/build/static/layout/Breadcrumb_cap_w.png

KACE Product Support Question


New LDAP config for SMA

05/07/2020 111 views

Followup  to dead thread https://www.itninja.com/question/ldap-based-labels-for-kace-1k

I hope I don't make anyone's head spin here.

I have a new active directory user that I'm trying to make a Kbox read only admin. This account is in a ServiceAccounts OU. I have existing kbox admins in an OU_Admins OU. I have a group named Kbox_Admins that has the new and old admins as members.That group is in the ServiceAccounts OU.

I have an ldap authentication configuration that is querying the Kbox_Admins group, but it only recognizes the old members. The new member does not show up. If I move the new user into OU_Admins, kbox ldap can find it. When I move it back to ServiceAccounts, ldap can't find it.

There is clearly a setting that is restricting the ldap search to user accounts in OU_Admins, even though my admin ldap config is set to search the group membership. I could move the new account into OU_Admins, but I'd like to keep separated if possible. If been looking through the Kace ldap documention, but haven't found anything yet. I have LDAP labels that I created years ago, but they aren't enabled.

One other related tidbit - if I edit the existing admin ldap auth and then go into the ldap browser, the base DN auto populates with a few choices. If I choose the root of our tree, I can browse the whole tree. I created a new ldap auth using the same ldap server, ldap read account, etc. When I go into the ldap browser from there, the base dn does not auto populate. If I choose custom and type in the same root, it is not browsable.

FWIW I am running 10.1.99, but I've been upgrading since the 5.x days (when I had a physical appliance). I don't know if some settings have become hidden at some point.

HELP ME, OBI-WAN!

2 Comments   [ + ] Show comments

Comments

  • Do you have a search filter in place for the adminLDAP import, if so what is it?
  • No. I have one for non-admin users, but I import each admin user manually. Incidentally, I had no problem importing the new user into kbox while it was in the ServiceAccounts OU. I just can't get the ldap authentication to find it when it is in that OU.

Be the first to answer this question

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login

Share

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ