/build/static/layout/Breadcrumb_cap_w.png

Using LDAP for a query search

I've taken down the Orgs feature in 6.3 and I have all my users logging in to the default org. Now I'd like to set up LDAP labels to sort the users into three groups. There isn't anything identifiable in their profiles in AD so I'm using the company field and assigning Alpha, Beta, Charlie. Then I have a fourth group that is all encompassing and should have every user. The way I'm doing this is using my domain in the Search Base DN and this in the Search Filter.

 

(&(objectcategory=Person)(company=ALPHA)) 

 

When I run these in the LDAP Browser to test them I get the exact results I want every time. What is happening is all four groups are being populated with every user. It is ignoring my filter using company. Is there another field that I can use that would give me better results? Is there a way to modify this one to make it efficient?

 

Once I have this one down then I need to do something similar for all of their computers. Thanks for the help.


0 Comments   [ + ] Show comments

Answers (1)

Posted by: Chris.Burgess 9 years ago
Orange Belt
1
Ok, so there was HUGE issue where LDAP labels worked in 5.5, then they broke them in 6.0....  They finally came up with a work around which eventually worked and it looks similar to what you are dealing with because your results are the same. LOL

What I had to do was create a "MasterLDAPUserQuery" which connects to my server and searches for all users (that aren't disabled) using the following search filter:

(&(samaccountname=KBOX_USER_NAME)(objectCategory=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))

Then, under the "Label Attribute" field is where you would tell it "COMPANY" and you can add the label prefix (Kace suggests "user_" so everything that gets created does so with that prefix so it is easily seen.

This will create a label for each instance of the "Company" field you have and automatically add each user into it.  The "test" feature 
Hope this works on 6.3!!

Comments:
  • Thanks Chris. - AndrewQ 9 years ago
 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ