I am trying to create a LDAP Smart Label based on group membership. I want to then apply that label as owners in a new queue I am creating. I setup this query in ADUC: (|(&(&(objectCategory=user)(memberOf=cn=Test,ou=Test Groups,dc=Testing,dc=com)))(&(&(objectCategory=user)(memberOf=cn=Test2,ou=Test Groups,dc=Testing,dc=com)))) and found 22 users. I copied it over to Kbox and use the test button. It finds 22 users. After I enable the label and let it go find users over the weekend it has found over 400. This is not correct. What am I doing wrong?

Answer Summary:
Summary of comments: You need (samaccountname=KBOX_USER_NAME). You DON'T NEED (samaccountname=KBOX_USER) One is for LDAP, one is for LDAP labels. Just the way it works.
Cancel
4 Comments   [ + ] Show Comments

Comments

  • I don't see the main thing you need:

    (samaccountname=KBOX_USER_NAME)
  • Does it work without (samaccountname=KBOX_USER_NAME)? In test, yes, (and when you're TESTING the label you need to change (samaccountname=KBOX_USER_NAME) to (samaccountname=*).

    If you like, I can dig up my ticket with KACE about this where it ended in a phone call and me going "well that's dumb" and the response being "yeah...we know..."
  • OH OH I remember why it's stupid!!!!!

    In your actual LDAP, for the user authentification, you have to use: (samaccountname=KBOX_USER)

    for the LDAP LABEL you have to use (samaccountname=KBOX_USER_NAME).

    THAT'S why it was such a pain in the butt. Try (samaccountname=KBOX_USER_NAME) and that should solve.
  • I used KBOX_USER_NAME after testing with *. It seems to be working but I need to wait for it to pull users. If its good I will mark your answer. Thanks for the quick response
    • You can always push the LDAP by going to SETTINGS > USER AUTH > and hitting the little clock and doing a RUN NOW which will run the import and trigger the ldap labels.
    • Any luck?
Please log in to comment

Answers

2

Since I put everything in the comments, can't mark this one answered if I did indeed did answer it.

 

Summary of comments:

 

You need (samaccountname=KBOX_USER_NAME).

You DON'T NEED (samaccountname=KBOX_USER)

One is for LDAP, one is for LDAP labels.  Just the way it works.

Does it work without (samaccountname=KBOX_USER_NAME)?  In test, yes, (and when you're TESTING the label you need to change (samaccountname=KBOX_USER_NAME) to (samaccountname=*).

If you like, I can dig up my ticket with KACE about this where it ended in a phone call and me going "well that's dumb" and the response being "yeah...we know..." - See more at: http://www.itninja.com/question/k1000-ldap-smart-label-too-many-users#sthash.DiRVGGSY.dpuf
Does it work without (samaccountname=KBOX_USER_NAME)?  In test, yes, (and when you're TESTING the label you need to change (samaccountname=KBOX_USER_NAME) to (samaccountname=*).

If you like, I can dig up my ticket with KACE about this where it ended in a phone call and me going "well that's dumb" and the response being "yeah...we know..." - See more at: http://www.itninja.com/question/k1000-ldap-smart-label-too-many-users#sthash.DiRVGGSY.dpuf
Does it work without (samaccountname=KBOX_USER_NAME)?  In test, yes, (and when you're TESTING the label you need to change (samaccountname=KBOX_USER_NAME) to (samaccountname=*).

If you like, I can dig up my ticket with KACE about this where it ended in a phone call and me going "well that's dumb" and the response being "yeah...we know..." - See more at: http://www.itninja.com/question/k1000-ldap-smart-label-too-many-users#sthash.DiRVGGSY.dpuf
Does it work without (samaccountname=KBOX_USER_NAME)?  In test, yes, (and when you're TESTING the label you need to change (samaccountname=KBOX_USER_NAME) to (samaccountname=*).

If you like, I can dig up my ticket with KACE about this where it ended in a phone call and me going "well that's dumb" and the response being "yeah...we know..." - See more at: http://www.itninja.com/question/k1000-ldap-smart-label-too-many-users#sthash.DiRVGGSY.dpuf
Does it work without (samaccountname=KBOX_USER_NAME)?  In test, yes, (and when you're TESTING the label you need to change (samaccountname=KBOX_USER_NAME) to (samaccountname=*).

If you like, I can dig up my ticket with KACE about this where it ended in a phone call and me going "well that's dumb" and the response being "yeah...we know..." - See more at: http://www.itninja.com/question/k1000-ldap-smart-label-too-many-users#sthash.DiRVGGSY.dpuf
Does it work without (samaccountname=KBOX_USER_NAME)?  In test, yes, (and when you're TESTING the label you need to change (samaccountname=KBOX_USER_NAME) to (samaccountname=*).

If you like, I can dig up my ticket with KACE about this where it ended in a phone call and me going "well that's dumb" and the response being "yeah...we know..." - See more at: http://www.itninja.com/question/k1000-ldap-smart-label-too-many-users#sthash.DiRVGGSY.dpuf
Does it work without (samaccountname=KBOX_USER_NAME)?  In test, yes, (and when you're TESTING the label you need to change (samaccountname=KBOX_USER_NAME) to (samaccountname=*).

If you like, I can dig up my ticket with KACE about this where it ended in a phone call and me going "well that's dumb" and the response being "yeah...we know..." - See more at: http://www.itninja.com/question/k1000-ldap-smart-label-too-many-users#sthash.DiRVGGSY.dpuf
Does it work without (samaccountname=KBOX_USER_NAME)?  In test, yes, (and when you're TESTING the label you need to change (samaccountname=KBOX_USER_NAME) to (samaccountname=*).

If you like, I can dig up my ticket with KACE about this where it ended in a phone call and me going "well that's dumb" and the response being "yeah...we know..." - See more at: http://www.itninja.com/question/k1000-ldap-smart-label-too-many-users#sthash.DiRVGGSY.dpuf
  • I don't see the main thing you need:

    (samaccountname=KBOX_USER_NAME)

    Reply
  • Does it work without (samaccountname=KBOX_USER_NAME)?  In test, yes, (and when you're TESTING the label you need to change (samaccountname=KBOX_USER_NAME) to (samaccountname=*).

    If you like, I can dig up my ticket with KACE about this where it ended in a phone call and me going "well that's dumb" and the response being "yeah...we know..."

    Reply
  • OH OH I remember why it's stupid!!!!!

    In your actual LDAP, for the user authentification, you have to use: (samaccountname=KBOX_USER)

    for the LDAP LABEL you have to use (samaccountname=KBOX_USER_NAME).

    THAT'S why it was such a pain in the butt.  Try (samaccountname=KBOX_USER_NAME) and that should solve.

- See more at: http://www.itninja.com/question/k1000-ldap-smart-label-too-many-users#sthash.DiRVGGSY.dpuf
  • I don't see the main thing you need:

    (samaccountname=KBOX_USER_NAME)

    Reply
  • Does it work without (samaccountname=KBOX_USER_NAME)?  In test, yes, (and when you're TESTING the label you need to change (samaccountname=KBOX_USER_NAME) to (samaccountname=*).

    If you like, I can dig up my ticket with KACE about this where it ended in a phone call and me going "well that's dumb" and the response being "yeah...we know..."

    Reply
  • OH OH I remember why it's stupid!!!!!

    In your actual LDAP, for the user authentification, you have to use: (samaccountname=KBOX_USER)

    for the LDAP LABEL you have to use (samaccountname=KBOX_USER_NAME).

    THAT'S why it was such a pain in the butt.  Try (samaccountname=KBOX_USER_NAME) and that should solve.

- See more at: http://www.itninja.com/question/k1000-ldap-smart-label-too-many-users#sthash.DiRVGGSY.dpuf
Answered 01/06/2014 by: Wildwolfay
Red Belt

  • Thank you. That was the problem.
Please log in to comment
Answer this question or Comment on this question for clarity

Share