BookmarkSubscribeRSS Feed
wbaldwin
Fluorite | Level 6

I trying to query company LDAP and extract users from a specific AD Group.   I can query/filter on uid, department, etc.... but when trying to pull all users of a specific group, or any group, Suchas with memberof, example filter below,  I get no results.

Any suggestions/help?

filter="(&(memberOf=cn=myteam_AD_group,OU=groups,DC=com))"; 

 

full code below...

options mprint mlogic  ;
%let Attrs= "uid sn givenname groupMembershipSAM, grouppriority groupsToIgnore memberof " || 
      "acting comat comatstationid companycode cosspecifier " ||
      "costcenter countrycode createtimestamp dc " ||  
  "delegated departmentaltcontactname departmentcity " ||
  "departmentcomailaddress departmentcontactname departmentcostcenter " ||
      "departmentcountry departmentdescription departmentdivision departmentkeywords " ||
      "departmentlongname departmentname departmentnumber departmentphone departmentpostal " ||
  "displayname employeenumber employmentstatuscode employeetype employmenttypecode entrydn " ||
  "exemptnonexempt expatintlcomaddr fxdivision fxexecbcdraccess fxjobfamily fxjobfunctioncode " ||
      "fxregion fxsoxstatus fxssomemberof givenName icscalendar inetCanonicalDomainName " ||
  "inetDomainBaseDN inetDomainStatus inetMailGroupStatus inetUserStatus initials " ||
  "jobnumber mail mailAlternateAddress mailEquivalentAddress mailfxaccounttype mailfxhome " ||
  "mailHost mailRoutingHosts mailUserStatus managementlevel manager member " ||
  "memberOfManagedGroup memberOfPAB memberOfPABGroup modifytimestamp nickname " ||
  "nsCalXItemId nscpEntryDN nsds5ReplConflict nsLIProfileName " ||
  "nsUniqueId nswcalCALID ntGroupDomainId ntUserDomainId numsubordinates " ||
  "ou owner parentid pipstatus pipuid positionnumber postalcode " ||
  "postaladdress street isActive isActiveSpecified " ||
  "seeAlso sn telephoneNumber tempworklocation title uid un " ||
  "uniquemember vendortype workstate xuid"
;
 
%put &Attrs ;
%put &emp ;
 
data rpt_output ;
  length entryname $200 attrName $100 value $100 filter $100;
 
  rc =0; handle =0;
  server="directory.company.com";
  port=389;
  base="ou=people,o=company,c=us";
  bindDN="";  Pw="";
 
  /* open connection to LDAP server */
  call ldaps_open(handle, server, port, base, bindDn, Pw, rc);
  if rc ne 0 then do;
     msg = sysmsg();
     put msg;
  end;
  else
     put "LDAPS_OPEN call successful.";
 
  shandle=0;
  num=0;
 
filter="(&(objectCategory=user)(memberOf=myteam_AD_group,))";
/* filter below works for individual employees */
/*filter="(&(uid=&emp))";*/
   /* search the LDAP directory */
  call ldaps_search(handle,shandle,filter, attrs, num, rc);
  if rc ne 0 then do;
     msg = sysmsg();
     put msg;
  end;
  else do;
     put " ";
     put "LDAPS_SEARCH call successful.";
     put "Num entries returned is " num;
     put " ";
  end;
 
  do eIndex = 1 to num;
    numAttrs=0;
    entryname='';
    /* retrieve each entry name and number of attributes */
    call ldaps_entry(shandle, eIndex, entryname, numAttrs, rc);
    if rc ne 0 then do;
       msg = sysmsg();
       put msg;
    end;
    else do;
       put "  ";
       put "LDAPS_ENTRY call successful.";
       put "Num attributes returned is " numAttrs;
    end;
    /* for each attribute, retrieve name and values */
    do aIndex = 1 to numAttrs;
      attrName='';
      numValues=0;
      call ldaps_attrName(shandle, eIndex, aIndex, attrName, numValues, rc);
      if rc ne 0 then do;
         msg = sysmsg();
         put msg;
      end;
     else do;
         put "  ";
         put "Attribute name is " attrName;
         put "Num values returned is " numValues;
 
      end;
 
      do vIndex = 1 to numValues;
        call ldaps_attrValue(shandle, eIndex, aIndex, vIndex, value, rc);
        if rc ne 0 then do;
           msg = sysmsg();
           put msg;
        end;
    else do;
          put "Value : " value;
      put "Attribute nbr is " numValues;
  Output rpt_output;
        end;
      end;
    end;
  end;
 
  /* free search resources */
  call ldaps_free(shandle,rc);
  if rc ne 0 then do;
     msg = sysmsg();
     put msg;
  end;
  else
     put "LDAPS_FREE call successful.";
  /* close connection to LDAP server */
  call ldaps_close(handle,rc);
  if rc ne 0 then do;
     msg = sysmsg();
     put msg;
  end;
  else
     put "LDAPS_CLOSE call successful.";
  run;
quit;
1 REPLY 1
Patrick
Opal | Level 21

If you haven't done so already then inspect the SAS supplied script importad.sas. This script contains a macro %ldapextrpersons that should give you pointers.

Usage Note 40628: Automating the addition of users and groups to a SAS® Metadata Repository

 

The importad.sas script should be available under:

  • Windows: SAS-installation-directory\SASFoundation\9.4\core\sample\importad.sas
  • Unix: SAS-installation-directory/SASFoundation/9.4/samples/base/importad.sas 

 

sas-innovate-wordmark-2025-midnight.png

Register Today!

Join us for SAS Innovate 2025, our biggest and most exciting global event of the year, in Orlando, FL, from May 6-9. Sign up by March 14 for just $795.


Register now!

How to Concatenate Values

Learn how use the CAT functions in SAS to join values from multiple variables into a single value.

Find more tutorials on the SAS Users YouTube channel.

SAS Training: Just a Click Away

 Ready to level-up your skills? Choose your own adventure.

Browse our catalog!

Discussion stats
  • 1 reply
  • 401 views
  • 0 likes
  • 2 in conversation