I've taken down the Orgs feature in 6.3 and I have all my users logging in to the default org. Now I'd like to set up LDAP labels to sort the users into three groups. There isn't anything identifiable in their profiles in AD so I'm using the company field and assigning Alpha, Beta, Charlie. Then I have a fourth group that is all encompassing and should have every user. The way I'm doing this is using my domain in the Search Base DN and this in the Search Filter.

 

(&(objectcategory=Person)(company=ALPHA)) 

 

When I run these in the LDAP Browser to test them I get the exact results I want every time. What is happening is all four groups are being populated with every user. It is ignoring my filter using company. Is there another field that I can use that would give me better results? Is there a way to modify this one to make it efficient?

 

Once I have this one down then I need to do something similar for all of their computers. Thanks for the help.

0 Comments   [ + ] Show Comments

Comments

Please log in to comment

Answers

1
Ok, so there was HUGE issue where LDAP labels worked in 5.5, then they broke them in 6.0....  They finally came up with a work around which eventually worked and it looks similar to what you are dealing with because your results are the same. LOL

What I had to do was create a "MasterLDAPUserQuery" which connects to my server and searches for all users (that aren't disabled) using the following search filter:

(&(samaccountname=KBOX_USER_NAME)(objectCategory=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))

Then, under the "Label Attribute" field is where you would tell it "COMPANY" and you can add the label prefix (Kace suggests "user_" so everything that gets created does so with that prefix so it is easily seen.

This will create a label for each instance of the "Company" field you have and automatically add each user into it.  The "test" feature 
Hope this works on 6.3!!
Answered 04/06/2015 by: Chris.Burgess
Orange Belt

Please log in to comment
Answer this question or Comment on this question for clarity