I am having an issue creating LDAP labels.  The LDAP query responds with exactly what I want in the LDAP Browser and exactly the right amount of entries when I use the "TEST" (30 entries found) but when in practice the label gets Enabled it ends up grabbing every computer that checks in.

Here is what I am using : 
Base DN : 

Search Filter: 
(&(|(memberOf=CN=dept-networkoperations,OU=School Departments,DC=ad,DC=School,DC=edu)(memberOf=CN=dept-helpdesk,OU=School Departments,DC=ad,DC=School,DC=edu)(memberOf=CN=dept-applicationservices,OU=School Departments,DC=ad,DC=School,DC=edu)(memberOf=CN=dept-systemadministration,OU=School Departments,DC=ad,DC=School,DC=edu)(memberOf=CN=dept-erpservices,OU=School Departments,DC=ad,DC=School,DC=edu)(memberOf=CN=dept-itcoordination,OU=School Departments,DC=ad,DC=School,DC=edu)))

I am currently up to 244 computers added to this label, when the LDAP results are only 30.

Some background : our users do not log into KACE.  What I am trying to do is apply a label to a computer based upon the last user that has logged in to the computer.  This list of users would be organized by LDAP user groups, most of the time a group of LDAP groups into a single label.  

Everything appears to be setup correctly but it clearly isn't working.  Please help.
Answer Summary:
2 Comments   [ - ] Hide Comments


  • Which version you are running?
    This was an issue with 6.0.101863, solved with the 864
  • Running version 6.3
Please log in to comment

Answer this question or Comment on this question for clarity


make sure you are also using the proper KACE search string in the LDAP search string...
Answered 01/10/2015 by: h2opolo25
Red Belt

  • I added (CN=KBOX_USERNAME) to the end of the query and the "test" returns 0 (zero) entries, but it appears to be working now.
    • during the test the KBOX_USERNAME is empty (for test use a * instead of KBOX_USERNAME)
Please log in to comment