KACE Product Support Question
LDAP Search Filter for Authentication
04/25/2016 3876 views
Ok I am having an issue setting up K1000 for LDAP Authentication. I add the external server. Give it the host name for my Domain Controller and the proper port. My AD tree is "ICT.ad.somename.com" All my users are in one OU so my search base DN looks like this:
I set up a basic user in my domain "KACE". When I put in a search filter like this "(&(ObjectClass=person)(!(ObjectClass=Computer))" and enter the LDAP Login Field "ICT\Kace" then test the settings it gives me the right number of entries found.
However when I go to "apply" the settings it says: "KBOX_USER need to be part of Search Filter" so I change the Search Filter to "(&(samaccountname=KBOX_USER)(ObjectClass=user)(!(ObjectClass=Computer)))" and the test completes but comes up with 0 entires found.
I change the search field to "(&(samaccountname=*)(ObjectClass=person)(!(ObjectClass=Computer)))" and it is successful in finding all the users but still won't apply stating "KBOX_USER need to be part of Search Filter".
I don't know how to get around this. Anyone help?
Answer Chosen by the Author
Please log in to answer
We´re putting the users in different groups with different roles. In AD we have a group called GROUP_KACE_ADMIN (e.g, see the distinguished name in code section) and put all admins in this group and another group for default users.
Answered 04/26/2016 by: aragorn.2003