Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

Unable to read AD attribute using FM "LDAP_READ".

Former Member
0 Kudos

Hi ,

We successfully connected to Active directory (AD) and able to create and update Users.

Now we have to read email address from the User (AD attribute = mail).

I have been trying with FM's "LDAP_READ" and "LDAP_OBJECT_READ", but couldn't succeed.

( )

call function 'LDAP_READ'
  exporting
    base                = 'OU=SAP,OU=TEST,OU=ACCOUNTS,DC=TEST,DC=LOCAL'
*   BASE_STRING         =
    scope               = 2
    filter              = '(&(OBJECTCLASS=*)(EMPLOYEENUMBER=15279))'
*   FILTER_STRING       =
*   TIMEOUT             =
*   ATTRIBUTES          =
  importing
*   LDAPRC              =
    entries             = it_ldap
  exceptions
    no_authoriz         = 1
    conn_outdate        = 2
    ldap_failure        = 3
    not_alive           = 4
    other_error         = 5
    others              = 6
          .
if sy-subrc =  0.
* MESSAGE ID SY-MSGID TYPE SY-MSGTY NUMBER SY-MSGNO
*         WITH SY-MSGV1 SY-MSGV2 SY-MSGV3 SY-MSGV4.
endif.

-


We are receving Sy-subrc = 3 (Ldap_failure) and in debug I found that it is failing in FM "LDAP_SEARCH"

I tried filter values as

'(&(OBJECTCLASS=*)(EMPLOYEENUMBER=15279))'

EMPLOYEENUMBER=15279

Is there anything i'm missing here? Kindly suggest.

Thanks

Deepthi.

1 ACCEPTED SOLUTION

abapdeveloper20
Contributor
0 Kudos

Hi Deepthi,

In the LDAP txn , after LOGON , u will get FIND button enabled. Use the find button to search for cn users who are all available in the AD.

Same Find inputs can be used for the LDAP_READ function module.

Try.. surely u will get..

6 REPLIES 6

madhu_vadlamani
Active Contributor
0 Kudos

Hi Deepthi,

Can you check the sample program RSLDAPTEST.

Regards,

Madhu.

abapdeveloper20
Contributor
0 Kudos

Hi Deepthi,

Try like this.

This code checks whether the PERNR exits in the AD or not.

DATA : attributes_ldap TYPE ldapastab,

wa_attributes_ldap TYPE ldapas,

basisdn TYPE ldap_dns,

filter TYPE ldap_filts,

ldaprc TYPE ldapdefs-ldrc,

entries_ldap TYPE ldapetab,

serverid TYPE ldapserver-serverid.

CLEAR attributes_ldap.

wa_attributes_ldap-name = 'OBJECTCLASS'.

wa_attributes_ldap-typ = 'C'.

APPEND wa_attributes_ldap TO attributes_ldap.

basisdn = OU=SAP,OU=TEST,OU=ACCOUNTS,DC=TEST,DC=LOCAL'. " GIVE PROPER FORMAT.. Case Sensitive

CONCATENATE '(&(OBJECTCLASS=user)(CN='

p_ls_final_pernr

'))'

INTO filter.

serverid = 'SAPHRLDAP'.

CALL FUNCTION 'LDAP_SYSTEMBIND'

EXPORTING

serverid = serverid

writeread = 'W'

EXCEPTIONS

no_authoriz = 1

config_error = 2

nomore_conns = 3

ldap_failure = 4

not_alive = 5

other_error = 6

OTHERS = 7.

IF sy-subrc EQ 0.

CALL FUNCTION 'LDAP_READ'

EXPORTING

base_string = basisdn

scope = 2

filter_string = filter

attributes = attributes_ldap

IMPORTING

ldaprc = ldaprc

entries = entries_ldap

EXCEPTIONS

no_authoriz = 1

conn_outdate = 2

ldap_failure = 3

not_alive = 4

other_error = 5

OTHERS = 6.

IF sy-subrc EQ 0.

IF entries_ldap[] IS NOT INITIAL.

p_lv_exist = 'X'.

ENDIF.

ELSE.

PERFORM addreturn

USING

sy-msgty

sy-msgid

sy-msgno

sy-msgv1

sy-msgv2

sy-msgv3

sy-msgv4

"CHANGING

wa_return_ldap.

APPEND wa_return_ldap TO p_lt_searchres.

  • LDAPSEARCH fehlgeschlagen

PERFORM addreturn USING 'E' 'LDAPACCESS' '101' '' '' '' ''

wa_return_l.

APPEND wa_return_l TO p_lt_searchres.

RETURN.

ENDIF.

ELSE.

PERFORM addreturn

USING

sy-msgty

sy-msgid

sy-msgno

sy-msgv1

sy-msgv2

sy-msgv3

sy-msgv4

"CHANGING

wa_return_ldap.

APPEND wa_return_ldap TO p_lt_searchres.

  • Verbindung konnte nicht hergestellt werden

p1 = serverid.

PERFORM addreturn USING 'E' 'LDAPACCESS' '100' p1 '' '' ''

wa_return_l.

APPEND wa_return_l TO p_lt_searchres.

RETURN.

ENDIF.

CALL FUNCTION 'LDAP_UNBIND'

EXCEPTIONS

conn_outdate = 1

ldap_failure = 2

not_alive = 3

other_error = 4

OTHERS = 5.

abapdeveloper20
Contributor
0 Kudos

Hi Deepthi,

In the LDAP txn , after LOGON , u will get FIND button enabled. Use the find button to search for cn users who are all available in the AD.

Same Find inputs can be used for the LDAP_READ function module.

Try.. surely u will get..

0 Kudos

Hi Lakshmi,

Thank you for your reply.

The code is working, but it is coming only with the base information like

CN=Deepthi Reddy,OU=SAP,OU=Test,OU=User Accounts,OU=Accounts,DC=test,DC=local

How can I retreive few more AD attribute values like Email address(attribute name = mail) ?

What parameter I need to pass this information?

Thanks

0 Kudos

Hi Deepthi,

I don't have access to system now, but i guess when you have Direct DN(CN=Deepthi Reddy,OU=SAP,OU=Test,OU=User Accounts,OU=Accounts,DC=test,DC=local) then ,If you pass email correspondimg mapping name in the Filter Exporting parameter , you will their relevant values in the entries Importing parameter.


 CLEAR attributes_ldap.
  wa_attributes_ldap-name = 'OBJECTCLASS'.
  wa_attributes_ldap-typ = 'C'.
  APPEND wa_attributes_ldap TO attributes_ldap.

* Search entry with direct DN, if given
  IF NOT direct_dn IS INITIAL.
    CALL FUNCTION 'LDAP_READ'
      EXPORTING
        base_string         = direct_dn
        scope               = 0
        filter_string       = filter
        attributes          = attributes_ldap
      IMPORTING
        entries             = entries_ldap              "<<<<<<<<<< entries will come
      EXCEPTIONS
        OTHERS              = 0.
*   If any error here, code below will retry with subtree
*   search. No error handling required.
    IF sy-subrc <> 0.
      CLEAR entries_ldap.
    ENDIF.
  ENDIF.

Thanks,

0 Kudos

Thank you Lakshmi. It's working.