Skip to Content
author's profile photo Former Member
Former Member

Unable to read AD attribute using FM "LDAP_READ".

Hi ,

We successfully connected to Active directory (AD) and able to create and update Users.

Now we have to read email address from the User (AD attribute = mail).

I have been trying with FM's "LDAP_READ" and "LDAP_OBJECT_READ", but couldn't succeed.

( Problem with LDAP connector )

call function 'LDAP_READ'
  exporting
    base                = 'OU=SAP,OU=TEST,OU=ACCOUNTS,DC=TEST,DC=LOCAL'
*   BASE_STRING         =
    scope               = 2
    filter              = '(&(OBJECTCLASS=*)(EMPLOYEENUMBER=15279))'
*   FILTER_STRING       =
*   TIMEOUT             =
*   ATTRIBUTES          =
  importing
*   LDAPRC              =
    entries             = it_ldap
  exceptions
    no_authoriz         = 1
    conn_outdate        = 2
    ldap_failure        = 3
    not_alive           = 4
    other_error         = 5
    others              = 6
          .
if sy-subrc =  0.
* MESSAGE ID SY-MSGID TYPE SY-MSGTY NUMBER SY-MSGNO
*         WITH SY-MSGV1 SY-MSGV2 SY-MSGV3 SY-MSGV4.
endif.

-


We are receving Sy-subrc = 3 (Ldap_failure) and in debug I found that it is failing in FM "LDAP_SEARCH"

I tried filter values as

'(&(OBJECTCLASS=*)(EMPLOYEENUMBER=15279))'

EMPLOYEENUMBER=15279

Is there anything i'm missing here? Kindly suggest.

Thanks

Deepthi.

Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

3 Answers

  • Best Answer
    Posted on Dec 12, 2011 at 05:05 PM

    Hi Deepthi,

    In the LDAP txn , after LOGON , u will get FIND button enabled. Use the find button to search for cn users who are all available in the AD.

    Same Find inputs can be used for the LDAP_READ function module.

    Try.. surely u will get..

    Add a comment
    10|10000 characters needed characters exceeded

  • Posted on Dec 12, 2011 at 04:50 AM

    Hi Deepthi,

    Can you check the sample program RSLDAPTEST.

    Regards,

    Madhu.

    Add a comment
    10|10000 characters needed characters exceeded

  • Posted on Dec 12, 2011 at 04:59 PM

    Hi Deepthi,

    Try like this.

    This code checks whether the PERNR exits in the AD or not.

    DATA : attributes_ldap TYPE ldapastab,

    wa_attributes_ldap TYPE ldapas,

    basisdn TYPE ldap_dns,

    filter TYPE ldap_filts,

    ldaprc TYPE ldapdefs-ldrc,

    entries_ldap TYPE ldapetab,

    serverid TYPE ldapserver-serverid.

    CLEAR attributes_ldap.

    wa_attributes_ldap-name = 'OBJECTCLASS'.

    wa_attributes_ldap-typ = 'C'.

    APPEND wa_attributes_ldap TO attributes_ldap.

    basisdn = OU=SAP,OU=TEST,OU=ACCOUNTS,DC=TEST,DC=LOCAL'. " GIVE PROPER FORMAT.. Case Sensitive

    CONCATENATE '(&(OBJECTCLASS=user)(CN='

    p_ls_final_pernr

    '))'

    INTO filter.

    serverid = 'SAPHRLDAP'.

    CALL FUNCTION 'LDAP_SYSTEMBIND'

    EXPORTING

    serverid = serverid

    writeread = 'W'

    EXCEPTIONS

    no_authoriz = 1

    config_error = 2

    nomore_conns = 3

    ldap_failure = 4

    not_alive = 5

    other_error = 6

    OTHERS = 7.

    IF sy-subrc EQ 0.

    CALL FUNCTION 'LDAP_READ'

    EXPORTING

    base_string = basisdn

    scope = 2

    filter_string = filter

    attributes = attributes_ldap

    IMPORTING

    ldaprc = ldaprc

    entries = entries_ldap

    EXCEPTIONS

    no_authoriz = 1

    conn_outdate = 2

    ldap_failure = 3

    not_alive = 4

    other_error = 5

    OTHERS = 6.

    IF sy-subrc EQ 0.

    IF entries_ldap[] IS NOT INITIAL.

    p_lv_exist = 'X'.

    ENDIF.

    ELSE.

    PERFORM addreturn

    USING

    sy-msgty

    sy-msgid

    sy-msgno

    sy-msgv1

    sy-msgv2

    sy-msgv3

    sy-msgv4

    "CHANGING

    wa_return_ldap.

    APPEND wa_return_ldap TO p_lt_searchres.

    • LDAPSEARCH fehlgeschlagen

    PERFORM addreturn USING 'E' 'LDAPACCESS' '101' '' '' '' ''

    wa_return_l.

    APPEND wa_return_l TO p_lt_searchres.

    RETURN.

    ENDIF.

    ELSE.

    PERFORM addreturn

    USING

    sy-msgty

    sy-msgid

    sy-msgno

    sy-msgv1

    sy-msgv2

    sy-msgv3

    sy-msgv4

    "CHANGING

    wa_return_ldap.

    APPEND wa_return_ldap TO p_lt_searchres.

    • Verbindung konnte nicht hergestellt werden

    p1 = serverid.

    PERFORM addreturn USING 'E' 'LDAPACCESS' '100' p1 '' '' ''

    wa_return_l.

    APPEND wa_return_l TO p_lt_searchres.

    RETURN.

    ENDIF.

    CALL FUNCTION 'LDAP_UNBIND'

    EXCEPTIONS

    conn_outdate = 1

    ldap_failure = 2

    not_alive = 3

    other_error = 4

    OTHERS = 5.

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.