/bundles/itninjaweb/img/Breadcrumb_cap_w.png
Now I've searched the forums and QnA section thoroughly and I have tried a lot of things.  No matter what, i have the same problem.  Whenever I create an LDAP label, i get the query worked out just right, and the Test says the real number I would expect the query to return. But when I save the label, my group will return 800+ users in the label.  THis goes for all of my LDAP user queries.  I havent tried it for computers.

First query for example.  We have cisco VPN and in order for it to work, they set it up so that the company name of the AD account has "General_VPN" in the company field.  Why they didnt create a security group for them instead is beyond me.  But I'm having the same issue for ldap labels based off of security groups as well.  So that isn't the issue.

My query: 
(&(objectCategory=person)(|(memberof=CN=Staff,OU=Security Groups,OU=General,OU=Staff.Faculty,DC=company,Dc=edu)(memberof=CN=Faculty,OU=Security Groups,OU=General,OU=Staff.Faculty,DC=company,Dc=edu))(company=*vpn*)(samaccountname=KBOX_USER))

Test results:
Testing LDAP Label Settings...
Testing "VPN Users" connection to: dc.company.edu on Port: 389
OK: Connection Successful.
OK: Setting Protocol Version 3 Successful.
OK: Setting LDAP REFERRALS Option 0 Successful.
OK: Search Bind using LDAP supplied credentials Successful.
Applying search filter [(&(objectCategory=person)(|(memberof=CN=Staff,OU=Security Groups,OU=General,OU=Staff.Faculty,DC=company,Dc=edu)(memberof=CN=Faculty,OU=Security Groups,OU=General,OU=Staff.Faculty,DC=company,Dc=edu))(company=*vpn*)(samaccountname=*))]
OK: LDAP search (with filter [(&(objectCategory=person)(|(memberof=CN=Staff,OU=Security Groups,OU=General,OU=Staff.Faculty,DC=company,Dc=edu)(memberof=CN=Faculty,OU=Security Groups,OU=General,OU=Staff.Faculty,DC=company,Dc=edu))(company=*vpn*)(samaccountname=*))]) Successful.
OK: LDAP Search successful with 131 entries found.
OK: LDAP Test Successful. Closing connection.

This label currently has 851 users in it.  I have no idea why. I'm running version 7 of the K1000, so I have the correct KACE search string.

Any ideas?

1 Comment   [ + ] Show comment

Comments

  • I'm having the exact same issue with version 6.4.120756. looks like I need to open another support ticket. *sigh*

All Answers

0
Hello,

You need to make sure you have a variable in there to identify each person, such as: KBOX_USER_NAME
Once you have a variable in there you should find this will fix your problem.

The following KB explains this much better: https://support.quest.com/kace-systems-management-appliance/kb/149941

The following KBs might also be useful:
https://support.quest.com/kace-systems-management-appliance/kb/112277
https://support.quest.com/kace-systems-management-appliance/kb/134040
https://support.quest.com/kace-systems-management-appliance/kb/200215
https://support.quest.com/kace-systems-management-appliance/kb/200179

Regards,
Daniel Ray

Answered 04/04/2017 by: DRay
White Belt

Share