/build/static/layout/Breadcrumb_cap_w.png

How do I create user labels limited by Active Directory roles?

For software installations, I'd like to be able to create a user label specifically for users with a "faculty" role in Active Directory. I've tried building labels for users limited by OU, but I still ended up pulling in all AD users - how do I narrow this down? and can I target users by role?

When I create an LDAP label and test it, I get the correct number of entries found, but, for example, applying the label to a software installation in the User Console Library does not limit access. Am I missing a step?

0 Comments   [ + ] Show comments

Answers (1)

Posted by: h2opolo25 9 years ago
Red Belt
0
You need to make sure you have the (SAMAccountname=KBOX_USER_NAME) field in your ldap search.

Here's a sample of mine.... (keep in mind that for me, I use the email as the username which is why I have mail=KBOX...)

(&(&(&(objectCategory=person)(physicaldeliveryofficename=*)(objectCategory=user)(mail=KBOX_USER_NAME))))

This pulls all users from the domain that have an office name in the LDAP.


 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ