Import user from AD

Occasional Contributor
Posts: 10

Import user from AD

Hi all,

I try to export user information with the program from our active directory.

I have done the following changes in the program:

%macro ldapextrpersons;



       /* The attrs datastep variable contains a list of the ldap attribute */

       /* names from the standard schema. */

       attrs="displayName distinguishedName mailNickname ";



       /* Call the SAS interface to search the LDAP directory.  Upon    */

       /* successful return, the shandle variable will contain a search */

       /* handle that identifies the list of entries returned in the    */

       /* search.  The num variable will contain the total number of    */

       /* result entries found during the search.                       */


       call ldaps_search( handle, shandle, filter, attrs, num, rc );

       if rc NE 0 then do;

         msg = sysmsg();

         put msg;

         put filter=;


       do eIndex = 1 to num;




          call ldaps_entry( shandle, eIndex, entryname, numAttrs, rc );

          if rc NE 0 then do;

             msg = sysmsg();

             put msg;


          /* initialize the entry variables */





          /* for each attribute, retrieve name and values */

          if (numAttrs > 0) then do aIndex = 1 to numAttrs;





             call ldaps_attrName(shandle, eIndex, aIndex, attrName, numValues, rc);

             if rc NE 0 then do;

                put aIndex=;

                msg = sysmsg();

                put msg;


             /* get the 1st value of the attribute. */

             call ldaps_attrValue(shandle, eIndex, aIndex, 1, value, rc);

             if rc NE 0 then do;

                msg = sysmsg();

                put msg;



             /* All of the following attrName values are MS Base Schema Supplied */


             /* extract the displayName - Display-Name in */

             if (attrName = 'displayName')  then

                displayName= value;


             /* extract the distinguishedName - Obj-Dist-Name */

             else if (attrName = 'distinguishedName')  then

                distinguishedName= value;

                else if (attrName = 'mailNickname')  then

                mailNickname= value;



          end;  /* end of attribute loop */


          /* It is possible that the ldap query returns entries that do not  */

          /* represent actual persons that should be loaded into metadata.   */

          /* When one of these entries is encountered, skip adding the       */

          /* observation to the ldapusers dataset.  This example expects     */

          /* valid users to have an emplyeeID.  If your ActiveDirectory does */

          /* not use the employeeID attribute, then this condition will need */

          /* to be modified.  The condition should resolve to true only when */

          /* the current entry should be defined in the metadata as a user.  */

          /*                                                                 */

          /* Note: Changing the expression below to simply use               */

          /*       distinguishedName instead of employeeID may not be useful.*/

          /*       Every entry will have a distinguishedName, thus the       */

          /*       expression would always be true and no entries would be   */

          /*       filtered.                                                 */


          if mailNickname NE "" then

             output &extractlibref..ldapusers; /* output to ldapusers dataset */

       end;  /* end of entry loop */

       /* free search resources */

       if shandle NE 0 then do;

          call ldaps_free(shandle,rc);

          if rc NE 0 then do;

             msg = sysmsg();

             put msg;




this changed macro generate the following messages:

WARNING 716-185: Argument #5 is a numeric variable, while a character variable must be passed to the LDAPS_ATTRVALUE subroutine

                 call in order for the variable to be updated.

ERROR: LDAP server reports no such object.

With an ldap browser I receive the requested information.

Any ideas what I am doing wrong?



Any Ideas

Valued Guide
Posts: 3,208

Re: Import user from AD

SAS(R) 9.3 Integration Technologies: Directory Services Reference (ldaps_attrvalue)
The fifth parameter must be character. I cannot find the variable "value"has been defined that way in your macro.

Specifing "length values $255; " before the call should help.

---->-- ja karman --<-----
Ask a Question
Discussion stats
  • 1 reply
  • 2 in conversation