Sample 40147: Test connection to LDAP or Active Directory server from within SAS® 9
This sample is useful in testing the parameters for connecting to an LDAP or Microsoft Active Directory server, and for confirming the results of a search passed to the directory services server. SAS® Integration Technologies is required to be installed and licensed on the host on which this sample is run.
The example uses LDAP call routines to search an LDAP directory for an entry, then iteratively writes each attribute to the SAS® log. This sample is appropriate for SAS® 9 environments with SAS® Integration Technologies licenced and installed on the client machine. The call routines work with Microsoft Active Directory server and other directory servers using either LDAP Version 2 or Version 3.
These sample files and code examples are provided by SAS Institute
Inc. "as is" without warranty of any kind, either express or implied, including
but not limited to the implied warranties of merchantability and fitness for a
particular purpose. Recipients acknowledge and agree that SAS Institute shall
not be liable for any damages whatsoever arising out of their use of this material.
In addition, SAS Institute will provide no support for the materials contained herein.
/* ======================================================================
The following program was adapted from an example in
SAS 9.1.3 Integration Technologies: Developer's Guide, Fifth Edition
Searching an LDAP Directory
http://support.sas.com/rnd/itech/doc9/dev_guide/ldap/ldapintf/ldap_search.html
The program is compatible with directory servers using LDAP Version 2
or Version 3, such as:
iPlanet Directory Server
IBM eNetwork LDAP Directory Server
Microsoft Active Directory
Modify the LDAP server connection settings and value for FILTER. Both places are
marked with "EDIT:" in the comment line above the section of code.
Common error messages and meanings:
ERROR: Unable to contact the LDAP server.
The name, IP address, or port of the LDAP server is invalid
or cannot be reached from your client machine.
ERROR: Invalid credentials on LDAP bind.
The BindUserDN was not found in the directory server, or the password
is incorrect. This error can also occur if the directory server doesn't
recognize the form of the BindUserDN. For example, Active Directory
supports the form "ldap_user@mycompany.com" whereas other LDAP
providers do not. It is best to use the DN of the bind user.
ERROR: LDAP server operations error.
The initialization of the LDAP library failed, usually caused
by an incorrect BaseDN value. The BaseDN should be the full
DistinguishedName for the base search suffix for queries.
ERROR: LDAP server reports no such object.
The BaseDN value provided to the LDAPS_SEARCH function is
incorrect. The problem is commonly an organizational unit (ou=) or
domain object (dc=) specified in the BaseDN that doesn't exist
or isn't known to the LDAP server.
====================================================================== */
/* EDIT: Define Active Directory or LDAP server connection parameters. */
%let LDAPServer = "ldap.mycompany.com";
%let LDAPPort = 389;
%let BaseDN = "OU=Users,DC=mycompany,DC=com";
%let BindUserDN = "CN=ldap_user,OU=Users,DC=mycompany,DC=com";
%let BindUserPW = "ldap_user_password";
/* EDIT: Define a filter value and attribute list to return. If you want
all attributes defined, use %let Attrs=" "; Double quotes are
required. */
%let Filter = "(CN=John Doe)";
%let Attrs= "displayName streetAddress cn company mail employeeID " ||
"facsimileTelephoneNumber distinguishedName l " ||
"mobile otherTelephone physicalDeliveryOfficeName " ||
"postalCode name sAMAccountName st " ||
"telephoneNumber co title whenChanged whenCreated";
data _null_;
length entryname $200 attrName $100 value $100 filter $110;
rc =0; handle =0;
server=&LDAPServer;
port=&LDAPPort;
base=&BaseDN;
bindDN=&BindUserDN;
Pw=&BindUserPW;
/* open connection to LDAP server */
call ldaps_open(handle, server, port, base, bindDn, Pw, rc);
if rc ne 0 then do;
put "LDAPS_OPEN call failed.";
msg = sysmsg();
put rc= / msg;
end;
else
put "LDAPS_OPEN call successful.";
shandle=0;
num=0;
filter=&Filter;
/* search and return attributes for objects */
attrs=&Attrs;
/* search the LDAP directory */
call ldaps_search(handle,shandle,filter, attrs, num, rc);
if rc ne 0 then do;
put "LDAPS_SEARCH call failed.";
msg = sysmsg();
put rc= / msg;
end;
else do;
put " ";
put "LDAPS_SEARCH call successful.";
put "Num entries returned is " num;
put " ";
end;
do eIndex = 1 to num;
numAttrs=0;
entryname='';
/* retrieve each entry name and number of attributes */
call ldaps_entry(shandle, eIndex, entryname, numAttrs, rc);
if rc ne 0 then do;
put "LDAPS_ENTRY call failed.";
msg = sysmsg();
put rc= / msg;
end;
else do;
put " ";
put "LDAPS_ENTRY call successful.";
put "Num attributes returned is " numAttrs;
end;
/* for each attribute, retrieve name and values */
do aIndex = 1 to numAttrs;
attrName='';
numValues=0;
call ldaps_attrName(shandle, eIndex, aIndex, attrName, numValues, rc);
if rc ne 0 then do;
msg = sysmsg();
put rc= / msg;
end;
else do;
put " ";
put " ATTRIBUTE name : " attrName;
put " NUM values returned : " numValues;
end;
do vIndex = 1 to numValues;
call ldaps_attrValue(shandle, eIndex, aIndex, vIndex, value, rc);
if rc ne 0 then do;
msg = sysmsg();
put rc= / msg;
end;
else do;
put " Value : " value;
output;
end;
end;
end;
end;
/* free search resources */
put /;
call ldaps_free(shandle,rc);
if rc ne 0 then do;
put "LDAPS_FREE call failed.";
msg = sysmsg();
put rc= / msg;
end;
else
put "LDAPS_FREE call successful.";
/* close connection to LDAP server */
put /;
call ldaps_close(handle,rc);
if rc ne 0 then do;
put "LDAPS_CLOSE call failed.";
msg = sysmsg();
put rc= / msg;
end;
else
put "LDAPS_CLOSE call successful.";
run;
These sample files and code examples are provided by SAS Institute
Inc. "as is" without warranty of any kind, either express or implied, including
but not limited to the implied warranties of merchantability and fitness for a
particular purpose. Recipients acknowledge and agree that SAS Institute shall
not be liable for any damages whatsoever arising out of their use of this material.
In addition, SAS Institute will provide no support for the materials contained herein.
LDAPS_OPEN call successful.
LDAPS_SEARCH call successful.
Num entries returned is 1
LDAPS_ENTRY call successful.
Num attributes returned is 20
ATTRIBUTE name : cn
NUM values returned : 1
Value : Joseph Smith
ATTRIBUTE name : l
NUM values returned : 1
Value : Cary
ATTRIBUTE name : st
NUM values returned : 1
Value : NC
ATTRIBUTE name : title
NUM values returned : 1
Value : Technical Support Analyst
<additional attributes>
LDAPS_FREE call successful.
LDAPS_CLOSE call successful.
Date Modified: | 2011-08-17 10:18:21 |
Date Created: | 2010-06-29 16:25:30 |
Operating System and Release Information
SAS System | N/A | z/OS | 9.1 TS1M3 SP4 | |
Microsoft® Windows® for x64 | 9.1 TS1M3 SP4 | |
Microsoft® Windows® for 64-Bit Itanium-based Systems | 9.1 TS1M3 SP4 | |
Microsoft Windows Server 2003 Datacenter 64-bit Edition | 9.1 TS1M3 SP4 | |
Microsoft Windows Server 2003 Enterprise 64-bit Edition | 9.1 TS1M3 SP4 | |
Microsoft Windows XP 64-bit Edition | 9.1 TS1M3 SP4 | |
Microsoft Windows 2000 Advanced Server | 9.1 TS1M3 SP4 | |
Microsoft Windows 2000 Datacenter Server | 9.1 TS1M3 SP4 | |
Microsoft Windows 2000 Server | 9.1 TS1M3 SP4 | |
Microsoft Windows 2000 Professional | 9.1 TS1M3 SP4 | |
Microsoft Windows NT Workstation | 9.1 TS1M3 SP4 | |
Microsoft Windows Server 2003 Datacenter Edition | 9.1 TS1M3 SP4 | |
Microsoft Windows Server 2003 Enterprise Edition | 9.1 TS1M3 SP4 | |
Microsoft Windows Server 2003 Standard Edition | 9.1 TS1M3 SP4 | |
Microsoft Windows XP Professional | 9.1 TS1M3 SP4 | |
Windows Vista | 9.1 TS1M3 SP4 | |
Windows Vista for x64 | 9.1 TS1M3 SP4 | |
64-bit Enabled AIX | 9.1 TS1M3 SP4 | |
64-bit Enabled HP-UX | 9.1 TS1M3 SP4 | |
64-bit Enabled Solaris | 9.1 TS1M3 SP4 | |
AIX | 9.1 TS1M3 SP4 | |
HP-UX | 9.1 TS1M3 SP4 | |
HP-UX IPF | 9.1 TS1M3 SP4 | |
Linux | 9.1 TS1M3 SP4 | |
Linux for x64 | 9.1 TS1M3 SP4 | |
Linux on Itanium | 9.1 TS1M3 SP4 | |
OpenVMS Alpha | 9.1 TS1M3 SP4 | |
Solaris | 9.1 TS1M3 SP4 | |
Solaris for x64 | 9.1 TS1M3 SP4 | |
Tru64 UNIX | 9.1 TS1M3 SP4 | |