KACE Product Support

The goal with the filter in practice is to get it to return one result. To do this you will need to use one of the KBOX variables in your filter. like name=KBOX_COMPUTER_NAME

Then the filter will not always be true because it will add the current machine as part of the criteria

ORIGINAL: GillySpy

The goal with the filter in practice is to get it to return one result. To do this you will need to use one of the KBOX variables in your filter. like name=KBOX_COMPUTER_NAME

Then the filter will not always be true because it will add the current machine as part of the criteria


Thanks for the reply GillySpy, I'm a little confused by the KBOX variables. Since I want multiple computers to be labeled with a single Label wouldent using name=KBOX_COMPUTER_NAME only find one computer?

Also I'm assuming that we are replacing that with the actual name of the computer :) so in turn it would find the the user in our Active Directory then match the computer with the user?

CrashnBrn,

Are you trying to make a machine label or user label?

If everyone is in the same OU this is simple.

Just make the OU part of your search base DN.
OU=REMOTE_OU,DC=us,DC=company,DC=com

For machines the search filter is
(name=KBOX_COMPUTER_NAME)

For users the search filter is
(samaccountname=KBOX_USER_NAME)

Since you want the machine to be labelled based on the user you want to use KBOX_USERNAME but the filter will be of type "machine"

Some thing like:
(&(objectCategory=person)(|(objectClass=contact)(objectClass=user))(memberOf=CN=company-remote,OU=Not categorized,DC=us,DC=company,DC=com)(samaccountname=KBOX_USERNAME))

ORIGINAL: GillySpy

Since you want the machine to be labelled based on the user you want to use KBOX_USERNAME but the filter will be of type "machine"

Some thing like:
(&(objectCategory=person)(|(objectClass=contact)(objectClass=user))(memberOf=CN=company-remote,OU=Not categorized,DC=us,DC=company,DC=com)(samaccountname=KBOX_USERNAME))


I am trying to make a label for using the names in a distribution group but for computers. I'm still a little confused about how this works, the above does not return any results. I get " Error,No Entries Found: Errno-7 Bad search filter"

Is LDAP is only supposed to return a single result? Is it possible to include ever user from a distribution group into a single label?

Currently when I use the query I posted in the first post this is what I see:



Again, I would like all 43 people's machines to be labeled as remote when they connect to kbox.

Sorry if I'm not directly answering specific questions, and thanks for all the help thus far :)

KBOX_USERNAME is a variable that is replaced with the username of the user logged into the machine. To test it you need to substitute in KBOX_USERNAME with a specific value or with * (wildcard).

ORIGINAL: GillySpy

KBOX_USERNAME is a variable that is replaced with the username of the user logged into the machine. To test it you need to substitute in KBOX_USERNAME with a specific value or with * (wildcard).


if I add sameaccountname=* at the end of my query or even name=* or a users name, I get " Error,No Entries Found: Errno-7 Bad search filter"

I was making an assumption that samaccountname was an attribute in your system. What is the attribute for username?

After adjusting for the correct attribute name if you are still having an issue with your search filter could you paste it here?

ORIGINAL: GillySpy

I was making an assumption that samaccountname was an attribute in your system. What is the attribute for username?

After adjusting for the correct attribute name if you are still having an issue with your search filter could you paste it here?



The attribute for account name is: sAMAccountName

So I tried this query:

(&(objectCategory=person)(|(objectClass=contact)(objectClass=user))(memberOf=CN=company-remote,OU=Not categorized,DC=us,DC=company,DC=com)(sAMAccountName=*))

Except it labels every machines that connects are remote instead of just the users in the company-remote distribution list. I don't get what I'm missing. The computers are named differently, but the users who log in match up with the account name for the users in the distribution list.

Thanks.

Edit: This shortened code produces the same results above but still does not work. (labels every machine remote)

(&(sAMAccountName=*)(memberOf=CN=company-remote,OU=Not categorized,DC=us,DC=company,DC=com))


I'm totally stumped. The users that are getting labeled remote do not show up if I replace their usernames in the ldap browser when setting up the filter, meaning they should not get labeled. At this point the query looks almost the same as the example one that came on the kbox appliance.

Correct, you need to use the following in the production filter because the variable replacement only happens on a production filter not in test.

(&(objectCategory=person)(|(objectClass=contact)(objectClass=user))(memberOf=CN=company-remote,OU=Not categorized,DC=us,DC=company,DC=com)(sAMAccountName=KBOX_USERNAME))


KBOX_USERNAME ORIGINAL: GillySpy

Correct, you need to use the following in the production filter because the variable replacement only happens on a production filter not in test.

(&(objectCategory=person)(|(objectClass=contact)(objectClass=user))(memberOf=CN=company-remote,OU=Not categorized,DC=us,DC=company,DC=com)(sAMAccountName=KBOX_USERNAME))






GillySpy you are a lifesaver! I completely misunderstood that the KBOX_USERNAME was a variable that kbox uses (I don't know how I missed that). Thanks so much! Everything works now.

--Jason