Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

CUP LDAP search string

So I am wondering if there is a way I can set a search string on my CUP server to filter out accounts that I don't want to show up in the CUPC directory.  We have a lot of admin accounts, distribution groups, etc that all show up.  I only want accounts with actual mail address to show up.  This is what I have right now for my LDAP Profile Configuration:

Bind Distinguished Name (DN) - CN=SRVUCLOOKUPAD,OU=Service Accounts,DC=NMDP,DC=ORG

Search Context - DC=NMDP,DC=ORG

1 ACCEPTED SOLUTION

Accepted Solutions
Red

Re: CUP LDAP search string

You could.  All you need to do is to use # sign to separate different OUs.  For example, set the search base to the following:

OU=Sales,DC=acme,DC=com#OU=Support,DC=acme,DC=com

This is supported on CUPC 7.0.2 and above.

You may find more details on http://www.lulu.com/content/5552336.

Michael

9 REPLIES
Super Bronze

Re: CUP LDAP search string

Hi

Your searches bind to AD with a specific username, so you could just deny read access to the OUs you want to filter out to that SRVUCLOOKUPAD account.

Regards

Aaron

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!
New Member

Re: CUP LDAP search string

So outside of a permissions change, is there anything that would work?

They way our AD environment is setup, that would be pretty messy...

Super Bronze

Re: CUP LDAP search string

Hi

Probably not.

You can filter based on perms, and can filter based on Base OU.

I'm not aware of a way to change the stock filters...

If your AD is really not set up to allow neat searches it might want a rethink...

Aaron

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!
New Member

Re: CUP LDAP search string

Understood.  I guess what I was trying to get at is whether or not you can specify multiple OU's in the Search Context?  But it sounds like you are saying that isn't possible either?

Super Bronze

Re: CUP LDAP search string

Hi

Not as far as I'm aware - you assign one search base to a profile, and one profile to each user... so there's nowhere to add multiples.

The online help for the page confirms this.

Regards

Aaron

Please rate helpful posts...

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!
Red

Re: CUP LDAP search string

You could.  All you need to do is to use # sign to separate different OUs.  For example, set the search base to the following:

OU=Sales,DC=acme,DC=com#OU=Support,DC=acme,DC=com

This is supported on CUPC 7.0.2 and above.

You may find more details on http://www.lulu.com/content/5552336.

Michael

Super Bronze

Re: CUP LDAP search string

Hi Micheal

I stand corrected

More stunningly concise and up to date documentation for this product from Cisco sigh..

+5

Aaron

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!
New Member

Re: CUP LDAP search string

Great!  This worked perfectly.  Thanks Michael!

New Member

Re: CUP LDAP search string

Hi Michael,

Is it possible to use in the same time "#" and a LDAP filter in CUP8?

I have multiple OU to search into, so I use # to separate the ldap paths.

I would like to use a LDAP filter to discard computer object from AD: ";&(!objectClass=computer)".

When I use one of them, it works great, but when I try to use both tricks in the LDAP search context value, the LDAP search does not work anymore (the second LDAP path is ignored):

OU=Users1,DC=company,DC=local#OU=Users2,DC=company,DC=local;&(!objectClass=computer)

Is there a trick or a known limitation to do so?

Thank you for your help.

Yorick

1131
Views
0
Helpful
9
Replies
CreatePlease to create content