Discussion Board for collaboration on QlikView Scripting.
I have been working on this problem for days, and I am struggling to find a solution that works.
Basically, I want a function in the following form:
That returns 1 if the the username is in the group, and 0 otherwise. Does anyone have any sources or solutions for this problem? I am trying to work with the following code:
Set objGroup = GetObject("LDAP://" & gDN)
arrMemberOf = objGroup.GetEx("member")
For Each strMember in arrMemberOf
Set objMember = GetObject("LDAP://" & strMember)
ObjDisp = objMember.Name
oDL = Len(ObjDisp) - 3
ObjDisp = Right(ObjDisp,oDL)
ObjCatArray = Split(objMember.objectCategory,",")
oType = ObjCatArray(0)
oTL = Len(oType) - 3
oType = Right(oType,oTL)
msgbox "Member:" & ObjDisp & Space(20-Len(ObjDIsp)) &" Type:" & oType
If oType = "Group" Then
Set objMember = Nothing
Public Function SearchGroup(ByVal vSAN)
Dim oRootDSE, oConnection, oCommand, oRecordSet
Set oRootDSE = GetObject("LDAP://rootDSE")
Set oConnection = CreateObject("ADODB.Connection")
Set oCommand = CreateObject("ADODB.Command")
oCommand.ActiveConnection = oConnection
oCommand.CommandText = "<LDAP://" & oRootDSE.get("defaultNamingContext") & _
">;(&(objectCategory=Group)(samAccountName=" & vSAN & "));distinguishedName;subtree"
Set oRecordSet = oCommand.Execute
On Error Resume Next
SearchGroup = oRecordSet.Fields("distinguishedName")
On Error GoTo 0
Set oRecordSet = Nothing
Set oCommand = Nothing
Set oConnection = Nothing
Set oRootDSE = Nothing
Function IsMember(ByVal objADObject, ByVal strGroupNTName)
' Function to test for group membership.
' objADObject is a user or computer object.
' strGroupNTName is the NT name (sAMAccountName) of the group to test.
' objGroupList is a dictionary object, with global scope.
' Returns True if the user or computer is a member of the group.
' Subroutine LoadGroups is called once for each different objADObject.
Dim objRootDSE, strDNSDomain
' The first time IsMember is called, setup the dictionary object
' and objects required for ADO.
If (IsEmpty(objGroupList) = True) Then
Set objGroupList = CreateObject("Scripting.Dictionary")
objGroupList.CompareMode = vbTextCompare
Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
adoCommand.ActiveConnection = adoConnection
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")
adoCommand.Properties("Page Size") = 100
adoCommand.Properties("Timeout") = 30
adoCommand.Properties("Cache Results") = False
' Search entire domain.
strBase = "<LDAP://" & strDNSDomain & ">"
' Retrieve NT name of each group.
strAttributes = "sAMAccountName"
' Load group memberships for this user or computer into dictionary
Set objRootDSE = Nothing
If (objGroupList.Exists(objADObject.sAMAccountName & "\") = False) Then
' Dictionary object established, but group memberships for this
' user or computer must be added.
' Return True if this user or computer is a member of the group.
IsMember = objGroupList.Exists(objADObject.sAMAccountName & "\" & strGroupNTName)
Thoughts? Bonus points if the solution uses "Safe Mode" instead of "System Access." Thanks for your help.
Solved! Go to Solution.
Why do you need to create a function ? Why don't you retrieve content of all groups then manage it in your script?
Alternatively, can you create OLEDB connections with OLEDB Provider for Microsoft Directory Services ?
I use this function to control the display of tabs by setting variables based on AD group membership.
I am not sure if I can created OLEDB connections.
You mean that, in the dashboard, you want to test if user belongs to AD group, and if yes, you fill a variable and do an action?
If yes, I suggest you to do this test in script, then use Section Access.
In script you load all values Group - AD Account. Then you calculate in script if an AD account matches with your condition and store content in table USER_SECURITY.
Then you create a section access and link the security table to USER_SECURITY on upper(AD account) ( upper(AD account) is the value used to join). From now it means that, when user opens the application, he will have only 1 line in table USER_SECURITY, the line of his own account.
And you can add security in the tab to control that only(SECURITY_FLAG) = 1
Does this mean I will need to maintain a list of users manually? I have a working solution in VBScript right now that has explicit lists of users, but I was hoping to use AD groups as a way of avoiding that. Although, if I could have this list maintained in an external text file and loaded somehow, that would work. I recently learned about including external text files as scripts. We will likely need Section Access in the future anyway. Thank you for helping me realize this.
There should be some samples on how to access LDAP and retrieve group information here in the forum, have you checked e.g. this?