/build/static/layout/Breadcrumb_cap_w.png

Why does a device LDAP label add unwanted machines?

I created a group in AD and added one computer to it. Then created an LDAP label with a base DN that's a bit higher than I'd like in the chain. Meaning that base DN is DC=domain, DC=com, when I'd prefer it to be like below.
I'd like to use this DN, but it won't let me type it in. Kace is pulling the DN from it's own configuration.
Base DN I'd like: CN=Comps_TECH,OU=Groups,OU=MYOU,OU=NAME1,OU=AD,DC=domain,DC=com
Search Filter: (&(memberof=CN=Comps_TECH,OU=Groups,OU=MYOU,OU=NAME1,OU=AD,DC=domain,DC=com)(samaccountname=KBOX_USER))

The LDAP label is growing and adding machines that are not in the Comps_TECH group.

How should I create the label so it only contains computers that are in the "Comps_TECH" group?
Asked 9 years ago 1671 views
0 Comments   [ + ] Show comments

Answers (2)

Posted by: BHC-Austin 9 years ago
4th Degree Black Belt
0
If I'm not mistaken, Base DN needs to be as broad as possible, and can't be a group name. Therefore, you may want to use something like OU=MYOU,OU=NAME1,OU=AD,DC=domain,DC=com for your Base DN. Also, you're matching usernames, rather than PC names. Your filter would need to look something like this: (&(name=KBOX_COMPUTER_NAME)(memberof=CN=Comps_TECH,OU=Groups,OU=MYOU,OU=NAME1,OU=AD,DC=domain,DC=com))
Posted by: murbot 9 years ago
10th Degree Black Belt
0
Thank you. I was trying your first suggestion, but hadn't tried changing to KBOX_COMPUTER_NAME till I read your comment. Just made that change and everything tests successful in the LDAP Browser page, but it's not pulling machines into the label. 

If you're correct and it can't actually get down a group, then that stinks. LOL. My reasoning for doing this was so I wouldn't have to to focus on an OU. But it sounds like creating an OU and placing the machines from my group in that OU is the only option.

I'll try a few things before giving up. If there's any suggestions for how to search down to a group, please chime in. The function is in Kace since it does succeed at the LDAP browser page when I use KBOX_USER and search to a group with only computers in it. Just no luck with the actual label.

Thanks

Comments:
  • You should be able to use Group membership, but using the filter, rather than the Base DN. Try expanding the base DN to DC=domain,DC=com and then filter as I suggested - BHC-Austin 9 years ago

Posted by:

murbot 10th Degree Black Belt
Ninja since: 14 years ago

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login

View more:

Systems Management Questions
question

Related Questions

Link

Related Links

Post

Related Posts

Share

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ