LDAP querying using iReport

Hi
Does anybody know if it is possible to make LDAP queries using iReport
or if there is any LDAP Connection (datasource type) available that I
could reuse?
I am running iReport 3.0 and there are lots of datasource types but
none of them is LDAP.
I know, I believe that it is not a SLM/Sentinel report question but
iReport in general but if someone has already done that before, please
let me know. If someone also could get iReport to call an external Java
code, it would be sufficient as well. I have not find an way to call
external Java code as well.
Regards
HH
hugohigashi
hugohigashi's Profile: http://forums.novell.com/member.php?userid=89996
View this thread: http://forums.novell.com/showthread.php?t=446788

hugohigashi;10460 Wrote:
> Yes, you are right. But is it possible to upload that custom datasource
> driver on SLM and/or Sentinel report environment?
>
>
> --
> hugohigashi
> ------------------------------------------------------------------------
> hugohigashi's Profile: http://forums.novell.com/member.php?userid=89996
> View this thread: http://forums.novell.com/showthread.php?t=446788
This can likely be accomplished by publishing a LDAP connection library
jar and writing some custom code to access LDAP. You'd have to have a
system that was okay with running anonymous LDAP queries, or providing
passwords in clear-text via a report parameter.
So technically possible, but as David said - you're probably best off
syncing this information into identities or if this is MSSQL, sync the
data you want out into a SQL table, and use the built-in AD integration
to join usernames.
brandon.langley
brandon.langley's Profile: https://forums.netiq.com/member.php?userid=350
View this thread: https://forums.netiq.com/showthread.php?t=2441

Similar Messages

  • LDAP lookup using 8.1.7

    I would like to perform an LDAP query using a Java Stored Procedure. My code works outside of Oracle, but not from within.
    I recieve the following message:
    Cannot instantiate class: oracle.aurora.namespace.InitialContextFactoryImpl
    I make ref. to this object from the following code:
    Hashtable env = new Hashtable();
    env.put (Context.INITIAL_CONTEXT_FACTORY,"oracle.aurora.namespace.InitialContextFactoryImpl");
    env.put(Context.PROVIDER_URL,strLDAPURL);
    DirContext ctx = new InitialDirContext(env);
    I am new to developing Java Stored Procedures.
    Thanks.

    more info.
    We can get DBMS_LDAP to retrieve the information we need. What does DBMS_LDAP use that Java can not?

  • MMP using wrong search base when doing LDAP query.

    Hi all,
    I installed a new MMP (sun java communication suite v5 on Redhat linux x86).
    When an imap user connects to MMP, the MMP does an ldap query for attributes "MailHostAttrs mailHost".
    This query fails because the search base is
    SRCH base="dc=my,dc=domain,dc=com,o=my.domain.com"
    instead of simply "o=my.domain.com"
    When I ran 'configure' I specified the Organization DN to be o=my.domain.com
    And I've specified the following in the ImapProxyAService.cfg file:
    LdapUrl "ldap://ldap1.my.domain.com:389/o=my.domain.com"
    UserGroupDN "o=my.domain.com"
    DefaultDomain my.domain.com
    So why does it use "dc=my,dc=domain,dc=com,o=my.domain.com"?
    I must be missing something but I can't find it.

    Hi,
    kevin_sysadmin wrote:
    So why does it use "dc=my,dc=domain,dc=com,o=my.domain.com"?
    I must be missing something but I can't find it.The first step the MMP will do to resolve the base DN for a hosted domain is a directory search along the lines of (this is for schema 2 which is the default for a new install):
    [26/Oct/2007:16:46:23 +1000] conn=3152 op=1 msgId=2 - SRCH base="dc=aus,dc=sun,dc=com" scope=2 filter="(&(objectClass=sunManagedOrganization)(|(associatedDomain=aus.sun.com)(sunPreferredDomain=aus.sun.com)))" attrs=ALL
    So in my case I have default:LdapUrl "ldap://server.aus.sun.com/dc=aus,dc=sun,dc=com" and default:DefaultDomain aus.sun.com
    So you will probably find that you have a hosted domain configured under "dc=my,dc=domain,dc=com,o=my.domain.com" which got created during installation but not propagated with users.
    Regards,
    Shane.

  • Using LDAP Query in Active Directory to see what users are still logged ?

    any suggestions for a LDAP query that I can use in AD to see who is still logged into the network?
    It would be great to distinguish who's logged in with a screen lock which means they aren't really at their PC vs what users are actually using their PCs.
    Thanks in advance!

    I recently posted a framework for checking all machines to see who is logged into them. You can take that and adjust it as you need.
    https://social.technet.microsoft.com/Forums/en-US/fb2ef90a-ba15-41bf-8e6c-95d32256225b/how-do-i-run-this-query-from-a-text-file-list?forum=ITCG
    Don't retire TechNet! -
    (Don't give up yet - 13,085+ strong and growing)

  • Getting group members using ldap query

    I need help writing an LDAP query for iPlanet to retrieve all the members of a group. I can do it on Active Directory using the following :
    (memberof=CN=SundanceGroup,CN=Users,DC=Test,DC=com)
    But I am not able to do it with iPlanet. Please let me know how to do it.
    Thanks,
    Binu

    "memberof" attribute is not supported by iPlanet. try using "uniquemember" attribute instead. Also the users in iPlanet are generally created under "ou=people" and not "cn=users". try changing ur filter as(uniquemember=CN=SundanceGroup,ou=people,DC=Test,DC=com).
    BTW
    does anyone know how to query different servers with a common filter to get the groups of a user.

  • Determining if a user is disabled in OD using LDAP query

    Hello all,
    I'm doing a LDAP query against my OD to make a web-based user directory. I'm using PHP and doing a LDAP search against 10.6 Server OD such as this:
    $sr=ldap_search($ds, "cn=users,dc=my_server,dc=private", "(CN=*)");
    The search is working perfectly, and I'm getting an array result with multiple key/values such as:
    objectclass
    uidnumber
    apple-generateduid
    apple-mcxflags
    loginshell
    etc.......
    Since it's a listing of active employees, I want to identify deactivated ones and filter them out of my listing. However, I can't see any key/values that could tell me if a user is deactivated or not.
    What would be the best way? Must I run a command line to see if a user is disabled, and if so, what command? (However, this would be poor on performance...)
    Thanks.

    I looked into this ages ago here:
    https://discussions.apple.com/message/6595575#6595575
    This information was relevant back in 10.4 which was post NetInfo.  All things being equal, this is likely still the case.  However, this may have changed and I apologize in advance for not validating.

  • What are attributes we can use in LDAP query in server derivation rules

    Q: What are attributes we can use in LDAP query in server derivation rules
    A: Server derivation rules can be defined for an LDAP server in the same way as that for a Radius server. As opposed to a Radius server, where the list of attributes that are defined for a server are standard, for an LDAP server, the attributes depend on the type of the server.
    The following table contains the list of attributes that are available for an Active Directory implementation. The server may maintain only a subset of these attributes, depending on how the user entries have been configured.
    Attribute Name:
    ==============
    sAMAccountname
    userPrincipalName
    givenName
    sn
    initials
    description
    physicalDeliveryOfficeName
    telephoneNumber
    mail
    wwwHomePage
    url
    logonHours
    logonWorkstation
    userAccountControl
    pwdLastSet
    userAccountControl
    accountExpires
    streetAddress
    postOfficeBox
    postalCode
    memberOf
    primaryGroupID
    title
    department
    company
    manager
    directReports
    profilePath
    scriptPath
    homeDrive
    homeDirectory
    HomeDirDrive
    telephoneNumber
    otherTelephone
    pager
    pagerOther
    mobile
    otherMobile
    fascimileTelephoneNumber
    otherFascimileTelephoneNumber
    ipPhone
    otherIpPhone

    >
    praveen.tecnics wrote:
    > hi experts
    >
    > what are mapping rules in sap xi/pi  ? how we can use this rules for special charters mapping .
    to map special characters you need to use an element called CDATA in your mapping
    a special character causes an error....as XI wont be able to read it (as it is not in a proper XML format)...so to parse this character through XI without causing an eror use the CDATA....just make a search on SDN and you will find the proper use of it....
    For your info: http://www.w3schools.com/XML/xml_cdata.asp
    Regards,
    Abhishek.
    Edited by: abhishek salvi on May 20, 2009 8:52 AM

  • Sentinel 7 using ldap query to eDirectory

    Hi,
    Is it possible for me to generate a custom report that will perform a
    ldapsearch on my eDirectory to retrieve attributes of users? Or is there
    a way where i can create a collector to connect to my eDirectory
    database?. What I'm planning to do is i would like to customized a
    report to display all users attribute in a report using iReport and
    upload it into Sentinel 7 system, please advise thanks.
    albertngfalls2012
    albertngfalls2012's Profile: https://forums.netiq.com/member.php?userid=4894
    View this thread: https://forums.netiq.com/showthread.php?t=49182

    On 11/13/2013 11:04 AM, albertngfalls2012 wrote:
    >
    > Hi ab,
    >
    > Firstly thanks for your reply, actually i do have an IDM server running
    > currently but how do I export user data to Sentinel using Identity
    > Integration? Correct me if I'm wrong when you say Identity Integration
    > do you mean the driver used for Identity Tracking? If that's the driver
    The Sentinel 7 driver for IDM is for "Identity Tracking", yes, which is
    the feature that feeds data from user objects in the Identity Vault into
    Sentinel, which then means that the data are held in Sentinel for direct
    reporting.
    > that you're mentioning how do I actually pull out all this user data to
    > compile as a report and what tool or language (MySQL, Lucene and etc)
    > should I use? and once I compile this report can I upload it to my
    I'd check the default, built-in reports first to see if there are any that
    report on identities in the system. If so, what you're after may be
    really easy. If not, you could build a report with iReport that queries
    the built-in PostgreSQL database (like other stock reports already can do
    out of the box, so maybe use them as templates if that helps, vs. the
    Lucene ones that will not be as helpful as templates) for the identities.
    I forget the table names now, but I believe they have identity in the
    name... something like usr_identity or similar.
    Good luck.
    If you find this post helpful and are logged into the web interface,
    show your appreciation and click on the star below...

  • SharePoint 2010 with LDAP authentication, using NOVELL eDirectory

    One of my customers needs a SharePoint application that allows people to authenticate with either an Active Directory account (internal staff) or a Novell eDirectory account (external customers).
    Using the following article as a base guide (http://blogs.technet.com/b/speschka/archive/2009/11/05/configuring-forms-based-authentication-in-sharepoint-2010.aspx)
    I configured a claims-based test application that had Windows authentication enabled and Forms based authentication (FBA) enabled (this is on a Windows 2008 server and not a domain controller)
    In the Membership provider name text box I entered "LdapMember"
    In the Role provider name  text box I entered "LdapRole"
    In the web.config for the SharePoint Central Admin, I modified/added the following details right before </system.web>
    <membership>
    <providers>
    <add name="LdapMember"
    type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
    server="ldap.server.address"
    port="389"
    useSSL="false"
    connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
    connectionPassword= "validpassword"
    userDNAttribute="dn"
    userNameAttribute="cn"
    userContainer="OU=people,O=validobject"
    userObjectClass="person"
    userFilter="(ObjectClass=person)"
    scope="Subtree"
    otherRequiredUserAttributes="sn,givenname,cn" />
    </providers>
    </membership>
    <roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider" >
    <providers>
    <add name="LdapRole"
    type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
    server="ldap.server.address"
    port="389"
    useSSL="false"
    connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
    connectionPassword= "validpassword"
    groupContainer="OU=people,O=validobject"
    groupNameAttribute="cn"
    groupNameAlternateSearchAttribute="samAccountName"
    groupMemberAttribute="member"
    userNameAttribute="sAMAccountName"
    dnAttribute="distinguishedName"
    groupFilter="((ObjectClass=group)"
    userFilter="((ObjectClass=person)"
    scope="Subtree" />
    </providers>
    </roleManager>
    I modified the SecurityTokenServiceApplication web.config with these details
    <system.web>
    <membership>
    <providers>
    <add name="LdapMemebr"
    type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
    server="ldap.server.address"
    port="389"
    useSSL="false"
    connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
    connectionPassword= "validpassword"
    userDNAttribute="dn"
    userNameAttribute="cn"
    userContainer="OU=people,O=validobject"
    userObjectClass="person"
    userFilter="(ObjectClass=person)"
    scope="Subtree"
    otherRequiredUserAttributes="sn,givenname,cn" />
    </providers>
    </membership>
    <roleManager enabled="true">
    <providers>
    <add name="LdapRole"
    type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
    server="ldap.server.address"
    port="389"
    useSSL="false"
    connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
    connectionPassword= "validpassword"
    groupContainer="OU=people,O=validobject"
    groupNameAttribute="cn"
    groupNameAlternateSearchAttribute="samAccountName"
    groupMemberAttribute="member"
    userNameAttribute="sAMAccountName"
    dnAttribute="distinguishedName"
    groupFilter="(&amp;(ObjectClass=group))"
    userFilter="(&amp;(ObjectClass=person))"
    scope="Subtree" />
    </providers>
    </roleManager>
    </system.web>
    I modified the web.config of the test application I created with these details
    <roleManager defaultProvider="c" enabled="true" cacheRolesInCookie="false">
    <providers>
    <add name="c" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
    <add name="LdapRole" type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
    server="ldap.server.address"
    port="389"
    useSSL="false"
    connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
    connectionPassword= "validpassword"
    groupContainer="OU=people,O=validobject"
    groupNameAttribute="cn"
    groupNameAlternateSearchAttribute="samAccountName"
    groupMemberAttribute="member"
    userNameAttribute="cn"
    dnAttribute="dn"
    groupFilter="(&amp;(ObjectClass=group))"
    userFilter="(&amp;(ObjectClass=person))"
    scope="Subtree" />
    </providers>
    </roleManager>
    <membership defaultProvider="i">
    <providers>
    <add name="i" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
    <add name="LdapMember" type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
    server="ldap.server.address"
    port="389"
    useSSL="false"
    connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
    connectionPassword= "validpassword"
    useDNAttribute="true"
    userDNAttribute="dn"
    userNameAttribute="cn"
    userContainer="OU=people,O=validobject"
    userObjectClass="person"
    userFilter="(ObjectClass=person)"
    scope="Subtree"
    otherRequiredUserAttributes="sn,givenname,cn" />
    </providers>
    </membership>
    With all of this configured, I can go to the new test site, I do see the form where I can choose either Windows authentication or Forms authentication. I can successfully login with Windows authentication, but forms authentication gives me me an error.
    The server could not sign you in. Make sure your user name and password are correct, and then try again.
    I can successfully login to a LDAP management tool, using the same credentials I entered on the form, so I know the username and password being submitted are correct. I get the following items in the event viewer
    8306 - SharePoint Foundation - The security token username and password could not be validated.
    in the SharePoint trace logs - Password check on 'testuser' generated exception: 'System.ServiceModel.FaultException`1[Microsoft.IdentityModel.Tokens.FailedAuthenticationException]: The security token username and password could not be validated. and
    then this:
    Request for security token failed with exception: System.ServiceModel.FaultException: The security token username and password could not be validated.
    at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.ReadResponse(Message response)
    at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr)
    at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst)
    at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForContext(Uri context, Boolean bearerToken, SecurityToken onBehalfOf, SecurityToken actAs, SecurityToken delegateTo)
    I monitored the LDAP server and did a packet-trace on the communication happening between the SharePoint server and the LDAP server and it is a bit odd. It goes like this:
    The SharePoint server successfully connects to the LDAP server, binding the ldapserviceid+password
    The LDAP server tells the SharePoint server it is ready to communicate
    the SharePoint server sends an LDAP query to the LDAP server, asking if the name entered in the form authentication page can be found.
    The LDAP server does the query, successfully finds the entered name and sends a success message back to SharePoint
    The LDAP server sends notification that it is done and is closing the connection that was bound to theldapserviceid+password
    The SharePoint server acknowledges the connection is closing
    ... and then nothing happens, except the error on SharePoint
    What I understand is that the SharePoint server, once it gets confirmation that the submitted username exists in LDAP, should attempt to make a new LDAP connection, bound to the username and password submitted in the form (rather than the LDAP service account
    specified in the web.config). That part does not seem to be happening.
    I am at a standstill on this and any help would be greatly appreciated.

    OK, our problem was resolved by removing any information about the ASP.NET role manager. Initially, we had information about a role manager defined in three different web.config files, as well as in the SharePoint Central Administration site, where there
    is the checkbox to Enable Forms Based Authentication (you see this when you first create the new SharePoint app, or afterwards by modifying the Authentication Provider for the app.) In either case, you will see two text boxes, underneath the checkbox item
    for enabling Forms Based Authentication:
    "ASP.NET Membership provider name"
    "ASP.NET Role manager name"
    We entered a name for Membership provider, and left Role manager blank.
    In the web.config for the SharePoint Central Administration site, the SecurityTokenServiceApplication app, and the web app we created with FBA enabled, we entered the following:
    <membership>
    <providers>
    <add name="LdapMember"
    type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
    server="ldap.server.address"
    port="389"
    useSSL="false"
    connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
    connectionPassword="validpassword"
    useDNAttribute="false"
    userDNAttribute="dn"
    userNameAttribute="cn"
    userContainer="OU=people,O=validobject"
    userObjectClass="person"
    userFilter="(ObjectClass=person)"
    scope="Subtree"
    otherRequiredUserAttributes="sn,givenname,cn" />
    </providers>
    </membership>
    <roleManager>
    <providers>
    </providers>
    </roleManager>
    useDNAttribute="false" turned out to be important as well.
    So, for us to get LDAP authentication working between SharePoint 2010 and Novel eDirectory, we had to:
    leave anything related to the role provider blank
    configure the web.config in three different applications, with the proper connection information to reach our Novel eDir
    Ensure that useDNAttribute="false" was used in all three on the modified web.config files.
    Since our eDir is flat and used pretty much exclusively for external users, we had never done any sort of advanced role management configuration in eDir. So, by having role manager details in the web.config files, SharePoint was waiting for information from
    a non-existent role manager.

  • Log-Entry: 'Warning: LDAP: query accept could not be found'

    I found many entries like this:
    Thu Mar 13 12:45:30 2008 Warning: LDAP: query accept could not be foundin our log 'mail.current'.
    We don't use LDAP (anymore). Where do I have to check if we have missed something what should be de-activated?
    In the GUI 'System Administration', 'LDAP' I have the following entry:
    Server Profile Host Name Port Queries
    Profilename 1.2.3.4.,1.2.3.5 389 None configured
    How can we prevent this warning-entries in the logfile?

    On the GUI interface, go to "Network > Listeners".
    Select the inbound listener. At the bottom, make sure the LDAP queries are all set to None. You may also want to delete your ldap profiles if you're not using them anymore. "System Administration > LDAP"
    If that doesn't address the warnings, contact Technical Support so they can further investigate it.
    I found many entries like this:Thu Mar 13 12:45:30 2008 Warning: LDAP: query accept could not be foundin our log 'mail.current'.
    We don't use LDAP (anymore). Where do I have to check if we have missed something what should be de-activated?
    In the GUI 'System Administration', 'LDAP' I have the following entry:
    Server Profile Host Name Port Queries
    Profilename 1.2.3.4.,1.2.3.5 389 None configured
    How can we prevent this warning-entries in the logfile?

  • Is it possible to retrieve data from an Oracle db with an LDAP query?

    Our application uses an LDAP query to retrieve data from Microsoft Active Directory. Is it also possible to retrieve data from an Oracle database with an LDAP query?

    if you have Oracle Internet Directory, you will retrieve with ldapsearch data, which are physically stored in the database. But to select * from emp where ename='SCOTT', it is probably not possible.
    At least I have never heard of such a product which translate ldap query in sql query. But feel free to write your own one in perl :-)

  • Critical: LDAP: query DNS result DNS Hard Error looking up e

    I am not having any luck when trying to connect to all 3 of our LDAP Servers...I get this error in the logs:
    Critical: LDAP: query DNS result DNS Hard Error looking up MyServer.Mydomain.com (A): NXDomain
    It is open through our Firewalls. I don't even see the Test Query reach our Firewalls...any suggestions what I am doing wrong?
    We were using Surfcontrol and it worked fine... :?:

    In Surfcontrol I put the IP without the DN and the query returns all the users.
    In IronPort when I put the IP without the DN and do an Accept query using my email address in the Recipient Address I get the above error.

  • Create Materialized View based on Results from LDAP Query

    Hi -- I'm trying to create a materialized view based on results from an LDAP query. Unfortunately, it looks like a materialized view can't be created based on a stored procedure, which is where the LDAP results are obtained (using nested loops).
    Does anyone have any idea how to do this without first kicking off a stored procedure that populates a temp table which would be used to create the materialized view? I'm trying to minimize the steps that the DBA's will need to go through when refreshing this new view.
    Thanks,
    ~Christine

    Can you give us more details about the stored procedure you're calling. It will help to know what parameters are involved and what data types they are.
    Off the top of my head though it looks like, at the very least, you would need a stored function that calls the stored procedure. I don't think there is any way to call stored procedures from CREATE ... commands. If you're going to create a stored function anyway ... well, you might as well just create a procedure that inserts values into a regular table instead of fussing with functions and materialized views. You'll probably want to schedule your new procedure to run periodically since it sounds like you'll need the values refreshed from time to time.

  • Cache an LDAP query result in a Map Object

    Is there a way to perform a single LDAP query and store it in some type of an indexed list Object in memory. Specifically I need to populate both LDAP manager and managerFullName for an LDAP user object based on an employeenumber query.
    I don't want to query LDAP for every user object. I would like to submit one search such as (objectclass=inetorgperson) and store the result in an indexed list in memolry using employeenumber as the key. This way I only need to query the indexed list object for each user entry.
    Is this possible?

    No this is not possible.
    The only way to do this is to use a java class you write yourself. But and a major but: if you do not stay in the same place in IDM (form or workflow) you will lose the content because the object will be garbage collected when you change.
    The other thing is: how much will you gain? The ldap server can probably return the result far quicker then you can iterate through the list to find the entry.
    WilfredS

  • Group Policy Item level targeting LDAP Query for specific AD Sites

    Hi Everyone,
    I'm looking to try and take advantage of Group Policy Preference Item Level Targeting to publish user Proxy settings based on what AD Site a user is located in.
    The company I work for has multiple proxies (for multiple regions). We have hundreds of AD Sites listed within our AD S and S setup. I know that I could potentially list every AD Site that requires a particular proxy, but this would generate additional admin
    overhead each time a new site is commissioned, as well as each time a site is decommissioned (this is a construction company, so may "sites" can fluctuate rapidly).
    Due to this, I would like to know if it is possible to filter by LDAP query, and filter for each proxy, based on a portion of the text/name of the AD Sites (as we use a specific naming convention for our sites, this could be dynamic enough for us to not
    have to add or remove additional AD sites).
    Is this possible, and, if so, how would I write the LDAP Filter/Query??
    Right now I would assume I would do it in the following manner:
    (&(objectCategory=site)(objectClass=site)(cn=AU-*)
    Any assistance would be greatly appreciated.
    Cheers,
    Simon

    > Right now I would assume I would do it in the following manner:
    >
    > (&(objectCategory=site)(objectClass=site)(cn=AU-*)
    Sites do NOT reside in the domain partition, but in the configuration
    partition... You can verify your LDAP filter with
    dsquery * -filter "(your filter here)"
    This query will return all matching objects' distinguished names (DN).
    But why don't you use the "Sites" ILT instead? This ILT supports ? and *
    as wildcards, so it might be sufficient.
    Martin
    Mal ein
    GUTES Buch über GPOs lesen?
    NO THEY ARE NOT EVIL, if you know what you are doing:
    Good or bad GPOs?
    And if IT bothers me - coke bottle design refreshment :))

Maybe you are looking for