/build/static/layout/Breadcrumb_cap_w.png

KACE 1000 6.0 Single Sign On and LDAP Tip

Kace 1000's Single Sin On default settings had some issues detecting my Windows 7 user logon accounts.
After joining and enabling Active Directory Single Sign On users still had to type their username and password in order to access the helpdesk. 
Perplexed by this I referred to the access logs and found that the usernames were being detected properly as "username@domain.com".
However the usernames are incompatible with the default LDAP Authentication filter "(samaccountname=KBOX_USER)".

As such I updated the LDAP filter as follows.
  1. Settings > Control Panel > Authentication Setting
  2. Edit - LDAP Authentication
  3. Modify Search Filter - 
    "(|(samaccountname=KBOX_USER)(mail=KBOX_USER))"
  4. Click - Save






So as to be more specific with user authentication.
We'll limit LDAP to users that are members of certain user groups and with enabled user accounts using the following LDAP query.

(&(|(samaccountname=KBOX_USER)(mail=KBOX_USER))(&(!(userAccountControl:1.2.840.113556.1.4.803:=2))(objectCategory=person)(objectClass=user))(|(memberOf=cn=Contractors,ou=Security Groups,ou=UserGroups,dc=domain,dc=com)(memberOf=cn=Employees,ou=Security Groups,ou=UserGroups,dc=domain,dc=com)))



Posted 9 years ago 7669 views

Comments

This post is locked
 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ