LDAP – platformadmin.com

I recently installed a local copy of SAS Viya 4 (2021.1.2) in our Kubernetes lab environment and was trying to configure it to work with a test AD server, Windows 2012 R2. The AD server had been configured to only allow TLS (LDAPS) connections and so after the initial installation of SAS Viya I configured the SAS Identities service to use LDAPS, as explained in the SAS documentation.

Unfortunately it didn’t work at first. I was getting errors that turned out to be a TLS cipher mismatch between the client (SAS Identities service) and the server (Windows 2012 R2 AD). I was able to fix it using two methods:

Re-enabling LDAP connections to AD and switching back from LDAPS to LDAP connections for the SAS Identities service (not preferred)
Tweaking the configuration of the SAS Identities service to support a cipher that worked with Windows 2012 R2 AD (preferred)

Of course I could have also upgraded AD from Windows 2012 R2 to a more recent version, but that is a project for another day as I still want to continue working with the older version for the time being.

For future reference, and in case it helps anybody else, here are my notes Continue reading “SAS Viya 4 (2021.1.2) with LDAPS to Windows 2012 R2”

A while back I worked with a client to implement Active Directory (AD) integration for a number of Solaris containers that made up their SAS platform. The main benefit of this was to allow all of the SAS users to use their Windows (Active Directory) credentials, the same ones they use to log into their workstation in the morning, to get access to the SAS servers on the Solaris platform. This removed any requirement to manage local user accounts, across multiple Solaris containers, as they could all be managed in Active Directory by the people who usually manage accounts. It was not a trivial exercise – it required communication with several different groups, some changes to the AD server, population of UNIX attributes for users and groups in AD and configuration of the Solaris containers, however it was well worth the effort and I would definitely recommend it.

These were the main technical resources I found useful with implementation and troubleshooting:

The starting point was the Sun document Using Kerberos to Authenticate a Solaris™ 10 OS LDAP Client With Microsoft Active Directory at http://www.sun.com/bigadmin/features/articles/kerberos_s10.pdf.
Scott Lowe’s blog, particularly the Solaris 10-AD Integration, Version 3 post at http://blog.scottlowe.org/2007/04/25/solaris-10-ad-integration-version-3/, provided additional information. That article, the other articles it links to, and the comments on those articles all proved useful, either in their own right or as sources for additional keywords/phrases for Google searches.

I hope you find them useful too.

Tag: LDAP

SAS Viya 4 (2021.1.2) with LDAPS to Windows 2012 R2

Resources for Solaris and Active Directory Integration