/build/static/layout/Breadcrumb_cap_w.png

Set Agent Sync Org based on LDAP Query

We want the ability to have a KBOX client moved (change it's sync-to organization) to a specific KBOX organization based on it's OU membership in Active Directory. Is this the intent of the LDAP Filter procedure mentioned in "Setting Up LDAP Filter Tips and Tricks" (http://www.kace.com/support/kb/index.php?action=artikel&cat=55&id=1004&artlang=en). For instance, Windows computer SMITH-PC is a member of the OU 'Test' in Active Directory, we create an organization on the KBOX called 'Test'. We setup an LDAP filter as listed above and deploy the KBOX agent to SMITH-PC. Will this PC be subsequently re-synced from the 'default' organization to the 'Test' organization? Also if the client is later moved to a different OU, will be moved to a different KBOX org if the filter matches?

Here is an example of our filter for the organization 'Test' which doesn't currently seem to be working as expected. Note our AD top-level name is 'Marshall.edu':

Search Base DN: OU=Test,DC=Marshall,DC=Edu

Search Filter: (&(name=KBOX_COMPUTER_NAME)(memberOf=OU=Test,DC=marshall,DC=edu))

Currently running 5.3.47927 on KBOX server and deploying 5.3.47657 for KBOX agents.

0 Comments   [ + ] Show comments

Answers (5)

Posted by: joncutler 13 years ago
Blue Belt
0
An additional spin to this inquiry is can you specify the 'sync to organization' as part the KBOX agent install? If the agent install package is shared out under the particular org (i.e. \\kbox\client_x\agent_provisioning\...) will that freshly installed client be set to sync to the Organization associated with the 'client_x' share, or still be associated with the 'default' organization? Is there a way to specify this in passing configuration data to the installer?

Thanks,
Posted by: dchristian 13 years ago
Red Belt
0
jon,

Try this for your search filter:
(name=KBOX_COMPUTER_NAME)
You only use memberof to check for groups.

Since you have the OU in your search base you should be ok.

Also make sure when you test, you replace KBOX_COMPUTER_NAME with the name of a pc in that OU.
Posted by: joncutler 13 years ago
Blue Belt
0
David,

Thanks for the reply. That query is now correctly evaluating on the console, but the client has not been assigned to the correct org. Is this evaluation of which org to use a one-time event (i.e. when the client is initially deployed) or does it occur on a more regular basis? When I go thru the 'Refiltering Computers' process listed in the K1000 Admin Guide (Administration/SAG_kace_organization.14.7.html#935927), the computer is showing up when I run the 'Test The Filter' function. Then when I select the computer and 'Choose Action -->Refilter Selected Computers', the computer is still not set to be moved to the correct org. I have also double checked that the org filter I created is 'enabled' and that no other filtering rules apply to the client.

Am I not being patient or should this happen fairly quickly?
Posted by: dchristian 13 years ago
Red Belt
0
Did you also assign the filter under Organizations -> Organization Filters?
Posted by: joncutler 13 years ago
Blue Belt
0
That was it...I was looking right at the filter name showing up in the list, but didn't make the connection that 'no filters selected' was still the status of the organization. This is working both to move (resync) a client into an organization, and to also move back-out of the organization based on OU membership in Active Directory.

Thanks for the help.
Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login

Share

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ