/build/static/layout/Breadcrumb_cap_w.png

USER LDAP Label Issue

I've read through other questions but it seems that most people are having an issue with the KBOX_USER variable, but as far as I'm concerned, for what I'm doing, I should'nt even NEED that.

I have an LDAP Import that runs at 2 AM right now that imports ALL users based on being part of the group "ALL" (This is because our AD has plenty of 'user' classes that are just used for other purposes, so importing EVERYONE gets ugly).

Anyhow, this works for the time being, and I get my 171 people in as users (or just 'updated' with no info). 

I have created a USER label called "ACCOUNTING" and attached to this an LDAP Label that is setup as such:

 

Search Base DN: OU=Accounting_Personnel,OU=CORRECT OU,DC=domain,DC=com

Search Filter:  (&(objectclass=user)(!(displayname=*printer*)))

I test this WITHOUT any Label attritubes or prefixes (and yes it's enabled) and the little TEST window at the bottom shows me that there are 37 successful entries.  GREAT!  That's exactly what I was expecting.  I run the scheduled import of 171 users and boom, my LDAP  label populates 171 people with my Accounting User Label.  WHY!??!

As far as the LDAP LABEL is concerned, it is supposed to look in ONE little OU with 37 people, and the test says it is, but it applies the label to EVERYONE in the import.  why????


I have tested it by adding the (samaccountname=*) just for fun, and also tried with (samaccountname=KBOX_USER) ((FYI KBOX_USER is what my scheduled ldap import uses)) and I get the same exact results, either 0 labels are applied or 171.

 

Am I missing something or is the SEARCH DN not doing anything during the apply part?  If I could get some Ideas ASAP even just touches-and-goes then that'd be great, because this is ruining my day and halting a lot of other labels from being made at this point. 


FYI - I do NOT, DO NOT want to have a schedule an import for every single little OU and have an LDAP label for every single OU.  The LDAP import should bring in everyone, and the LDAP LABEL SEARCH DN should do it's job, as far as I can tell.

help.

Asked 11 years ago 6914 views
1 Comment   [ + ] Show comment
  • Any ideas?? I have a feeling this is a 'me' thing so I really don't want to open a support ticket, but it saying it finds 37 matches and assigns it to 171 seems like an issue.... - Wildwolfay 11 years ago

Answers (1)

Answer Summary:
Well I guess everyone was right in the past, need that samaccountname= variable... the confusion was explained to me by KACE. For LDAP IMPORT (user auth.) you use the variable samaccountname=KBOX_USER. For LDAP LABELS you use the variable samaccountname=KBOX_USER_NAME . They are aware of this inconsistancy.... ergh. Added the CORRECT variable and good to go.
Posted by: Wildwolfay 11 years ago
Red Belt
2

Well I guess everyone was right in the past, need that samaccountname= variable... the confusion was explained to me by KACE.

For LDAP IMPORT (user auth.) you use the variable samaccountname=KBOX_USER.


For LDAP LABELS you use the variable samaccountname=KBOX_USER_NAME .


They are aware of this inconsistancy.... ergh.  Added the CORRECT variable and good to go.

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ