In AD computers are separated by departments.
*Finance
*HR

I created an LDAP label for each department OU.

Example:
Search Base: OU=HR,DC=hq,DC=com
Search Filter: (objectclass=computer)

When I test the label I get the results I intended on (43 computers). I enabled the LDAP label and noticed that it was populating with all the computers in my organization instead of the 43 computers in the specific OU. What am I doing wrong?
0 Comments   [ + ] Show Comments

Comments

Please log in to comment

Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.

Answers

0
The KACE knowledge base article may help you with the syntax
http://www.kace.com/support/kb/index.php?action=artikel&cat=55&id=1004&artlang=en
Answered 02/12/2011 by: KevinG
Purple Belt

Please log in to comment
0
Took a look at the KB you linked. I am still having trouble...

According the the KB this is the correct syntax. The test query runs with out error but produces no results.

ou=HR,DC=van,DC=com
(&(objectCategory=computer)(name=KBOX_COMPUTER_NAME))

"NOTE: To test your Filter, replace any "KBOX_" variables with real values. Press the Test LDAP Filter... button and review the results"

b) I replaced "KBOX_COMPUTER_NAME" with * and saw all the computers in the HR container.
c) I replaced "KBOX_COMPUTER_NAME" with computername and see the specific computer.

When using the filter (a) the LDAP filter does exactly what the test shows. No computers get labeled.
When using filter (b) I encounter the original issue. All the computers in my organization receive the label. even though the test query produces the correct results (43 computers).
Answered 02/13/2011 by: tsg
Senior Yellow Belt

Please log in to comment
0
I have a feeling that using LDAP labels with machines is going to force you to wait until these 43 systems check-in before the label is applied. This is similar to the way LDAP user labels work - the users must login to the KBOX before the LDAP filter is applied against the account. The way you have it written is almost correct. Try this:

ou=HR,DC=van,DC=com
(&(objectCategory=computer)(cn=KBOX_COMPUTER_NAME))
Answered 02/14/2011 by: airwolf
Tenth Degree Black Belt

Please log in to comment
0
airwolf is correct, every LDAP filter must contain one of the KBOX_* variables or else it will be applied to every (or none) object it is evaluated against because the search will always be true (or false)
Answered 02/14/2011 by: GillySpy
Seventh Degree Black Belt

Please log in to comment
1
OU=HR,DC=van,DC=com
(&(name=KBOX_COMPUTER_NAME)(objectclass=computer))

This LDAP label is working!
Thank you to everyone who posted solutions. I was confused why the test query was running successfully but now showing any results. I now understand that the KBOX_ variable populates with a computer name when the query is executed on check-in.
Answered 02/14/2011 by: tsg
Senior Yellow Belt

  • Most helpful part for figuring out my configuration issues: "when the query is executed on check-in." Thank you!
Please log in to comment
Answer this question or Comment on this question for clarity