I have been searching for the answer on ItNigja to the question on how to get KACE Ldap labels to actually produce the results I want. The answers I see tell me to use "KBOX_COMPUTER_NAME", with this I get no results in Ldap labels, but a truck load of results in Kace Labels.

Here is what I have tried, first off I create a filter that produces a result, 5 computers found.

Base DN: : DC=Testdomain,DC=Local


Second, I create a filter that doesn't produce any results but gives me all green went tested


What I find odd about this result is that there is a computer, that is in Inventory, within this Security Group, but no amount of waiting for agent sign in gets this label assigned to that computer.

I know the article https://support.software.dell.com/k1000/kb/112277 explains KBOX_COMPUTER_NAME as a variable, but is my understanding correct when I say, the KBOX_COMPUTER_NAME  variable represents all the computers contained in the database of the KACE inventory?

How does one write an LDAP Label filter, that finds one computer in the LDAP test, but also shows only one computer in the KACE Labels in stead of the hundreds I am seeing? (Thanks in advance if anyone has the answer for this.)






1 Comment   [ + ] Show Comment


  • This may also be causing a problem.

Please log in to comment



The idea behind using the KBOX_COMPUTER_NAME variable is that it will be replaced when the computer is checking in with the KBOX. So, to a certain extent, you are correct that this variable represents all PCs in KBOX inventory, but it does it one at a time, during check in, to decide if that PC should be added to the label. It's essentially the same as a Smart Label, but using an LDAP query instead of a SQL query.

That being said, you won't see any results in the label test if you put in the KBOX_COMPUTER_NAME variable (since that variable is only replaced at run-time). What you need to do when testing is manually replace it with a PC name you want to test the filter against. If it works, then plug in the variable and save the LDAP label.

We've had some success with LDAP labels using CN= instead of NAME=. Also the objectcategory field has quite a bit more information in it than just "computer", so you may want to use objectClass there. Finally, I believe the & function only supports 2 parts, so you may have to nest a few &'s together. Here's what I would suggest trying:


We've also used the distinguishedName field (but we don't have our computers in any Groups beyond the default "Domain Computers"):


Hope this helps.

Answered 06/17/2014 by: BHC-Austin
Fourth Degree Black Belt

Please log in to comment

Thank you for your response, but unfortunately it has taken me a while to get back to this problem. 

What I discovered when I accident pasted your solution directly into Search Filder, without change the Domain name, was that I got a postive "LDAP Search successful", the filter was shown as being Successful.

How is this result possible when the "BASE DN:" does not match the Filter? It appears I can write anything in the filter and the Test will come back as successful.

Testing LDAP Label Settings...
Testing "LDAP_Test_Label-CjD" connection to:
ldaps://dc-prd on Port: 389
OK: Connection Successful.
OK: Setting Protocol Version 3 Successful.
OK: Setting LDAP REFERRALS Option 0 Successful.
OK: Search Bind using LDAP supplied credentials Successful.
Applying search filter [(&(objectClass=computer)(&(CN=KBOX_COMPUTER_NAME)(memberOf=CN=Label-Test,OU=SOE_Standard,OU=Desktops,DC=testdomain,DC=local)))]
OK: LDAP search (with filter [(&(objectClass=computer)(&(CN=KBOX_COMPUTER_NAME)(memberOf=CN=Label-Test,OU=SOE_Standard,OU=Desktops,DC=testdomain,DC=local)))]) Successful.
OK: LDAP Search successful with 0 entries found.
OK: LDAP Test Successful. Closing connection.

When I did correct the syntax, to reflect the correct domain, I got the same Search successful with 0 entries found, but this too could be a false postive.
Answered 10/29/2014 by: CjD
White Belt

Please log in to comment

Interestingly, if one does use a single computer to search for, one see that the results are it has found one machine

OK: LDAP Search successful with 1 entries found

But when I check the results in Label Detail, I find this +Computers (1057) 

How is it doing this?

Answered 10/30/2014 by: CjD
White Belt

Please log in to comment
Answer this question or Comment on this question for clarity