Import user from AD

Reply
Occasional Contributor
Posts: 10

Import user from AD

Hi all,

I try to export user information with the program importad.sas from our active directory.

I have done the following changes in the program:

%macro ldapextrpersons;

       shandle=0;

       num=0;

       /* The attrs datastep variable contains a list of the ldap attribute */

       /* names from the standard schema. */

       attrs="displayName distinguishedName mailNickname ";

            

       /*****************************************************************/

       /* Call the SAS interface to search the LDAP directory.  Upon    */

       /* successful return, the shandle variable will contain a search */

       /* handle that identifies the list of entries returned in the    */

       /* search.  The num variable will contain the total number of    */

       /* result entries found during the search.                       */

       /*****************************************************************/

       call ldaps_search( handle, shandle, filter, attrs, num, rc );

       if rc NE 0 then do;

         msg = sysmsg();

         put msg;

         put filter=;

       end;

       do eIndex = 1 to num;

          numAttrs=0;

          entryname='';

   

          call ldaps_entry( shandle, eIndex, entryname, numAttrs, rc );

          if rc NE 0 then do;

             msg = sysmsg();

             put msg;

          end;

          /* initialize the entry variables */

         displayName="";

          distinguishedName="";

          mailNickname="";

         

          /* for each attribute, retrieve name and values */

          if (numAttrs > 0) then do aIndex = 1 to numAttrs;

         

             attrName='';

             numValues=0;

         

             call ldaps_attrName(shandle, eIndex, aIndex, attrName, numValues, rc);

             if rc NE 0 then do;

                put aIndex=;

                msg = sysmsg();

                put msg;

             end;

             /* get the 1st value of the attribute. */

             call ldaps_attrValue(shandle, eIndex, aIndex, 1, value, rc);

             if rc NE 0 then do;

                msg = sysmsg();

                put msg;

             end;

             /********************************************************************/

             /* All of the following attrName values are MS Base Schema Supplied */

             /********************************************************************/

             /* extract the displayName - Display-Name in */

             if (attrName = 'displayName')  then

                displayName= value;

            

             /* extract the distinguishedName - Obj-Dist-Name */

             else if (attrName = 'distinguishedName')  then

                distinguishedName= value;

                else if (attrName = 'mailNickname')  then

                mailNickname= value;

            

               

          end;  /* end of attribute loop */

          /*******************************************************************/

          /* It is possible that the ldap query returns entries that do not  */

          /* represent actual persons that should be loaded into metadata.   */

          /* When one of these entries is encountered, skip adding the       */

          /* observation to the ldapusers dataset.  This example expects     */

          /* valid users to have an emplyeeID.  If your ActiveDirectory does */

          /* not use the employeeID attribute, then this condition will need */

          /* to be modified.  The condition should resolve to true only when */

          /* the current entry should be defined in the metadata as a user.  */

          /*                                                                 */

          /* Note: Changing the expression below to simply use               */

          /*       distinguishedName instead of employeeID may not be useful.*/

          /*       Every entry will have a distinguishedName, thus the       */

          /*       expression would always be true and no entries would be   */

          /*       filtered.                                                 */

          /*******************************************************************/

          if mailNickname NE "" then

             output &extractlibref..ldapusers; /* output to ldapusers dataset */

       end;  /* end of entry loop */

       /* free search resources */

       if shandle NE 0 then do;

          call ldaps_free(shandle,rc);

          if rc NE 0 then do;

             msg = sysmsg();

             put msg;

          end;

       end;

%mend;

this changed macro generate the following messages:

WARNING 716-185: Argument #5 is a numeric variable, while a character variable must be passed to the LDAPS_ATTRVALUE subroutine

                 call in order for the variable to be updated.

ERROR: LDAP server reports no such object.

With an ldap browser I receive the requested information.

Any ideas what I am doing wrong?

cheers,

christoph

Any Ideas

Trusted Advisor
Posts: 3,212

Re: Import user from AD

Posted in reply to rico_ehrlich

SAS(R) 9.3 Integration Technologies: Directory Services Reference (ldaps_attrvalue)
The fifth parameter must be character. I cannot find the variable "value"has been defined that way in your macro.

Specifing "length values $255; " before the call should help.

---->-- ja karman --<-----
Ask a Question
Discussion stats
  • 1 reply
  • 353 views
  • 0 likes
  • 2 in conversation