The goal of the function of assigning computer according to LDAP is that computers, which are stored in LDAP (active directory) are assigned automatically to the proper CMS and to the proper group. Currently the function can assign (add) computers.
To Enable LDAP go to
Non-Manage computers -->
WORKGROUP or DOMAIN -->
Network Settings
Under General Settings, right click
LDAP support hit MODIFY and select
" Allowed " then hit OK.
After enabling the function, three more menu items are displayed under Network settings, where we can adjust general settings:
LDAP servers
-The name(s) of the server(s) – NetBIOS or FQDN name – (separated with spaces), on which the LDAP structure (active directory) can be found.
Connection port
-The port through which LDAP communicates (389 by default)
Timeout
-The product waits for data during the query for the adjusted time.
After adjusting the settings you may now ADD LDAP rules
-LDAP rules can be added by right-clicking on the LDAP rules page next to Network settings.
The options which can be set in each rule:
Rule name
The name of the added rule. You can give a name for a rule when creating a new rule. Note that later this name cannot be modified.
Base DN
Path (object or direct) in the LDAP structure where specific computers are stored.
Example 1: CN=Computers, DC=periodic, DC=table
This maps the objects in the Computers directory under the periodic table domain in Active Directory.
PL2: CN=CMS_1, CN=Computers, DC=periodic, DC=table
CMS_1 is the name of a specific object here and in this case we are referring to only this object (computer) (SCOPE > Search only on BASE DN level)
Scope
Search only at BASE DN level
If an object is set as BASE DN, it only searches for the name attribute in this specific object.
Search only at the children level of the BASE DN
Only searches for direct child items under the BASE DN.
Search full subtree
Searches for all direct and indirect child items under the BASE DN.
Assign to CMS
Sets the CMS (or subCMS) under which all computers are assigned according to the rule (the CMS and subCMS computers are displayed here).
If nothing is selected, the computers are not assigned to any CMS or group: they are added to the Non-managed computers node in the CMS under the proper domain/workgroup and they must be assigned manually.
Assign to group
This function has an effect if a (sub)CMS is selected. The computers are added to the group set here according to the rule (all groups, which have been added to the CMS are displayed here).
Raw filter
In this case the query can be added in a raw format following RFC 1960 and 4515 standards. If we have added something on the others settings pages, it is displayed here as well.
Under
Detailed filter
Neg.
-The negative of the condition set in the given row is applied.
Attribute
-The attribute to be filtered.
Relation
-The selection of computers in relation with the added values according to the following:
equal, approx (not supported by some LDAP structures), less, greater, begins with, ends with, substring present (in this case no value must be set).
Value
- A value must be set here for the relation (in case of exists, this is not needed).
Tokens can also be added as a value: %%INACTIVETIME%%
Its real value is a date, which is created in the following way:
[The date of the computer running the main CMS] – [90 days] = %%INACTIVETIME%%
The date, when the computer received a password in the domain for the last time is stored in the pwdLastSet attribute of the computers. With the help of this token, we can filter computers, which have not received a password for more than 90 days (which are inactive).
Link as
- We can add rules, which are set up from several conditions, and different conditions are connected to each other by the operators set here.
There are two available action buttons you can perform after setting up LDAP.
Getting attributes
- Performs a query for all possible attributes, and if the query was successful (an [ok] is displayed on the button), these values can be selected from the drop-down list of the Attribute column.
If the query was not successful, a warning dialog is displayed.
Query results
- The results of the query can be checked by clicking on this button (the computers that were found by the rule during the query will be displayed here).In case of an unsuccessful query a warning message is displayed on the results panel.
Article ID: 216, Created On: 11/25/2011, Modified: 11/28/2011