LDAP labels not working properly

Now I've searched the forums and QnA section thoroughly and I have tried a lot of things.  No matter what, i have the same problem.  Whenever I create an LDAP label, i get the query worked out just right, and the Test says the real number I would expect the query to return. But when I save the label, my group will return 800+ users in the label.  THis goes for all of my LDAP user queries.  I havent tried it for computers.

First query for example.  We have cisco VPN and in order for it to work, they set it up so that the company name of the AD account has "General_VPN" in the company field.  Why they didnt create a security group for them instead is beyond me.  But I'm having the same issue for ldap labels based off of security groups as well.  So that isn't the issue.

My query: 
(&(objectCategory=person)(|(memberof=CN=Staff,OU=Security Groups,OU=General,OU=Staff.Faculty,DC=company,Dc=edu)(memberof=CN=Faculty,OU=Security Groups,OU=General,OU=Staff.Faculty,DC=company,Dc=edu))(company=*vpn*)(samaccountname=KBOX_USER))

Test results:
Testing LDAP Label Settings...
Testing "VPN Users" connection to: dc.company.edu on Port: 389
OK: Connection Successful.
OK: Setting Protocol Version 3 Successful.
OK: Setting LDAP REFERRALS Option 0 Successful.
OK: Search Bind using LDAP supplied credentials Successful.
Applying search filter [(&(objectCategory=person)(|(memberof=CN=Staff,OU=Security Groups,OU=General,OU=Staff.Faculty,DC=company,Dc=edu)(memberof=CN=Faculty,OU=Security Groups,OU=General,OU=Staff.Faculty,DC=company,Dc=edu))(company=*vpn*)(samaccountname=*))]
OK: LDAP search (with filter [(&(objectCategory=person)(|(memberof=CN=Staff,OU=Security Groups,OU=General,OU=Staff.Faculty,DC=company,Dc=edu)(memberof=CN=Faculty,OU=Security Groups,OU=General,OU=Staff.Faculty,DC=company,Dc=edu))(company=*vpn*)(samaccountname=*))]) Successful.
OK: LDAP Search successful with 131 entries found.
OK: LDAP Test Successful. Closing connection.

This label currently has 851 users in it.  I have no idea why. I'm running version 7 of the K1000, so I have the correct KACE search string.

Any ideas?

1 Comment   [ + ] Show comment
  • I'm having the exact same issue with version 6.4.120756. looks like I need to open another support ticket. *sigh* - designworks 4 years ago

Answers (1)

Posted by: DRay 4 years ago
White Belt

You need to make sure you have a variable in there to identify each person, such as: KBOX_USER_NAME
Once you have a variable in there you should find this will fix your problem.

The following KB explains this much better: https://support.quest.com/kace-systems-management-appliance/kb/149941

The following KBs might also be useful:

Daniel Ray

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login


This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ