/build/static/layout/Breadcrumb_cap_w.png

KACE LDAP LABEL using computer names, doesn't match label results

I have been searching for the answer on ItNigja to the question on how to get KACE Ldap labels to actually produce the results I want. The answers I see tell me to use "KBOX_COMPUTER_NAME", with this I get no results in Ldap labels, but a truck load of results in Kace Labels.

Here is what I have tried, first off I create a filter that produces a result, 5 computers found.

Base DN: : DC=Testdomain,DC=Local

(&(name=VM*)(memberOf=CN=Label-Test,OU=SOE_Standard,OU=Desktops,DC=testdomain,DC=local))

Second, I create a filter that doesn't produce any results but gives me all green went tested

(&(objectcategory=computer)(name=KBOX_COMPUTER_NAME)(memberOf=CN=Label-Test,OU=SOE_Standard,OU=Desktops,DC=testdomain,DC=local))

What I find odd about this result is that there is a computer, that is in Inventory, within this Security Group, but no amount of waiting for agent sign in gets this label assigned to that computer.

I know the article https://support.software.dell.com/k1000/kb/112277 explains KBOX_COMPUTER_NAME as a variable, but is my understanding correct when I say, the KBOX_COMPUTER_NAME  variable represents all the computers contained in the database of the KACE inventory?

How does one write an LDAP Label filter, that finds one computer in the LDAP test, but also shows only one computer in the KACE Labels in stead of the hundreds I am seeing? (Thanks in advance if anyone has the answer for this.)

 

 

 

 

 

Asked 10 years ago 9190 views
1 Comment   [ + ] Show comment
  • This may also be causing a problem.

    https://www.kace.com/support/resources/kb/solutiondetail?sol=SOL125790 - nshah 10 years ago

Answers (3)

Posted by: BHC-Austin 10 years ago
4th Degree Black Belt
0

The idea behind using the KBOX_COMPUTER_NAME variable is that it will be replaced when the computer is checking in with the KBOX. So, to a certain extent, you are correct that this variable represents all PCs in KBOX inventory, but it does it one at a time, during check in, to decide if that PC should be added to the label. It's essentially the same as a Smart Label, but using an LDAP query instead of a SQL query.

That being said, you won't see any results in the label test if you put in the KBOX_COMPUTER_NAME variable (since that variable is only replaced at run-time). What you need to do when testing is manually replace it with a PC name you want to test the filter against. If it works, then plug in the variable and save the LDAP label.

We've had some success with LDAP labels using CN= instead of NAME=. Also the objectcategory field has quite a bit more information in it than just "computer", so you may want to use objectClass there. Finally, I believe the & function only supports 2 parts, so you may have to nest a few &'s together. Here's what I would suggest trying:

(&(objectClass=computer)(&(CN=KBOX_COMPUTER_NAME)(memberOf=CN=Label-Test,OU=SOE_Standard,OU=Desktops,DC=testdomain,DC=local)))

We've also used the distinguishedName field (but we don't have our computers in any Groups beyond the default "Domain Computers"):

(distinguishedName=CN=KBOX_COMPUTER_NAME,OU=SOE_Standard,OU=Desktops,DC=testdomain,DC=local)

Hope this helps.

Posted by: CjD 10 years ago
White Belt
0

Thank you for your response, but unfortunately it has taken me a while to get back to this problem. 

What I discovered when I accident pasted your solution directly into Search Filder, without change the Domain name, was that I got a postive "LDAP Search successful", the filter was shown as being Successful.

How is this result possible when the "BASE DN:" does not match the Filter? It appears I can write anything in the filter and the Test will come back as successful.

Testing LDAP Label Settings...
Testing "LDAP_Test_Label-CjD" connection to: ldaps://dc-prd on Port: 389
OK: Connection Successful.
OK: Setting Protocol Version 3 Successful.
OK: Setting LDAP REFERRALS Option 0 Successful.
OK: Search Bind using LDAP supplied credentials Successful.
Applying search filter [(&(objectClass=computer)(&(CN=KBOX_COMPUTER_NAME)(memberOf=CN=Label-Test,OU=SOE_Standard,OU=Desktops,DC=testdomain,DC=local)))]
OK: LDAP search (with filter [(&(objectClass=computer)(&(CN=KBOX_COMPUTER_NAME)(memberOf=CN=Label-Test,OU=SOE_Standard,OU=Desktops,DC=testdomain,DC=local)))]) Successful.
OK: LDAP Search successful with 0 entries found.
OK: LDAP Test Successful. Closing connection.

When I did correct the syntax, to reflect the correct domain, I got the same Search successful with 0 entries found, but this too could be a false postive.
Posted by: CjD 10 years ago
White Belt
0

Interestingly, if one does use a single computer to search for, one see that the results are it has found one machine

OK: LDAP Search successful with 1 entries found

But when I check the results in Label Detail, I find this +Computers (1057) 

How is it doing this?

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ