/build/static/layout/Breadcrumb_cap_w.png

LDAP smart label to label devices by AD group and OU membership

I'm trying to avoid creating an bunch of AD group for each of my sites (I would end up creating 35 groups). So I'm trying to write an LDAP label that would check if the computer  is in a specific group as well as in a certain OU. This is what I have:

(&(&(memberOf=CN=**Name of Group**,DC=**Domain**,DC=com)(name=KBOX_COMPUTER_NAME)(objectclass=organizationalunit) (name=OU=**Name of OU**,DC=**Domain Name**,DC=com)))

It works for just the group, but I can't seem to get it to work with both. Is what I'm trying to do even possible?

0 Comments   [ + ] Show comments

Answers (2)

Posted by: BHC-Austin 9 years ago
4th Degree Black Belt
0

The syntax of your LDAP filter may be a bit off. Try something like this:

(&(memberOf=CN=**Name of Group**,DC=**Domain**,DC=com)(name=KBOX_COMPUTER_NAME)(objectclass=organizationalunit)(name=OU=**Name of OU**,DC=**Domain Name**,DC=com))

You should only need one & to "AND" all those statements together.


Comments:
  • Thanks for the reply BHC. But sadly, I've tried that already to no avail. I might end up just creating AD groups for each of my sites which I really don't want to do :( - bkopec 9 years ago
Posted by: BHC-Austin 9 years ago
4th Degree Black Belt
0

Another approach would be to set your Base DN to the OU that you want the label to search in. So in the Base DN field, you would put:

OU=**Name of OU**,DC=**Domain Name**,DC=com

And then in your filter, put just the Group filter as:

(&(memberOf=CN=**Name of Group**,DC=**Domain**,DC=com)(name=KBOX_COMPUTER_NAME))

Of course, each LDAP label would then have a unique Base DN


Comments:
  • I tried this and it didn't work.

    I have a feeling since the base DN is the actual OU I want to search I'm not going to be able to check the AD group. But I appreciate the help. - bkopec 9 years ago

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login

Share

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ