Manage install using LDAP labels
Hi,
im trying to install software (manage install) using LDAP label.
Label is based on LDAP search as follows:
(&(&(objectCategory=computer))(memberOf=CN=KomputeryK1000,CN=Computers,DC=KACE,DC=COM))
The label it self isok - i can get list of the computers in group "KomputeryK1000" (Group is security universal and contains only computers accounts).
Now this label is assigneg to managed install
And - nothig.
Im almost sure that i miss something in ??? where??
My managed install shows:
What else must be done?
My KACE 1000 is 6.4 version
Many thanks in advance for suggestions. Im trying to deal with this 2 days already:-(
im trying to install software (manage install) using LDAP label.
Label is based on LDAP search as follows:
(&(&(objectCategory=computer))(memberOf=CN=KomputeryK1000,CN=Computers,DC=KACE,DC=COM))
The label it self isok - i can get list of the computers in group "KomputeryK1000" (Group is security universal and contains only computers accounts).
Now this label is assigneg to managed install
And - nothig.
Im almost sure that i miss something in ??? where??
My managed install shows:
What else must be done?
My KACE 1000 is 6.4 version
Many thanks in advance for suggestions. Im trying to deal with this 2 days already:-(
0 Comments
[ + ] Show comments
Answers (5)
Answer Summary:
Please log in to answer
Posted by:
Greg_PL
8 years ago
Query OK but nothing is installed on target computers:-(
Do you have quick how to for user ldap quesry and sw installation?
My label showś 0(zero) computers/users:-(
Do you have quick how to for user ldap quesry and sw installation?
My label showś 0(zero) computers/users:-(
Posted by:
StockTrader
8 years ago
Hello,
A couple of things:
1-The LDAP label query seems wrong:
it should be something like:
(&(memberOf=CN=KomputeryK1000,CN=Computers,DC=KACE,DC=COM)(name=KBOX_COMPUTER_NAME))
2-have you checked that the label is really applied to the devices?
when you create a smart label or a LDAP label for devices the label is applied only the next time the devices are sending back an inventory.
So the first check you'd perform is in the Label management -> Labels to find out if the LDAP label is really applied to a computer object.
Another suggestion:
Avoid to use the clause (objectCategory=computer) : sometimes may cause some troubles if not ''positioned'' well in the query.
Anyway the K1000 will filter out automatically everything that is not a computer.
Kind regards,
Marco - StockTrader
Posted by:
Greg_PL
8 years ago
Top Answer
My query result:
OK: LDAP Search successful with 2 entries found.
And your query result:
Error: LDAP search failed. No entries found.
Error: LDAP Test Failed. Closing connection.
You mean this:
OK: LDAP Search successful with 2 entries found.
And your query result:
Error: LDAP search failed. No entries found.
Error: LDAP Test Failed. Closing connection.
You mean this:
Comments:
-
That's fine! when you make the test we send the LDAP Query as it is but when the devices are sending the inventory the KBOX_COMPUTER_NAME variable is substituted on the fly with the name of the computer that sent the inventory and then the query is sent to the LDAP.
So what you're obtaining from the test button it fine.
If you want to see more from the TEST button you can use this trick:
substitute the KBOX_COMPUTER_NAME with * and press TEST
Remember to do not save the query with the start but after the test replace the * with KBOX_COMPUTER_NAME.
Kind regards,
Marco - StockTrader - StockTrader 8 years ago-
i did as you advice and now still not running Manage Install :-(. Soft is no deployed. Do i need to do something else? - Greg_PL 8 years ago
-
do i need to assign this ldap label to computers? - Greg_PL 8 years ago
-
So..
Step one:
Put in the LDAP Query this:
(&(memberOf=CN=KomputeryK1000,CN=Computers,DC=KACE,DC=COM)(name=*))
and press the TEST button
If it is returning a good number of devices inside the group goto step 2, if not the query is wrong and you need to revise it.
Step two:
Put in the LDAP Query this:
(&(memberOf=CN=KomputeryK1000,CN=Computers,DC=KACE,DC=COM)(name=KBOX_COMPUTER_NAME))
and save the LDAP query.
Pay attention to the ENABLED checkbox: it need to be checked.
Step three:
Wait that one or more computers that are part of the KomputeryK1000 group are checking in.
Normally a computer sends the inventory once every 2h.
As a test you can force the inventory from some computers member of that group from the Devices view. (select them and then Choose Action -> Force inventory) and wait a bit (5 minutes...have a coffee :-) )
Step four:
check in the Label Management -> Labels that the label is applied to some computers.
Step five:
The Managed installation should kick in on the computers where the LDAP label is applied. Otherwise revise your managed installation
I hope this checklist may help you to troubleshoot the problem
Kind regards,
Marco - StockTrader - StockTrader 8 years ago
Posted by:
Greg_PL
8 years ago
i think problem is that label not shows any device in label management.
So what im doing wrong?
So what im doing wrong?
Posted by:
Greg_PL
8 years ago
Marko,
many thanks. Working great.
Thanks agani and have nice day
BR
Greg
many thanks. Working great.
Thanks agani and have nice day
BR
Greg
Comments:
-
Fantastic :-)
If you liked my answer may you mark it as ''correct answer'' in the thread pls ?
Thanks & Regards,
Marco - StockTrader - StockTrader 8 years ago-
Marco, now im dealing with LDAP Labels based on AD user.
Is this one ok in advanced search??
(&(samaccountname=KBOX_USER_NAME)(objectClass=user)(memberOf=CN=KACE_Soft,CN=Computers,DC=KACE,DC=COM)) - Greg_PL 8 years ago