03-19-2010 11:08 AM - edited 03-19-2019 12:39 AM
So I am wondering if there is a way I can set a search string on my CUP server to filter out accounts that I don't want to show up in the CUPC directory. We have a lot of admin accounts, distribution groups, etc that all show up. I only want accounts with actual mail address to show up. This is what I have right now for my LDAP Profile Configuration:
Bind Distinguished Name (DN) - CN=SRVUCLOOKUPAD,OU=Service Accounts,DC=NMDP,DC=ORG
Search Context - DC=NMDP,DC=ORG
Solved! Go to Solution.
03-20-2010 09:22 AM
You could. All you need to do is to use # sign to separate different OUs. For example, set the search base to the following:
OU=Sales,DC=acme,DC=com#OU=Support,DC=acme,DC=com
This is supported on CUPC 7.0.2 and above.
You may find more details on http://www.lulu.com/content/5552336.
Michael
03-19-2010 11:10 AM
Hi
Your searches bind to AD with a specific username, so you could just deny read access to the OUs you want to filter out to that SRVUCLOOKUPAD account.
Regards
Aaron
03-19-2010 11:37 AM
So outside of a permissions change, is there anything that would work?
They way our AD environment is setup, that would be pretty messy...
03-19-2010 11:52 AM
Hi
Probably not.
You can filter based on perms, and can filter based on Base OU.
I'm not aware of a way to change the stock filters...
If your AD is really not set up to allow neat searches it might want a rethink...
Aaron
03-19-2010 12:02 PM
Understood. I guess what I was trying to get at is whether or not you can specify multiple OU's in the Search Context? But it sounds like you are saying that isn't possible either?
03-19-2010 12:09 PM
Hi
Not as far as I'm aware - you assign one search base to a profile, and one profile to each user... so there's nowhere to add multiples.
The online help for the page confirms this.
Regards
Aaron
Please rate helpful posts...
03-20-2010 09:22 AM
You could. All you need to do is to use # sign to separate different OUs. For example, set the search base to the following:
OU=Sales,DC=acme,DC=com#OU=Support,DC=acme,DC=com
This is supported on CUPC 7.0.2 and above.
You may find more details on http://www.lulu.com/content/5552336.
Michael
03-21-2010 07:37 AM
Hi Micheal
I stand corrected
More stunningly concise and up to date documentation for this product from Cisco sigh..
+5
Aaron
03-22-2010 09:04 AM
Great! This worked perfectly. Thanks Michael!
09-28-2010 12:47 AM
Hi Michael,
Is it possible to use in the same time "#" and a LDAP filter in CUP8?
I have multiple OU to search into, so I use # to separate the ldap paths.
I would like to use a LDAP filter to discard computer object from AD: ";&(!objectClass=computer)".
When I use one of them, it works great, but when I try to use both tricks in the LDAP search context value, the LDAP search does not work anymore (the second LDAP path is ignored):
OU=Users1,DC=company,DC=local#OU=Users2,DC=company,DC=local;&(!objectClass=computer)
Is there a trick or a known limitation to do so?
Thank you for your help.
Yorick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide