/build/static/layout/Breadcrumb_cap_w.png

LDAP labels

In AD computers are separated by departments.
*Finance
*HR

I created an LDAP label for each department OU.

Example:
Search Base: OU=HR,DC=hq,DC=com
Search Filter: (objectclass=computer)

When I test the label I get the results I intended on (43 computers). I enabled the LDAP label and noticed that it was populating with all the computers in my organization instead of the 43 computers in the specific OU. What am I doing wrong?

0 Comments   [ + ] Show comments

Answers (5)

Posted by: KevinG 13 years ago
Red Belt
1
The KACE knowledge base article may help you with the syntax
http://www.kace.com/support/kb/index.php?action=artikel&cat=55&id=1004&artlang=en
Posted by: tsg 13 years ago
Senior Yellow Belt
1
OU=HR,DC=van,DC=com
(&(name=KBOX_COMPUTER_NAME)(objectclass=computer))

This LDAP label is working!
Thank you to everyone who posted solutions. I was confused why the test query was running successfully but now showing any results. I now understand that the KBOX_ variable populates with a computer name when the query is executed on check-in.

Comments:
  • Most helpful part for figuring out my configuration issues: "when the query is executed on check-in." Thank you! - tomicles 9 years ago
Posted by: tsg 13 years ago
Senior Yellow Belt
0
Took a look at the KB you linked. I am still having trouble...

According the the KB this is the correct syntax. The test query runs with out error but produces no results.

ou=HR,DC=van,DC=com
(&(objectCategory=computer)(name=KBOX_COMPUTER_NAME))

"NOTE: To test your Filter, replace any "KBOX_" variables with real values. Press the Test LDAP Filter... button and review the results"

b) I replaced "KBOX_COMPUTER_NAME" with * and saw all the computers in the HR container.
c) I replaced "KBOX_COMPUTER_NAME" with computername and see the specific computer.

When using the filter (a) the LDAP filter does exactly what the test shows. No computers get labeled.
When using filter (b) I encounter the original issue. All the computers in my organization receive the label. even though the test query produces the correct results (43 computers).
Posted by: airwolf 13 years ago
Red Belt
0
I have a feeling that using LDAP labels with machines is going to force you to wait until these 43 systems check-in before the label is applied. This is similar to the way LDAP user labels work - the users must login to the KBOX before the LDAP filter is applied against the account. The way you have it written is almost correct. Try this:

ou=HR,DC=van,DC=com
(&(objectCategory=computer)(cn=KBOX_COMPUTER_NAME))
Posted by: GillySpy 13 years ago
7th Degree Black Belt
0
airwolf is correct, every LDAP filter must contain one of the KBOX_* variables or else it will be applied to every (or none) object it is evaluated against because the search will always be true (or false)
Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login

Share

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ