database icon.
5. Select Import from the console menu.
6. Enter the path for the containers.ldif file.
7. Select Append to Database in order to import the file.
Check the success of the import or ldapadd procedure by noting the number of rejected entries. If more than one or two entries are rejected, check the two most likely reasons:
- The schema was not updated correctly.
- The parent entry of the first container was not created.
See the previous step for information about creating the parent entry.
Set the access control on the directory. The installation process may have created some default access control lists (ACLs). Normally, the installation process will create an ACL called "anonymous access" that allows anonymous users to search the data in the directory. Until you understand access control, modify this value to allow all access.

Although this is not a permanent solution, it lets you operate until you can create users and groups and can define ACLs that give those groups appropriate access to the data.

For more information about LDAP access control, refer to Adding Person Entries to the Directory and LDAP Configuration Access Control Overview.

Set up indexes on the LDAP server. These indexes will improve the performance of SAS with the server. Consult the documentation for your server for information on creating the indexes.

Create these indexes:

Attribute	Index Type
sasInterface	eq, pres
sasKeyword	eq, pres
sasSubscriberName	eq, pres
sasSubscriberGroupDn	eq, pres
sasDomainName	eq, pres
sasLogicalName	eq, pres
sasReferenceDn	eq, pres
sasPersonDn	eq, pres
sasPortalSubwindows	Sub
sasSubscriberCn	eq, pres

Set the server limits to improve search performance. Using the directory console software, set the look-through limit, size limit, and time limit to -1 (minus 1). This value disables all three limits, and permits searches against the LDAP directory to return accurate results.

The server is now ready for use by SAS software.