I've read through other questions but it seems that most people are having an issue with the KBOX_USER variable, but as far as I'm concerned, for what I'm doing, I should'nt even NEED that.

I have an LDAP Import that runs at 2 AM right now that imports ALL users based on being part of the group "ALL" (This is because our AD has plenty of 'user' classes that are just used for other purposes, so importing EVERYONE gets ugly).

Anyhow, this works for the time being, and I get my 171 people in as users (or just 'updated' with no info). 

I have created a USER label called "ACCOUNTING" and attached to this an LDAP Label that is setup as such:

 

Search Base DN: OU=Accounting_Personnel,OU=CORRECT OU,DC=domain,DC=com

Search Filter:  (&(objectclass=user)(!(displayname=*printer*)))

I test this WITHOUT any Label attritubes or prefixes (and yes it's enabled) and the little TEST window at the bottom shows me that there are 37 successful entries.  GREAT!  That's exactly what I was expecting.  I run the scheduled import of 171 users and boom, my LDAP  label populates 171 people with my Accounting User Label.  WHY!??!

As far as the LDAP LABEL is concerned, it is supposed to look in ONE little OU with 37 people, and the test says it is, but it applies the label to EVERYONE in the import.  why????


I have tested it by adding the (samaccountname=*) just for fun, and also tried with (samaccountname=KBOX_USER) ((FYI KBOX_USER is what my scheduled ldap import uses)) and I get the same exact results, either 0 labels are applied or 171.

 

Am I missing something or is the SEARCH DN not doing anything during the apply part?  If I could get some Ideas ASAP even just touches-and-goes then that'd be great, because this is ruining my day and halting a lot of other labels from being made at this point. 


FYI - I do NOT, DO NOT want to have a schedule an import for every single little OU and have an LDAP label for every single OU.  The LDAP import should bring in everyone, and the LDAP LABEL SEARCH DN should do it's job, as far as I can tell.

help.

Answer Summary:
Well I guess everyone was right in the past, need that samaccountname= variable... the confusion was explained to me by KACE. For LDAP IMPORT (user auth.) you use the variable samaccountname=KBOX_USER. For LDAP LABELS you use the variable samaccountname=KBOX_USER_NAME . They are aware of this inconsistancy.... ergh. Added the CORRECT variable and good to go.
Cancel
1 Comment   [ + ] Show Comment

Comments

  • Any ideas?? I have a feeling this is a 'me' thing so I really don't want to open a support ticket, but it saying it finds 37 matches and assigns it to 171 seems like an issue....
Please log in to comment

Answers

2

Well I guess everyone was right in the past, need that samaccountname= variable... the confusion was explained to me by KACE.

For LDAP IMPORT (user auth.) you use the variable samaccountname=KBOX_USER.


For LDAP LABELS you use the variable samaccountname=KBOX_USER_NAME .


They are aware of this inconsistancy.... ergh.  Added the CORRECT variable and good to go.

Answered 10/10/2013 by: Wildwolfay
Red Belt

Please log in to comment
Answer this question or Comment on this question for clarity