Skip to main content
Announcements
Have questions about Qlik Connect? Join us live on April 10th, at 11 AM ET: SIGN UP NOW
cancel
Showing results for 
Search instead for 
Did you mean: 
Not applicable

LDAP Access - Member Of

Hi Folks

I have figured out how to access LDAP, however, I am having trouble getting hold of the MemberOf values, the following query

ldap_Groups:

SQL
SELECT memberOf
FROM '$(vLDAP)' WHERE objectClass='user' AND SAMAccountName='$(vUserName)';


Returns an error as shown below (always a favourite of mine when an error message states SQL Error: No Error, provides so much information!), I am suspecting that I might need to do something special with this as the contents of memberOf field is quite large.

Anybody have any clues as to what I would need to do????



Any help greatly appreciated.

1 Solution

Accepted Solutions
rwunderlich
Partner Ambassador/MVP
Partner Ambassador/MVP

I updated my ActiveDirectoryLoad sample to get the group members using a macro function. Seems to work pretty well and doesn't require a preprocessor like my MsLogparser solution.

The macro function requires System Access. Change the RootDse variable on the script "Setup" tab to point to your domain.

Let me know if it works for you (or anyone who can test it) and I'll include it in the next Cookbook.

-Rob

View solution in original post

51 Replies
TK_
Partner - Creator
Partner - Creator

Hi Nigel

Your "problem" is that memberOf returns an array and not a string. You have to create a loop in order to read the array.

I found some information here that might be useful:

http://www.rlmueller.net/ADOSearchTips.htm

Regards

Terje Knappen

Not applicable
Author

Hi Terje

Thanks for responding on that, I had a clue that this might be causing the problem, but whilst you have helped to confirm that I'm still a bit unlcear on how I overcome the problem inside the load script. Do you have any idea how to introduce a loop into the load script that will work for this (the link helped to identify some issues, but didn't indicate how to create the loop machanism).

My alternative is to change the query to bring back members of specific groups, which of course would mean creating multiple queries (one for each group I am interested in).

Thanks for your help,

TK_
Partner - Creator
Partner - Creator

Hi

I had a situation where I needed to get the memberOf values, but (because of some other factors) I ended up with making an external vbs-script. The script read the values and created a csv-file which I then loaded into section access. I did this at my old job and I don't have access to the script anymore, otherwise I would have sent it to you. It shouldn't be to difficult to create this kind of vbs-script though, there are some nice tips on the url I posted earlier.

regards

Terje Knappen

rwunderlich
Partner Ambassador/MVP
Partner Ambassador/MVP

I also get the member values using an external tool. I use MSLogparser. The Qlikview Cookbook contains an sample named "Loading Group membership information from Active Directory -- requires Microsoft LogParser" that provides an example.

-Rob

rwunderlich
Partner Ambassador/MVP
Partner Ambassador/MVP

I updated my ActiveDirectoryLoad sample to get the group members using a macro function. Seems to work pretty well and doesn't require a preprocessor like my MsLogparser solution.

The macro function requires System Access. Change the RootDse variable on the script "Setup" tab to point to your domain.

Let me know if it works for you (or anyone who can test it) and I'll include it in the next Cookbook.

-Rob

Not applicable
Author

Hello Rob

Thanks very much for getting involved in this thread, I've tried your solution and whilst it does refresh all of the data and brings back sensible (correct) user names and group names, for some reason none of the groups are connected to users (and of course vice-versa). I saved a copy with data so you can see what I mean, I've looked through the code and I can't find anything that might have caused this, wonder if you might be able to shed some light.

Cheers,

rwunderlich
Partner Ambassador/MVP
Partner Ambassador/MVP

Nigel,

According to the table viewer, field UserDN in table GroupMembers has 0 values. So something is going wrong with the group execution.

In the macro module, can you plug one of your UserDN values into the TestIt Sub and run that sub with the Test button?

You've granted System Access to the qvw?

-Rob

Not applicable
Author

Hi Rob

You've granted System Access to the qvw?

In short, No!, but there's a good reason behind it (I wasn't just ignoring your instructions honestly).

We have system access allowed on all our QVWs so I simply assumed that this would be taken care of (we do this by adjusting the OverrideSecurityModule setting in the registry), the problem is that I have just been given a new machine by IT and they have obviously missed this part of the machine deployment process.

Sorted it now and it's working great, really appreciate your help.

Kind regards,

schivet
Contributor III
Contributor III

Hi Rob,

First of all, thank you for this very good application!

I've granted System Access to the qvw and can updated the application as expected on local but I cannot succeed from the Publisher. I don't find what to setup to get it running? Do you have any idea?

Thanks

Best regards

Stéphane Chivet