Set Agent Sync Org based on LDAP Query
We want the ability to have a KBOX client moved (change it's sync-to organization) to a specific KBOX organization based on it's OU membership in Active Directory. Is this the intent of the LDAP Filter procedure mentioned in "Setting Up LDAP Filter Tips and Tricks" (http://www.kace.com/support/kb/index.php?action=artikel&cat=55&id=1004&artlang=en). For instance, Windows computer SMITH-PC is a member of the OU 'Test' in Active Directory, we create an organization on the KBOX called 'Test'. We setup an LDAP filter as listed above and deploy the KBOX agent to SMITH-PC. Will this PC be subsequently re-synced from the 'default' organization to the 'Test' organization? Also if the client is later moved to a different OU, will be moved to a different KBOX org if the filter matches?
Here is an example of our filter for the organization 'Test' which doesn't currently seem to be working as expected. Note our AD top-level name is 'Marshall.edu':
Search Base DN: OU=Test,DC=Marshall,DC=Edu
Search Filter: (&(name=KBOX_COMPUTER_NAME)(memberOf=OU=Test,DC=marshall,DC=edu))
Currently running 5.3.47927 on KBOX server and deploying 5.3.47657 for KBOX agents.
Here is an example of our filter for the organization 'Test' which doesn't currently seem to be working as expected. Note our AD top-level name is 'Marshall.edu':
Search Base DN: OU=Test,DC=Marshall,DC=Edu
Search Filter: (&(name=KBOX_COMPUTER_NAME)(memberOf=OU=Test,DC=marshall,DC=edu))
Currently running 5.3.47927 on KBOX server and deploying 5.3.47657 for KBOX agents.
0 Comments
[ + ] Show comments
Answers (5)
Please log in to answer
Posted by:
joncutler
12 years ago
An additional spin to this inquiry is can you specify the 'sync to organization' as part the KBOX agent install? If the agent install package is shared out under the particular org (i.e. \\kbox\client_x\agent_provisioning\...) will that freshly installed client be set to sync to the Organization associated with the 'client_x' share, or still be associated with the 'default' organization? Is there a way to specify this in passing configuration data to the installer?
Thanks,
Thanks,
Posted by:
dchristian
12 years ago
jon,
Try this for your search filter:
You only use memberof to check for groups.
Since you have the OU in your search base you should be ok.
Also make sure when you test, you replace KBOX_COMPUTER_NAME with the name of a pc in that OU.
Try this for your search filter:
(name=KBOX_COMPUTER_NAME)You only use memberof to check for groups.
Since you have the OU in your search base you should be ok.
Also make sure when you test, you replace KBOX_COMPUTER_NAME with the name of a pc in that OU.
Posted by:
joncutler
12 years ago
David,
Thanks for the reply. That query is now correctly evaluating on the console, but the client has not been assigned to the correct org. Is this evaluation of which org to use a one-time event (i.e. when the client is initially deployed) or does it occur on a more regular basis? When I go thru the 'Refiltering Computers' process listed in the K1000 Admin Guide (Administration/SAG_kace_organization.14.7.html#935927), the computer is showing up when I run the 'Test The Filter' function. Then when I select the computer and 'Choose Action -->Refilter Selected Computers', the computer is still not set to be moved to the correct org. I have also double checked that the org filter I created is 'enabled' and that no other filtering rules apply to the client.
Am I not being patient or should this happen fairly quickly?
Thanks for the reply. That query is now correctly evaluating on the console, but the client has not been assigned to the correct org. Is this evaluation of which org to use a one-time event (i.e. when the client is initially deployed) or does it occur on a more regular basis? When I go thru the 'Refiltering Computers' process listed in the K1000 Admin Guide (Administration/SAG_kace_organization.14.7.html#935927), the computer is showing up when I run the 'Test The Filter' function. Then when I select the computer and 'Choose Action -->Refilter Selected Computers', the computer is still not set to be moved to the correct org. I have also double checked that the org filter I created is 'enabled' and that no other filtering rules apply to the client.
Am I not being patient or should this happen fairly quickly?
Posted by:
dchristian
12 years ago
Did you also assign the filter under Organizations -> Organization Filters?
Posted by:
joncutler
12 years ago
That was it...I was looking right at the filter name showing up in the list, but didn't make the connection that 'no filters selected' was still the status of the organization. This is working both to move (resync) a client into an organization, and to also move back-out of the organization based on OU membership in Active Directory.
Thanks for the help.
Thanks for the help.
Rating comments in this legacy AppDeploy message board thread won't reorder them,so that the conversation will remain readable.