BookmarkSubscribeRSS Feed
🔒 This topic is solved and locked. Need further help from the community? Please sign in and ask a new question.
max00d
Obsidian | Level 7

I'm trying to sync users from LDAP into Management console on SAS 9.4 linux.  I've used the macros that comes as standard and have got the new users synching into management console.  The problem is that I don't have a group associated against them.

 

From what I can see i from the notes on the cononical tables (http://support.sas.com/documentation/cdl/en/bisecag/69827/PDF/default/bisecag.pdf - p.232) the table grpmems needs to be populated with a grpkey (the group I want them assigned to in MC) and the memkeyid (the unique user id from the person table).

 

So I have the info extracted for a new user and when trying to load them I get this error in the log

 

 

ERROR: The method is not directed at a repository.  (The Reposid parameter is blank.)

ERROR: Errors returned from Proc Metadata prevented objects from being Loaded. Table: work.mduimplb_failedobjs identifies 2 such
objects. Consult the SAS Log for the specific Metadata Server errors returned.

LDAP2SAS.png

 

The output work.mduimpl_failedobs is above.  Is there a key field on here that is missing that is causing that?

 

 

 

 

 

1 ACCEPTED SOLUTION

Accepted Solutions
PaulHomes
Rhodochrosite | Level 12

In developing our Metacoda Identity Sync plug-in, I have seen that error message many times 🙂  In my case it has usually been caused by missing metadata object ids in the generated proc metadata XML. When debugging I often find it useful to capture the generated XML to see what proc metadata is trying to do (which can be used to work backwards to find the problem). If you look at the SAS MDUCHGLB macro you can set the _mduchglb_outrequest_ and _mduchglb_outresponse_ macro variables to a directory path where it will write XML files (which are otherwise temporary and deleted).

 

Looking at the screenshot you posted, I am wondering if perhaps you have the wrong value in the memkeyid column. This column should contain the unique keyid value for the group member (being a user or group) and not the member name. It looks like your memkeyid is the same as the memname. Is this the same value as the keyid for the member or is the key id different?  In case it is useful I wrote a blog post about key-id's which includes a screenshot of the SAS Management Console User Manager dialog that can be used to view/edit them for existing sync'ed users: Identity Sync: Finding Your Keys

 

 

View solution in original post

7 REPLIES 7
anja
SAS Employee

Hi,

 

what is the entire error message?

 

As far as I know (please someone correct me if I am wrong), there is no way to add new users to old groups.

You would have to re-sync.

 

Sending the entire error message would help.

Thanks

Anja

max00d
Obsidian | Level 7

That is the full error.  Yes it doesnt mean much to me either.

 

Are you sure that you can't automatically add a new user to an existing group?  As I siad I can get the new users to be visible in meta-data but they are not added into a group.

 

What about this paper http://support.sas.com/resources/papers/proceedings12/377-2012.pdf

 

 

anja
SAS Employee

Hi,

 

first of all, my apologies for providing a wrong info. Thats what's happening if one is too quick with answering 🙂

You can certainly import groups / empty groups.

 

Did you specify the repository information? (regarding the error "... blank")

Are you running this through EGuide, batch or any other client?

 

If you are running through EG, you usually would not have to specify the connection options, as the

EG profile includes all info needed.

 

If you are running this any other way, please verify that you are using the following properties in the program:

 

options metaserver=metahostname.xxxxx.com 

          metaport=8561               

          metauser="sasadm@saspw"       *or any other unrestricted user ID

          metapass="encrypted password"   

          metaprotocol=bridge       

          metarepository=Foundation

 

Am looking forward to hearing back from you with your findings/info.

 

Thanks

Anja

PaulHomes
Rhodochrosite | Level 12

In developing our Metacoda Identity Sync plug-in, I have seen that error message many times 🙂  In my case it has usually been caused by missing metadata object ids in the generated proc metadata XML. When debugging I often find it useful to capture the generated XML to see what proc metadata is trying to do (which can be used to work backwards to find the problem). If you look at the SAS MDUCHGLB macro you can set the _mduchglb_outrequest_ and _mduchglb_outresponse_ macro variables to a directory path where it will write XML files (which are otherwise temporary and deleted).

 

Looking at the screenshot you posted, I am wondering if perhaps you have the wrong value in the memkeyid column. This column should contain the unique keyid value for the group member (being a user or group) and not the member name. It looks like your memkeyid is the same as the memname. Is this the same value as the keyid for the member or is the key id different?  In case it is useful I wrote a blog post about key-id's which includes a screenshot of the SAS Management Console User Manager dialog that can be used to view/edit them for existing sync'ed users: Identity Sync: Finding Your Keys

 

 

max00d
Obsidian | Level 7

Thanks for the info this helped me to home in the areas to check.  In the end I used the default set of macros to identify users in ldap that are not in SAS yet.  I was then able to load these users in.  I then used some of the code in these macros to identify any users that were not in a group and add them to a specific group.  The end result is a web page in an organisation that users can sign into and get a base level of privelages in order to access a numer of visual analytics dashboards.  This removes a lot of overhead of faffy admin jobs registering news users. 

milts
Pyrite | Level 9

You actually save me hours/days trying to figure out how to do update of a user's group assignments!

 

After pointing out the XML files to a specific path I saw that the Ids were blank as I only populated the keyids and not the objids of my _add and _delete tables.

PaulHomes
Rhodochrosite | Level 12

Great to hear it helped. Being able to see the generated XML has helped me many times in the past too.

suga badge.PNGThe SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment. 

Join SUGA 

CLI in SAS Viya

Learn how to install the SAS Viya CLI and a few commands you may find useful in this video by SAS’ Darrell Barton.

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 7 replies
  • 2635 views
  • 7 likes
  • 4 in conversation