I trying to query company LDAP and extract users from a specific AD Group. I can query/filter on uid, department, etc.... but when trying to pull all users of a specific group, or any group, Suchas with memberof, example filter below, I get no results.
Any suggestions/help?
filter="(&(memberOf=cn=myteam_AD_group,OU=groups,DC=com))";
full code below...
options mprint mlogic ;
%let Attrs= "uid sn givenname groupMembershipSAM, grouppriority groupsToIgnore memberof " ||
"acting comat comatstationid companycode cosspecifier " ||
"costcenter countrycode createtimestamp dc " ||
"delegated departmentaltcontactname departmentcity " ||
"departmentcomailaddress departmentcontactname departmentcostcenter " ||
"departmentcountry departmentdescription departmentdivision departmentkeywords " ||
"departmentlongname departmentname departmentnumber departmentphone departmentpostal " ||
"displayname employeenumber employmentstatuscode employeetype employmenttypecode entrydn " ||
"exemptnonexempt expatintlcomaddr fxdivision fxexecbcdraccess fxjobfamily fxjobfunctioncode " ||
"fxregion fxsoxstatus fxssomemberof givenName icscalendar inetCanonicalDomainName " ||
"inetDomainBaseDN inetDomainStatus inetMailGroupStatus inetUserStatus initials " ||
"jobnumber mail mailAlternateAddress mailEquivalentAddress mailfxaccounttype mailfxhome " ||
"mailHost mailRoutingHosts mailUserStatus managementlevel manager member " ||
"memberOfManagedGroup memberOfPAB memberOfPABGroup modifytimestamp nickname " ||
"nsCalXItemId nscpEntryDN nsds5ReplConflict nsLIProfileName " ||
"nsUniqueId nswcalCALID ntGroupDomainId ntUserDomainId numsubordinates " ||
"ou owner parentid pipstatus pipuid positionnumber postalcode " ||
"postaladdress street isActive isActiveSpecified " ||
"seeAlso sn telephoneNumber tempworklocation title uid un " ||
"uniquemember vendortype workstate xuid"
;
%put &Attrs ;
%put &emp ;
data rpt_output ;
length entryname $200 attrName $100 value $100 filter $100;
rc =0; handle =0;
server="directory.company.com";
port=389;
base="ou=people,o=company,c=us";
bindDN=""; Pw="";
/* open connection to LDAP server */
call ldaps_open(handle, server, port, base, bindDn, Pw, rc);
if rc ne 0 then do;
msg = sysmsg();
put msg;
end;
else
put "LDAPS_OPEN call successful.";
shandle=0;
num=0;
filter="(&(objectCategory=user)(memberOf=myteam_AD_group,))";
/* filter below works for individual employees */
/*filter="(&(uid=&emp))";*/
/* search the LDAP directory */
call ldaps_search(handle,shandle,filter, attrs, num, rc);
if rc ne 0 then do;
msg = sysmsg();
put msg;
end;
else do;
put " ";
put "LDAPS_SEARCH call successful.";
put "Num entries returned is " num;
put " ";
end;
do eIndex = 1 to num;
numAttrs=0;
entryname='';
/* retrieve each entry name and number of attributes */
call ldaps_entry(shandle, eIndex, entryname, numAttrs, rc);
if rc ne 0 then do;
msg = sysmsg();
put msg;
end;
else do;
put " ";
put "LDAPS_ENTRY call successful.";
put "Num attributes returned is " numAttrs;
end;
/* for each attribute, retrieve name and values */
do aIndex = 1 to numAttrs;
attrName='';
numValues=0;
call ldaps_attrName(shandle, eIndex, aIndex, attrName, numValues, rc);
if rc ne 0 then do;
msg = sysmsg();
put msg;
end;
else do;
put " ";
put "Attribute name is " attrName;
put "Num values returned is " numValues;
end;
do vIndex = 1 to numValues;
call ldaps_attrValue(shandle, eIndex, aIndex, vIndex, value, rc);
if rc ne 0 then do;
msg = sysmsg();
put msg;
end;
else do;
put "Value : " value;
put "Attribute nbr is " numValues;
Output rpt_output;
end;
end;
end;
end;
/* free search resources */
call ldaps_free(shandle,rc);
if rc ne 0 then do;
msg = sysmsg();
put msg;
end;
else
put "LDAPS_FREE call successful.";
/* close connection to LDAP server */
call ldaps_close(handle,rc);
if rc ne 0 then do;
msg = sysmsg();
put msg;
end;
else
put "LDAPS_CLOSE call successful.";
run;
quit;