Any LDAP experts out there? Xerox Email Address Book Filtering
Recently we decided to give our students email addresses but that has created another problem for us as they are showing up in the address book on our Xerox Workcentre copiers connected to LDAP. I thought about moving the OU structure to consolidate all the teachers and staff OUs under one primary OU but my boss does not want to that as he feels it will mess with group policy settings assigned to those OUs
So I thought about using the Email Address Book filter built into the copiers to only find the Teachers and Staff accounts by using a common attribute that is only associated to those accounts and NOT the student accounts. Since the student email accounts are on a different domain than the teachers and staff I thought maybe I could filter based on that but I am not having any luck and the information from Xerox is not very helpful and I have to admit I am not an expert on LDAP strings.
Here is what the filter options looks like on the Xerox copiers
So let's say teachers and staff get their email at the domain @SchoolDomain.com and students get their email at @studentemail.com. I would like to filter out the @studentemail.com domain or only filter in accounts that have an email address at @SchoolDomain.com. I hope that makes sense as I made the domains generic for privacy reasons. We have a variety of teacher and staff accounts and there are no security groups that they are all a part of that I can use so the email domain was the only thing that made sense to me.
So I thought about using the Email Address Book filter built into the copiers to only find the Teachers and Staff accounts by using a common attribute that is only associated to those accounts and NOT the student accounts. Since the student email accounts are on a different domain than the teachers and staff I thought maybe I could filter based on that but I am not having any luck and the information from Xerox is not very helpful and I have to admit I am not an expert on LDAP strings.
Here is what the filter options looks like on the Xerox copiers
So let's say teachers and staff get their email at the domain @SchoolDomain.com and students get their email at @studentemail.com. I would like to filter out the @studentemail.com domain or only filter in accounts that have an email address at @SchoolDomain.com. I hope that makes sense as I made the domains generic for privacy reasons. We have a variety of teacher and staff accounts and there are no security groups that they are all a part of that I can use so the email domain was the only thing that made sense to me.
5 Comments
[ + ] Show comments
Answers (1)
Answer Summary:
Please log in to answer
Posted by:
SMal.tmcc
10 years ago
"Copied from comments to allow the question to be marked as answered"
My final string looks like this
(&(cn=*LDAP*)(memberOf=CN=COPIERS_EMAIL,OU=Specialty Accounts,OU=ARGO,DC=ahs,DC=com))
That way it searches using common name (First or Last)
My final string looks like this
(&(cn=*LDAP*)(memberOf=CN=COPIERS_EMAIL,OU=Specialty Accounts,OU=ARGO,DC=ahs,DC=com))
That way it searches using common name (First or Last)
Comments:
-
Thank you!! This was a HUGE help for me! - ahachenberg 8 years ago
I cannot use the domain one because the students and staff are part of the same domain internally but have different domains for their email addresses. - bwilkerson 10 years ago
not sure on xerox ldap naming but should be something like (&(samaccountname=LDAP)(memberof=CN=XeroxGroups,OU=Groups,OU=Campuses,DC=admn,DC=tmcc,DC=edu))
not much info on web about this, if you have xerox support I would email and ask them - SMal.tmcc 10 years ago
My final string looks like this
(&(cn=*LDAP*)(memberOf=CN=COPIERS_EMAIL,OU=Specialty Accounts,OU=ARGO,DC=ahs,DC=com))
That way it searches using common name (First or Last) - bwilkerson 10 years ago
It may be users or machines import - anonymous_102124 10 years ago
Any ideas would be appreciated! - sherbert52359 8 years ago
After that I went to the attributes tab and copied the value of the "distinguishedName" attribute.
Then go to your Xerox machine and in the LDAP settings there should be a place for custom attributes as shown by the illustration above.
Type (&(cn=*LDAP*)(memberOf= and then after the = sign put the pasted contents of the distinguishedName attribute of the security group.
If your xerox is properly bound to active directory the custom variable will filter out only members of that group to be available in the address book. - bwilkerson 8 years ago
Our lead tech did not want to create a group and add all of our teachers to it. We were trying to use a nested security group and your syntax. It did not work, but if I drilled down to one of the building groups that had real members, then it did work.
I had to use the ldap_matching_rule_in_chain syntax to make this work:
(&(cn=*LDAP*)(memberof:1.2.840.113556.1.4.1941:=CN=TopLevelStaff,OU=High Level Groups,OU=All Users,DC=agsd,DC=org)) - sherbert52359 8 years ago