KACE Product Support

The KACE knowledge base article may help you with the syntax
http://www.kace.com/support/kb/index.php?action=artikel&cat=55&id=1004&artlang=en

OU=HR,DC=van,DC=com
(&(name=KBOX_COMPUTER_NAME)(objectclass=computer))

This LDAP label is working!
Thank you to everyone who posted solutions. I was confused why the test query was running successfully but now showing any results. I now understand that the KBOX_ variable populates with a computer name when the query is executed on check-in.

Took a look at the KB you linked. I am still having trouble...

According the the KB this is the correct syntax. The test query runs with out error but produces no results.

ou=HR,DC=van,DC=com
(&(objectCategory=computer)(name=KBOX_COMPUTER_NAME))

"NOTE: To test your Filter, replace any "KBOX_" variables with real values. Press the Test LDAP Filter... button and review the results"

b) I replaced "KBOX_COMPUTER_NAME" with * and saw all the computers in the HR container.
c) I replaced "KBOX_COMPUTER_NAME" with computername and see the specific computer.

When using the filter (a) the LDAP filter does exactly what the test shows. No computers get labeled.
When using filter (b) I encounter the original issue. All the computers in my organization receive the label. even though the test query produces the correct results (43 computers).

I have a feeling that using LDAP labels with machines is going to force you to wait until these 43 systems check-in before the label is applied. This is similar to the way LDAP user labels work - the users must login to the KBOX before the LDAP filter is applied against the account. The way you have it written is almost correct. Try this:

ou=HR,DC=van,DC=com
(&(objectCategory=computer)(cn=KBOX_COMPUTER_NAME))

airwolf is correct, every LDAP filter must contain one of the KBOX_* variables or else it will be applied to every (or none) object it is evaluated against because the search will always be true (or false)