/build/static/layout/Breadcrumb_cap_w.png

Problems creating LDAP labels in Kace1200 8.0.318

I wanted/needed to pull users via LDAP based on security groups. After using this Advanced Search for each LDAP security group I was able to pull the users into Kace even though running the Test option fails for some reason: (&(samaccountname=KBOX_USER)(memberOf=CN=Security Group,OU=Groups,OU=X,DC=Y,DC=Z))

Now I want to create LDAP labels for each of those groups. I figured I would be able to just copy/paste but every time I use KBOX_USER I get a flag when I go to save saying it's an invalid token with a list of valid tokens. I tried to use KBOX_USER_NAME instead like it suggests but get no results. When I do an LDAP Browse when I use KBOX_USER I see all my users in the results but when I try to use KBOX_USER_NAME like it wants I go no results.

The help documentation that pops up on the on the top right of the LDAP Labels shows KBOX_USERNAME as the example but that doesn't even seem to be a valid token either. I figured maybe I need to have those variables match. I went back over to Settings > Control Panel > User Authentication and tried to change to KBOX_USER_NAME but that breaks my User Auth pull. Only KBOX_USER works there

I have no idea what I'm doing wrong. In a perfect world how I want this setup to have User Authentication run nightly, add/remove users appropriately based on if they get added/removed from security groups, have the LDAP Labels see that, and act appropriately.


-------And PS: Why is Advance Search on the right and Base DN on the left but in LDAP Labels but switched in User Authentication. That just kind of urks me to be honest.-------

3 Comments   [ + ] Show comments
  • I believe your ultimate goal here is not possible, this part:
    "I want this setup to have User Authentication run nightly, add/remove users appropriately based on if they get added/removed from security groups, have the LDAP Labels see that, and act appropriately. "

    This will not happen, because LDAP labels are evaluated only when the user logs in.

    See this URL:
    https://support.quest.com/kace-systems-management-appliance/kb/131519

    You will need SQL Custom Rules to achieve that. - Channeler 7 years ago
  • Thanks. I'll look into that.

    I did manage to get the LDAP Label work using the LDAP Browser. For some reason KBOX_USER is the only thing that works but weirdly enough using LDAP Browser actually Saves and Enabled it when you finish and go back even though you can't actually choose "Save" on the main LDAP Label Detail page due to getting:

    "The Advanced Search Field contains invalid tokens. Valid tokens are KBOX_LDAP_UID, KBOX_USER_NAME, KBOX_FULL_NAME, KBOX_EMAIL, KBOX_ADDITIONAL_EMAILS, KBOX_DOMAIN, KBOX_MANAGER_ID, KBOX_LOCATION_ID, KBOX_BUDGET_CODE, KBOX_WORK_PHONE, KBOX_HOME_PHONE, KBOX_MOBILE_PHONE, KBOX_PAGER_PHONE, KBOX_DEVICE_COUNT, KBOX_1, KBOX_2, KBOX_3, KBOX_4."

    But the Label works... I'm literally getting pieces of this working through a slew of errors. - Grotick 7 years ago
  • I am running into the exact problem, although your workaround is not working for me. I happen to be on v7.2.101. - fauveld 6 years ago

Answers (2)

Posted by: grvenega 6 years ago
Yellow Belt
0

The filter “KBOX_USER” is not supported for LDAP labels.

Please use any of the following supported variables: https://support.quest.com/kace-systems-management-appliance/kb/112277/ldap-filters-tips-and-tricks

Once you are using any of the supported LDAP variables for LDAP labels, The Test LDAP Filter... button to review the results might not work. You want to run the Authentication LDAP user instead for those users to get applied to the LDAP label. 

Posted by: BNewland 9 months ago
Senior Yellow Belt
0

I was having a similar issue, was using ldap filter (&(samaccountname=KBOX_USER_NAME)(memberof=CN=DA_Everyone,OU=Universal,OU=Security,OU=DA18Groups,DC=LOCAL,DC=DA18))

Gave me an error about KBOX_USER_NAME not being valid, but mentioned KBOX_USERNAME in the list. I had just set up an LDAP label a moment before, which worked fine.


Turns out I forgot to switch from Type: Device to Type: User

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ