I have put in the proper Base DN for an AD security group that I want to make read only admins.

When I use ldap browser I can see the resulting users with a search filter of (member=*).

However when I put that into the Authentication screen and click apply it says KBOX_USER need to be part of Search Filter.

What does this mean?

I tried following the tip from kace.com on how to import a group but it did not work for me.

Example: For a specific group in Active Directory, you only want users in the Support Dept who are in the admin group to be able to logon and have admin rights in the K1000 appliance.


The User located in Active Directory is under support dept.kace.com

The Group in Active Directory is: admin.support.kace.com

To setup in the K1000 appliance LDAP authenication for the admin profile, the following parameters can be used:

1. Go to Settings -> Users Authentication -> Edit Mode -> Admin role

2. Search Base DN: cn=support dept,dc=kace, dc=com

The Search Base DN will identify the folder and subfolder to look into. It is a good practice to point to the location where the user is located.

3. Search Filter: (&(samaccountname=KBOX_USER)(memberOf=cn=admin,ou=support,dc=kace,dc=com))



The Search Filter will identifies with the properties of the account to search against

For this specific setup, it would only allow users in the group: cn=admin,ou=support,dc=kace,dc=com to logon to the K1000 appliance and receive admin rights.

1 Comment   [ + ] Show Comment


  • Think of KBOX_USER as a variable. When writing a script you can put in %computername% so that the script can read the machine name without you having to type it out for every machine you run it against.

    KBOX_USER is used in the same why so when someone attempts to log into the KBOX, their name is put in place of the variable KBOX_USER. Then it checks against your AD to make sure that the samaccountname matches the person that is a member of the Admin group. If it is, they are allowed in with the Role you gave it, If not, then it goes to the next server in your setup or if there isn't another server, they are blocked from getting into the KBOX.
Please log in to comment

There are no answers at this time


Answer this question or Comment on this question for clarity