Problems creating LDAP labels in Kace1200 8.0.318
Now I want to create LDAP labels for each of those groups. I figured I would be able to just copy/paste but every time I use KBOX_USER I get a flag when I go to save saying it's an invalid token with a list of valid tokens. I tried to use KBOX_USER_NAME instead like it suggests but get no results. When I do an LDAP Browse when I use KBOX_USER I see all my users in the results but when I try to use KBOX_USER_NAME like it wants I go no results.
The help documentation that pops up on the on the top right of the LDAP Labels shows KBOX_USERNAME as the example but that doesn't even seem to be a valid token either. I figured maybe I need to have those variables match. I went back over to Settings > Control Panel > User Authentication and tried to change to KBOX_USER_NAME but that breaks my User Auth pull. Only KBOX_USER works there
I have no idea what I'm doing wrong. In a perfect world how I want this setup to have User Authentication run nightly, add/remove users appropriately based on if they get added/removed from security groups, have the LDAP Labels see that, and act appropriately.
-------And PS: Why is Advance Search on the right and Base DN on the left but in LDAP Labels but switched in User Authentication. That just kind of urks me to be honest.-------
Answers (2)
The filter “KBOX_USER” is not supported for LDAP labels.
Please use any of the following supported variables: https://support.quest.com/kace-systems-management-appliance/kb/112277/ldap-filters-tips-and-tricks
Once you are using any of the supported LDAP variables for LDAP labels, The Test LDAP Filter... button to review the results might not work. You want to run the Authentication LDAP user instead for those users to get applied to the LDAP label.
I was having a similar issue, was using ldap filter (&(samaccountname=KBOX_USER_NAME)(memberof=CN=DA_Everyone,OU=Universal,OU=Security,OU=DA18Groups,DC=LOCAL,DC=DA18))
Gave me an error about KBOX_USER_NAME not being valid, but mentioned KBOX_USERNAME in the list. I had just set up an LDAP label a moment before, which worked fine.
Turns out I forgot to switch from Type: Device to Type: User
"I want this setup to have User Authentication run nightly, add/remove users appropriately based on if they get added/removed from security groups, have the LDAP Labels see that, and act appropriately. "
This will not happen, because LDAP labels are evaluated only when the user logs in.
See this URL:
https://support.quest.com/kace-systems-management-appliance/kb/131519
You will need SQL Custom Rules to achieve that. - Channeler 7 years ago
I did manage to get the LDAP Label work using the LDAP Browser. For some reason KBOX_USER is the only thing that works but weirdly enough using LDAP Browser actually Saves and Enabled it when you finish and go back even though you can't actually choose "Save" on the main LDAP Label Detail page due to getting:
"The Advanced Search Field contains invalid tokens. Valid tokens are KBOX_LDAP_UID, KBOX_USER_NAME, KBOX_FULL_NAME, KBOX_EMAIL, KBOX_ADDITIONAL_EMAILS, KBOX_DOMAIN, KBOX_MANAGER_ID, KBOX_LOCATION_ID, KBOX_BUDGET_CODE, KBOX_WORK_PHONE, KBOX_HOME_PHONE, KBOX_MOBILE_PHONE, KBOX_PAGER_PHONE, KBOX_DEVICE_COUNT, KBOX_1, KBOX_2, KBOX_3, KBOX_4."
But the Label works... I'm literally getting pieces of this working through a slew of errors. - Grotick 7 years ago