COMMUNITIES

Select Your Region

Visit the Cary, NC, US corporate headquarters site

Americas

Europe

Middle East & Africa

Asia Pacific

View our worldwide contacts list for help finding your region

Americas

Europe

Middle East & Africa

Asia Pacific

Sign In

Get access to My SAS, trials, communities and more.

Sign Out

Get access to My SAS, trials, communities and more.

SAS Sites

sas.com
Support
Blogs
Communities
Developer
Curiosity
Videos

Documentation

Learn
Brand
PartnerNet
Merchandise

SAS Programming

DATA Step, Macro, Functions and more
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
BookmarkSubscribeRSS Feed
wbaldwin
Fluorite | Level 6 wbaldwin
Fluorite | Level 6

LDAP query memberof

Posted 05-15-2024 07:24 PM (506 views)

I trying to query company LDAP and extract users from a specific AD Group.   I can query/filter on uid, department, etc.... but when trying to pull all users of a specific group, or any group, Suchas with memberof, example filter below,  I get no results.

Any suggestions/help?

filter="(&(memberOf=cn=myteam_AD_group,OU=groups,DC=com))"; 

 

full code below...

options mprint mlogic  ;
%let Attrs= "uid sn givenname groupMembershipSAM, grouppriority groupsToIgnore memberof " || 
      "acting comat comatstationid companycode cosspecifier " ||
      "costcenter countrycode createtimestamp dc " ||  
  "delegated departmentaltcontactname departmentcity " ||
  "departmentcomailaddress departmentcontactname departmentcostcenter " ||
      "departmentcountry departmentdescription departmentdivision departmentkeywords " ||
      "departmentlongname departmentname departmentnumber departmentphone departmentpostal " ||
  "displayname employeenumber employmentstatuscode employeetype employmenttypecode entrydn " ||
  "exemptnonexempt expatintlcomaddr fxdivision fxexecbcdraccess fxjobfamily fxjobfunctioncode " ||
      "fxregion fxsoxstatus fxssomemberof givenName icscalendar inetCanonicalDomainName " ||
  "inetDomainBaseDN inetDomainStatus inetMailGroupStatus inetUserStatus initials " ||
  "jobnumber mail mailAlternateAddress mailEquivalentAddress mailfxaccounttype mailfxhome " ||
  "mailHost mailRoutingHosts mailUserStatus managementlevel manager member " ||
  "memberOfManagedGroup memberOfPAB memberOfPABGroup modifytimestamp nickname " ||
  "nsCalXItemId nscpEntryDN nsds5ReplConflict nsLIProfileName " ||
  "nsUniqueId nswcalCALID ntGroupDomainId ntUserDomainId numsubordinates " ||
  "ou owner parentid pipstatus pipuid positionnumber postalcode " ||
  "postaladdress street isActive isActiveSpecified " ||
  "seeAlso sn telephoneNumber tempworklocation title uid un " ||
  "uniquemember vendortype workstate xuid"
;
 
%put &Attrs ;
%put &emp ;
 
data rpt_output ;
  length entryname $200 attrName $100 value $100 filter $100;
 
  rc =0; handle =0;
  server="directory.company.com";
  port=389;
  base="ou=people,o=company,c=us";
  bindDN="";  Pw="";
 
  /* open connection to LDAP server */
  call ldaps_open(handle, server, port, base, bindDn, Pw, rc);
  if rc ne 0 then do;
     msg = sysmsg();
     put msg;
  end;
  else
     put "LDAPS_OPEN call successful.";
 
  shandle=0;
  num=0;
 
filter="(&(objectCategory=user)(memberOf=myteam_AD_group,))";
/* filter below works for individual employees */
/*filter="(&(uid=&emp))";*/
   /* search the LDAP directory */
  call ldaps_search(handle,shandle,filter, attrs, num, rc);
  if rc ne 0 then do;
     msg = sysmsg();
     put msg;
  end;
  else do;
     put " ";
     put "LDAPS_SEARCH call successful.";
     put "Num entries returned is " num;
     put " ";
  end;
 
  do eIndex = 1 to num;
    numAttrs=0;
    entryname='';
    /* retrieve each entry name and number of attributes */
    call ldaps_entry(shandle, eIndex, entryname, numAttrs, rc);
    if rc ne 0 then do;
       msg = sysmsg();
       put msg;
    end;
    else do;
       put "  ";
       put "LDAPS_ENTRY call successful.";
       put "Num attributes returned is " numAttrs;
    end;
    /* for each attribute, retrieve name and values */
    do aIndex = 1 to numAttrs;
      attrName='';
      numValues=0;
      call ldaps_attrName(shandle, eIndex, aIndex, attrName, numValues, rc);
      if rc ne 0 then do;
         msg = sysmsg();
         put msg;
      end;
     else do;
         put "  ";
         put "Attribute name is " attrName;
         put "Num values returned is " numValues;
 
      end;
 
      do vIndex = 1 to numValues;
        call ldaps_attrValue(shandle, eIndex, aIndex, vIndex, value, rc);
        if rc ne 0 then do;
           msg = sysmsg();
           put msg;
        end;
    else do;
          put "Value : " value;
      put "Attribute nbr is " numValues;
  Output rpt_output;
        end;
      end;
    end;
  end;
 
  /* free search resources */
  call ldaps_free(shandle,rc);
  if rc ne 0 then do;
     msg = sysmsg();
     put msg;
  end;
  else
     put "LDAPS_FREE call successful.";
  /* close connection to LDAP server */
  call ldaps_close(handle,rc);
  if rc ne 0 then do;
     msg = sysmsg();
     put msg;
  end;
  else
     put "LDAPS_CLOSE call successful.";
  run;
quit;
0 Likes
Reply
1 REPLY 1
Patrick
Opal | Level 21 Patrick
Opal | Level 21

Re: LDAP query memberof

Posted 05-15-2024 08:56 PM (476 views)  |   In reply to wbaldwin

If you haven't done so already then inspect the SAS supplied script importad.sas. This script contains a macro %ldapextrpersons that should give you pointers.

Usage Note 40628: Automating the addition of users and groups to a SAS® Metadata Repository

 

The importad.sas script should be available under:

  • Windows: SAS-installation-directory\SASFoundation\9.4\core\sample\importad.sas
  • Unix: SAS-installation-directory/SASFoundation/9.4/samples/base/importad.sas 

 

0 Likes
Reply

sas-innovate-white.png

Our biggest data and AI event of the year.

Don’t miss the livestream kicking off May 7. It’s free. It’s easy. And it’s the best seat in the house.

Join us virtually with our complimentary SAS Innovate Digital Pass. Watch live or on-demand in multiple languages, with translations available to help you get the most out of every session.

 

Register now!

How to Concatenate Values

Learn how use the CAT functions in SAS to join values from multiple variables into a single value.

Watch How to Concatenate Values on YouTube

Find more tutorials on the SAS Users YouTube channel.

SAS Training: Just a Click Away

 Ready to level-up your skills? Choose your own adventure.

Browse our catalog!

Discussion stats
  • 1 reply
  • ‎05-15-2024 07:24 PM
  • 507 views
  • 0 likes
  • 2 in conversation
Top