Labels

admin (1) aix (1) alert (1) always-on (2) Architecture (1) aws (3) Azure (1) backup (3) BI-DWH (10) Binary (3) Boolean (1) C# (1) cache (1) casting (3) cdc (1) certificate (1) checks (1) cloud (3) cluster (1) cmd (7) collation (1) columns (1) compilation (1) configurations (7) Connection-String (2) connections (6) constraint (6) copypaste (2) cpu (2) csv (3) CTE (1) data-types (1) datetime (23) db (547) DB2 (1) deadlock (2) Denali (7) device (6) dotNet (5) dynamicSQL (11) email (5) encoding (1) encryption (4) errors (124) excel (1) ExecutionPlan (10) extended events (1) files (7) FIPS (1) foreign key (1) fragmentation (1) functions (1) GCP (2) gMSA (2) google (2) HADR (1) hashing (3) in-memory (1) index (3) indexedViews (2) insert (3) install (10) IO (1) isql (6) javascript (1) jobs (11) join (2) LDAP (2) LinkedServers (8) Linux (15) log (6) login (1) maintenance (3) mariadb (1) memory (4) merge (3) monitoring (4) MSA (2) mssql (444) mssql2005 (5) mssql2008R2 (20) mssql2012 (2) mysql (36) MySQL Shell (5) network (1) NoSQL (1) null (2) numeric (9) object-oriented (1) offline (1) openssl (1) Operating System (4) oracle (7) ORDBMS (1) ordering (2) Outer Apply (1) Outlook (1) page (1) parameters (2) partition (1) password (1) Performance (103) permissions (10) pivot (3) PLE (1) port (4) PostgreSQL (14) profiler (1) RDS (3) read (1) Replication (12) restore (4) root (1) RPO (1) RTO (1) SAP ASE (48) SAP RS (20) SCC (4) scema (1) script (8) security (10) segment (1) server (1) service broker (2) services (4) settings (75) SQL (74) SSAS (1) SSIS (19) SSL (8) SSMS (4) SSRS (6) storage (1) String (35) sybase (57) telnet (2) tempdb (1) Theory (2) tips (120) tools (3) training (1) transaction (6) trigger (2) Tuple (2) TVP (1) unix (8) users (3) vb.net (4) versioning (1) windows (14) xml (10) XSD (1) zip (1)
Showing posts with label LDAP. Show all posts
Showing posts with label LDAP. Show all posts

Errors and optional solutions while querying LDAP

ERROR:
An error occurred while preparing the query ... for execution against OLE DB provider ADSDSOObject for linked server.
Optional Solutions/problems:
Add the server name to the LDAP address: LDAP://CN=aaa,CN=OuTree,DC=aaa1,DC=aaa2 --> LDAP://SERVERNAME/CN=aaa,CN=OuTree,DC=aaa1,DC=aaa2.

ERROR:
The OLE DB provider "ADSDSOObject" for linked server "adsi_test" reported an error. The provider indicates that the user did not have the permission to perform the operation.
Optional Solutions/problems:
Run the query with user that have relevant permissions in the LDAP.

ERROR:
Cannot fetch a row from OLE DB provider "ADSDSOObject" for linked server "adsi_test".
Optional Solutions/problems:
Maybe the data from the LDAP is wrong.

ERROR:
An error occurred while preparing the query "
...........
" for execution against OLE DB provider "ADSDSOObject" for linked server "adsi_test". 
Optional Solutions/problems:
- Wrong syntax of the query.
- Maybe there is a problem to run the query from other machine that it's not the SQL Server.
פורסם על ידי No comments:
תוויות: , , , ,

Querying LDAP through SQL Server

In order to querying LDAP (Active Directory, LDS, etc.) through SQL Server, we need to create a Linked Server to the LDAP, and use OPENROWSET statement to select data from it.

-- create new linked server
exec sp_addlinkedserver  
  @server = 'adsi_test',-- linked server name
  @srvproduct = 'LDAP',  
  @provider ='ADSDSOObject',-- provider name
  @datasrc = ''  
go
-- create linked server login for sa
exec sp_addlinkedsrvlogin
  @rmtsrvname = 'adsi_test',-- linked server
  @useself = false,
  @locallogin = 'sa',-- sqlUser
  @rmtuser = 'domain\master_user',-- domainName\userName
  @rmtpassword = 'password'-- domain User Password
go

-- 2 options of query from LDAP:
--1:
select * FROM OPENQUERY(adsi_test, '<LDAP://SERVERNAME:port/CN=aaa,CN=OuTree,DC=aaa1,DC=aaa2>;(&(name=*));name,distinguishedName;subtree
')
--2:
select *  
from  openquery(adsi_test, '  
select  userPrincipalName
from    ''LDAP://SERVERNAME:port/CN=aaa,CN=OuTree,DC=aaa1,DC=aaa2''  
where   objectCategory = ''Person'' and objectClass = ''user''  
')
  • CN is containers that are usually defined as users, contacts, groups.
  • OU is organizational units that usually contain objects such users, contacts, groups and other OUs.
  • DC is domain containers that are created by separating the full internal domain name.
  • LDAP://SERVERNAME:port/CN=aaa,CN=OuTree,DC=aaa1,DC=aaa2 = LDAP:// SERVER NAME : port / Root of the LDS/AD tree
  • (&(name=*)) = WHERE NAME = * (no filter by name)
  • ;name,distinguishedName - fields to select from LDS
  • ;subtree - include all the tree from the declared root
Examples:
-- select all groups:
select distinguishedName from  openquery(adsi_test, '  
select name, distinguishedName
from    ''LDAP://SERVERNAME:port/CN=aaa,CN=OuTree,DC=aaa1,DC=aaa2''  
where   objectCategory = ''Group''  
and  objectClass = ''Group''
')

-- select all users of group 'Managers' in AAA
select *
from  openquery(adsi_test, '  
select objectGUID, name, givenname, sn, distinguishedName
from    ''LDAP://SERVERNAME:port/CN=aaa,CN=OuTree,DC=aaa1,DC=aaa2''  
where   objectCategory = ''Person''  
and  objectClass = ''user'' 
AND memberOf = ''cn=Managers,CN=AAA,CN=aaa,CN=OuTree,DC=aaa1,DC=aaa2''
')

-- list of the groups that the user itaig is a member of: (the function 'member')
select * FROM OPENQUERY(adsi_test, 
'<LDAP://SERVERNAME:port/CN=aaa,CN=OuTree,DC=aaa1,DC=aaa2>;
(&(objectCategory=group)(member=CN=itaig,CN=aaa,CN=OuTree,DC=aaa1,DC=aaa2));name,distinguishedName,objectGUID
')


Search Filter Syntax (msdn):
http://msdn.microsoft.com/en-us/library/Aa746475
פורסם על ידי No comments:
תוויות: , , , ,
Subscribe to: Posts (Atom)