LDAP smart label to label devices by AD group and OU membership

Question

I'm trying to avoid creating an bunch of AD group for each of my sites (I would end up creating 35 groups). So I'm trying to write an LDAP label that would check if the computer is in a specific group as well as in a certain OU. This is what I have:

(&(&(memberOf=CN=**Name of Group**,DC=**Domain**,DC=com)(name=KBOX_COMPUTER_NAME)(objectclass=organizationalunit) (name=OU=**Name of OU**,DC=**Domain Name**,DC=com)))

It works for just the group, but I can't seem to get it to work with both. Is what I'm trying to do even possible?

Answer

The syntax of your LDAP filter may be a bit off. Try something like this:

(&(memberOf=CN=**Name of Group**,DC=**Domain**,DC=com)(name=KBOX_COMPUTER_NAME)(objectclass=organizationalunit)(name=OU=**Name of OU**,DC=**Domain Name**,DC=com))

You should only need one & to "AND" all those statements together.

Answer

Another approach would be to set your Base DN to the OU that you want the label to search in. So in the Base DN field, you would put:

OU=**Name of OU**,DC=**Domain Name**,DC=com

And then in your filter, put just the Group filter as:

(&(memberOf=CN=**Name of Group**,DC=**Domain**,DC=com)(name=KBOX_COMPUTER_NAME))

Of course, each LDAP label would then have a unique Base DN

Comments:

I tried this and it didn't work.

I have a feeling since the base DN is the actual OU I want to search I'm not going to be able to check the AD group. But I appreciate the help. - bkopec 10 years ago

LDAP smart label to label devices by AD group and OU membership

Answers (2)

Posted by:

View more:

Related Questions

Related Links

Related Posts

KACE Product Support

LDAP smart label to label devices by AD group and OU membership

Answers (2)

Posted by:

Don't be a Stranger!

View more:

Related Questions

Related Links

Related Posts

Share