LDAP User Import
I don't have any experience at all with LDAP, so I need help.
I was able to setup an LDAP query for an Admin group - so I can sucessfully connect to my AD.
I don't have any security groups that include all users (or are unique), so I could like to query User OUs to import the users into the Helpdesk.
Here's my LDAP search...
Search Base DN: DC=mydomain,DC=com
Search Filter: (|(memberOf=OU=Location1 Users)(memberOf=OU=Location2 Users))
My Result returned is: No Matching Entries Found
I found this KB article, but I think the syntax is wrong (extra parentheses).
http://www.kace.com/support/kb/index.php?action=artikel&cat=55&id=998&artlang=en
I was able to setup an LDAP query for an Admin group - so I can sucessfully connect to my AD.
I don't have any security groups that include all users (or are unique), so I could like to query User OUs to import the users into the Helpdesk.
Here's my LDAP search...
Search Base DN: DC=mydomain,DC=com
Search Filter: (|(memberOf=OU=Location1 Users)(memberOf=OU=Location2 Users))
My Result returned is: No Matching Entries Found
I found this KB article, but I think the syntax is wrong (extra parentheses).
http://www.kace.com/support/kb/index.php?action=artikel&cat=55&id=998&artlang=en
0 Comments
[ + ] Show comments
Answers (9)
Please log in to answer
Posted by:
dchristian
12 years ago
I wanna say that won't work...
Just looking at the memberof attribute in AD doesn't show any reference to the OU it belongs to.
Has anybody else been successful with this?
Just looking at the memberof attribute in AD doesn't show any reference to the OU it belongs to.
Has anybody else been successful with this?
Posted by:
scottlutz
12 years ago
David: I have found that it both can and can't work, and this is completely dependent on what is at the end of the "memberOf" string.
baist111: you will have to make sure that you are using the full Distinguished Name of the group you are trying to query, so instead of "Location2 Users", you will want to use "memberOf=OU=support,DC=kace,DC=com"
baist111: you will have to make sure that you are using the full Distinguished Name of the group you are trying to query, so instead of "Location2 Users", you will want to use "memberOf=OU=support,DC=kace,DC=com"
Posted by:
dchristian
12 years ago
Really?
I don't see how.
When looking at the memberof attribute (i use adexploer) there is no reference to the DN.
Is Kace doing something special that makes this work?
I don't see how.
When looking at the memberof attribute (i use adexploer) there is no reference to the DN.
Is Kace doing something special that makes this work?
Posted by:
baist111
12 years ago
I also tried using (memberOf=OU=Location1 Users,DC=mydomain,DC=com) as the Search Filter without the OR statement, that didn't return any results either.
So...
I ended up changing my search base to OU=Location1 Users,DC=mydomain,DC=com & changed the Search Filter to (sAMAccountName=*). That returned the results that I needed, and I was able to import the users manually. (But this only works for 1 OU of users, not all of them).
I would like to set this up on a schedule though, and have it update/import users as they are added.
Does the above information help?
So...
I ended up changing my search base to OU=Location1 Users,DC=mydomain,DC=com & changed the Search Filter to (sAMAccountName=*). That returned the results that I needed, and I was able to import the users manually. (But this only works for 1 OU of users, not all of them).
I would like to set this up on a schedule though, and have it update/import users as they are added.
Does the above information help?
Posted by:
scottlutz
12 years ago
Here is the filter from one of my LDAP labels:
(&(memberof=CN=HR Global,CN=Users,DC=core,DC=local)(samaccountname=KBOX_USER_NAME))
(&(memberof=CN=HR Global,CN=Users,DC=core,DC=local)(samaccountname=KBOX_USER_NAME))
Posted by:
dchristian
12 years ago
Scott,
That looks like HR Global is a group not an OU.
Am i correct?
That looks like HR Global is a group not an OU.
Am i correct?
Posted by:
baist111
12 years ago
Scott, Do you have an environment you could test this in? I'm curious if you can get it to work.
http://www.kace.com/support/kb/index.php?action=artikel&cat=55&id=998&artlang=en
http://www.kace.com/support/kb/index.php?action=artikel&cat=55&id=998&artlang=en
Posted by:
scottlutz
12 years ago
Dave, you are correct. I should refrain from reading email late at night ..
Baist111, are you looking to do just an initial user import, or something more than that?
Baist111, are you looking to do just an initial user import, or something more than that?
Posted by:
baist111
12 years ago
I got the initial user import, but I had to manually update the import for each of my user OUs.
I would like to, if possible, set up a schedule that would run weekly or manually that I wouldn't have to update though.
I would like to, if possible, set up a schedule that would run weekly or manually that I wouldn't have to update though.
Rating comments in this legacy AppDeploy message board thread won't reorder them,so that the conversation will remain readable.