https://communities.sas.com/t5/SAS-Programming/LDAP-query-memberof/m-p/928577#M365353 <P>If you haven't done so already then inspect the SAS supplied script&nbsp;<EM>importad.sas</EM>. This script contains a macro&nbsp;<EM>%ldapextrpersons</EM> that should give you pointers.</P> <P><A href="https://support.sas.com/kb/40/628.html" target="_self">Usage Note 40628: Automating the addition of users and groups to a SAS® Metadata Repository</A></P> <P>&nbsp;</P> <P>The importad.sas script should be available under:</P> <UL> <LI>Windows:&nbsp;SAS-installation-directory\SASFoundation\9.4\core\sample\importad.sas</LI> <LI>Unix:&nbsp;<SPAN class="xisDoc-directoryPath"><EM class="xisDoc-userSuppliedValue">SAS-installation-directory</EM>/SASFoundation/9.4/samples/base/importad.sas</SPAN><SPAN>&nbsp;</SPAN></LI> </UL> <P>&nbsp;</P> Thu, 16 May 2024 00:56:56 GMT Patrick 2024-05-16T00:56:56Z https://communities.sas.com/t5/SAS-Programming/LDAP-query-memberof/m-p/928573#M365351 <P>I trying to query company LDAP and extract users from a specific AD Group.&nbsp; &nbsp;I can query/filter on uid, department, etc.... but when trying to pull all users of a specific group, or any group, Suchas with memberof, example filter below,&nbsp; I get no results.</P> <P>Any suggestions/help?</P> <P>filter="(&amp;(memberOf=cn=myteam_AD_group,OU=groups,DC=com))";&nbsp;</P> <P>&nbsp;</P> <P>full code below...</P> <DIV>options mprint mlogic&nbsp; ;</DIV> <DIV>%let Attrs= "uid sn givenname groupMembershipSAM, grouppriority groupsToIgnore memberof " ||&nbsp;</DIV> <DIV>&nbsp; &nbsp; &nbsp; "acting comat comatstationid companycode cosspecifier " ||</DIV> <DIV>&nbsp; &nbsp; &nbsp; "costcenter countrycode createtimestamp dc " ||&nbsp;&nbsp;</DIV> <DIV><SPAN> &nbsp; "delegated departmentaltcontactname departmentcity " ||</SPAN></DIV> <DIV><SPAN> &nbsp; "departmentcomailaddress departmentcontactname departmentcostcenter " ||</SPAN></DIV> <DIV>&nbsp; &nbsp; &nbsp; "departmentcountry departmentdescription departmentdivision departmentkeywords " ||</DIV> <DIV>&nbsp; &nbsp; &nbsp; "departmentlongname departmentname departmentnumber departmentphone departmentpostal " ||</DIV> <DIV><SPAN> &nbsp; "displayname employeenumber employmentstatuscode employeetype employmenttypecode entrydn " ||</SPAN></DIV> <DIV><SPAN> &nbsp; "exemptnonexempt expatintlcomaddr fxdivision fxexecbcdraccess fxjobfamily fxjobfunctioncode " ||</SPAN></DIV> <DIV>&nbsp; &nbsp; &nbsp; "fxregion fxsoxstatus fxssomemberof givenName icscalendar inetCanonicalDomainName " ||</DIV> <DIV><SPAN> &nbsp; "inetDomainBaseDN inetDomainStatus inetMailGroupStatus inetUserStatus initials " ||</SPAN></DIV> <DIV><SPAN> &nbsp; "jobnumber mail mailAlternateAddress mailEquivalentAddress mailfxaccounttype mailfxhome " ||</SPAN></DIV> <DIV><SPAN> &nbsp; "mailHost mailRoutingHosts mailUserStatus managementlevel manager member " ||</SPAN></DIV> <DIV><SPAN> &nbsp; "memberOfManagedGroup memberOfPAB memberOfPABGroup modifytimestamp nickname " ||</SPAN></DIV> <DIV><SPAN> &nbsp; "nsCalXItemId nscpEntryDN nsds5ReplConflict nsLIProfileName " ||</SPAN></DIV> <DIV><SPAN> &nbsp; "nsUniqueId nswcalCALID ntGroupDomainId ntUserDomainId numsubordinates " ||</SPAN></DIV> <DIV><SPAN> &nbsp; "ou owner parentid pipstatus pipuid positionnumber postalcode " ||</SPAN></DIV> <DIV><SPAN> &nbsp; "postaladdress street isActive isActiveSpecified " ||</SPAN></DIV> <DIV><SPAN> &nbsp; "seeAlso sn telephoneNumber tempworklocation title uid un " ||</SPAN></DIV> <DIV><SPAN> &nbsp; "uniquemember vendortype workstate xuid"</SPAN></DIV> <DIV>;</DIV> <DIV>&nbsp;</DIV> <DIV>%put &amp;Attrs ;</DIV> <DIV>%put &amp;emp ;</DIV> <DIV>&nbsp;</DIV> <DIV>data rpt_output ;</DIV> <DIV>&nbsp; length entryname $200 attrName $100 value $100 filter $100;</DIV> <DIV>&nbsp;</DIV> <DIV>&nbsp; rc =0; handle =0;</DIV> <DIV>&nbsp; server="directory.company.com";</DIV> <DIV>&nbsp; port=389;</DIV> <DIV>&nbsp; base="ou=people,o=company,c=us";</DIV> <DIV>&nbsp; bindDN="";&nbsp; Pw="";</DIV> <DIV>&nbsp;</DIV> <DIV>&nbsp; /* open connection to LDAP server */</DIV> <DIV>&nbsp; call ldaps_open(handle, server, port, base, bindDn, Pw, rc);</DIV> <DIV>&nbsp; if rc ne 0 then do;</DIV> <DIV>&nbsp; &nbsp; &nbsp;msg = sysmsg();</DIV> <DIV>&nbsp; &nbsp; &nbsp;put msg;</DIV> <DIV>&nbsp; end;</DIV> <DIV>&nbsp; else</DIV> <DIV>&nbsp; &nbsp; &nbsp;put "LDAPS_OPEN call successful.";</DIV> <DIV>&nbsp;</DIV> <DIV>&nbsp; shandle=0;</DIV> <DIV>&nbsp; num=0;</DIV> <DIV>&nbsp;</DIV> <DIV>filter="(&amp;(objectCategory=user)(memberOf=myteam_AD_group,))";</DIV> <DIV>/* filter below works for individual employees */<BR />/*filter="(&amp;(uid=&amp;emp))";*/</DIV> <DIV>&nbsp; &nbsp;/* search the LDAP directory */</DIV> <DIV>&nbsp; call ldaps_search(handle,shandle,filter, attrs, num, rc);</DIV> <DIV>&nbsp; if rc ne 0 then do;</DIV> <DIV>&nbsp; &nbsp; &nbsp;msg = sysmsg();</DIV> <DIV>&nbsp; &nbsp; &nbsp;put msg;</DIV> <DIV>&nbsp; end;</DIV> <DIV>&nbsp; else do;</DIV> <DIV>&nbsp; &nbsp; &nbsp;put " ";</DIV> <DIV>&nbsp; &nbsp; &nbsp;put "LDAPS_SEARCH call successful.";</DIV> <DIV>&nbsp; &nbsp; &nbsp;put "Num entries returned is " num;</DIV> <DIV>&nbsp; &nbsp; &nbsp;put " ";</DIV> <DIV>&nbsp; end;</DIV> <DIV>&nbsp;</DIV> <DIV>&nbsp; do eIndex = 1 to num;</DIV> <DIV>&nbsp; &nbsp; numAttrs=0;</DIV> <DIV>&nbsp; &nbsp; entryname='';</DIV> <DIV>&nbsp; &nbsp; /* retrieve each entry name and number of attributes */</DIV> <DIV>&nbsp; &nbsp; call ldaps_entry(shandle, eIndex, entryname, numAttrs, rc);</DIV> <DIV>&nbsp; &nbsp; if rc ne 0 then do;</DIV> <DIV>&nbsp; &nbsp; &nbsp; &nbsp;msg = sysmsg();</DIV> <DIV>&nbsp; &nbsp; &nbsp; &nbsp;put msg;</DIV> <DIV>&nbsp; &nbsp; end;</DIV> <DIV>&nbsp; &nbsp; else do;</DIV> <DIV>&nbsp; &nbsp; &nbsp; &nbsp;put "&nbsp; ";</DIV> <DIV>&nbsp; &nbsp; &nbsp; &nbsp;put "LDAPS_ENTRY call successful.";</DIV> <DIV>&nbsp; &nbsp; &nbsp; &nbsp;put "Num attributes returned is " numAttrs;</DIV> <DIV>&nbsp; &nbsp; end;</DIV> <DIV>&nbsp; &nbsp; /* for each attribute, retrieve name and values */</DIV> <DIV>&nbsp; &nbsp; do aIndex = 1 to numAttrs;</DIV> <DIV>&nbsp; &nbsp; &nbsp; attrName='';</DIV> <DIV>&nbsp; &nbsp; &nbsp; numValues=0;</DIV> <DIV>&nbsp; &nbsp; &nbsp; call ldaps_attrName(shandle, eIndex, aIndex, attrName, numValues, rc);</DIV> <DIV>&nbsp; &nbsp; &nbsp; if rc ne 0 then do;</DIV> <DIV>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;msg = sysmsg();</DIV> <DIV>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;put msg;</DIV> <DIV>&nbsp; &nbsp; &nbsp; end;</DIV> <DIV>&nbsp; &nbsp; &nbsp;else do;</DIV> <DIV>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;put "&nbsp; ";</DIV> <DIV>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;put "Attribute name is " attrName;</DIV> <DIV>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;put "Num values returned is " numValues;</DIV> <DIV>&nbsp;</DIV> <DIV>&nbsp; &nbsp; &nbsp; end;</DIV> <DIV>&nbsp;</DIV> <DIV>&nbsp; &nbsp; &nbsp; do vIndex = 1 to numValues;</DIV> <DIV>&nbsp; &nbsp; &nbsp; &nbsp; call ldaps_attrValue(shandle, eIndex, aIndex, vIndex, value, rc);</DIV> <DIV>&nbsp; &nbsp; &nbsp; &nbsp; if rc ne 0 then do;</DIV> <DIV>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;msg = sysmsg();</DIV> <DIV>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;put msg;</DIV> <DIV>&nbsp; &nbsp; &nbsp; &nbsp; end;</DIV> <DIV><SPAN> &nbsp; &nbsp; else do;</SPAN></DIV> <DIV>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; put "Value : " value;</DIV> <DIV><SPAN> &nbsp; &nbsp; &nbsp; put "Attribute nbr is " numValues;</SPAN></DIV> <DIV>&nbsp; Output rpt_output;</DIV> <DIV>&nbsp; &nbsp; &nbsp; &nbsp; end;</DIV> <DIV>&nbsp; &nbsp; &nbsp; end;</DIV> <DIV>&nbsp; &nbsp; end;</DIV> <DIV>&nbsp; end;</DIV> <DIV>&nbsp;</DIV> <DIV>&nbsp; /* free search resources */</DIV> <DIV>&nbsp; call ldaps_free(shandle,rc);</DIV> <DIV>&nbsp; if rc ne 0 then do;</DIV> <DIV>&nbsp; &nbsp; &nbsp;msg = sysmsg();</DIV> <DIV>&nbsp; &nbsp; &nbsp;put msg;</DIV> <DIV>&nbsp; end;</DIV> <DIV>&nbsp; else</DIV> <DIV>&nbsp; &nbsp; &nbsp;put "LDAPS_FREE call successful.";</DIV> <DIV>&nbsp; /* close connection to LDAP server */</DIV> <DIV>&nbsp; call ldaps_close(handle,rc);</DIV> <DIV>&nbsp; if rc ne 0 then do;</DIV> <DIV>&nbsp; &nbsp; &nbsp;msg = sysmsg();</DIV> <DIV>&nbsp; &nbsp; &nbsp;put msg;</DIV> <DIV>&nbsp; end;</DIV> <DIV>&nbsp; else</DIV> <DIV>&nbsp; &nbsp; &nbsp;put "LDAPS_CLOSE call successful.";</DIV> <DIV>&nbsp; run;</DIV> <DIV>quit;</DIV> Wed, 15 May 2024 23:24:13 GMT https://communities.sas.com/t5/SAS-Programming/LDAP-query-memberof/m-p/928573#M365351 wbaldwin 2024-05-15T23:24:13Z https://communities.sas.com/t5/SAS-Programming/LDAP-query-memberof/m-p/928577#M365353 <P>If you haven't done so already then inspect the SAS supplied script&nbsp;<EM>importad.sas</EM>. This script contains a macro&nbsp;<EM>%ldapextrpersons</EM> that should give you pointers.</P> <P><A href="https://support.sas.com/kb/40/628.html" target="_self">Usage Note 40628: Automating the addition of users and groups to a SAS® Metadata Repository</A></P> <P>&nbsp;</P> <P>The importad.sas script should be available under:</P> <UL> <LI>Windows:&nbsp;SAS-installation-directory\SASFoundation\9.4\core\sample\importad.sas</LI> <LI>Unix:&nbsp;<SPAN class="xisDoc-directoryPath"><EM class="xisDoc-userSuppliedValue">SAS-installation-directory</EM>/SASFoundation/9.4/samples/base/importad.sas</SPAN><SPAN>&nbsp;</SPAN></LI> </UL> <P>&nbsp;</P> Thu, 16 May 2024 00:56:56 GMT https://communities.sas.com/t5/SAS-Programming/LDAP-query-memberof/m-p/928577#M365353 Patrick 2024-05-16T00:56:56Z