LDAP Connection String Values

Posted on 2010-01-12
Medium Priority
Last Modified: 2013-12-24
Hi All,

We have a new network printer which has ldap functionality, so that users can scan directly into a users mailbox

dc=MyDomainName,dc=com - if i leave the ldap string like this it displays everything in active directory - bascially too much info and too messy

however if i use:


its alot cleaner as it only shows me users from the finance org unit

however i am having trouble editing the string to add more organisational units or even if its possible

for example

ou=_Finance, ou=_IT, ou=_warehouse,dc=MyDomainName,dc=com - this does not work

any ideas people ....
Question by:b-harry
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 74

Expert Comment

by:Glen Knight
ID: 26292252
You will need to specify each organisational units full string, you cannot tag them on.

As far as your LDAP query is concerned it is looking for this as an OU: ou=_Finance, ou=_IT, ou=_warehouse,dc=MyDomainName,dc=com
So if inside OU _warehouse it's looking for an OU called _IT and then inside IT it's looking for an OU called _finance.

Author Comment

ID: 26292318
i get you thanks, so in my case what do i need to type?

for example:
ou=_Finance,dc=MyDomainName,dc=com + ou=_IT,dc=MyDomainName,dc=com

how do i bind the 2?
whats the syntax?

Author Comment

ID: 26292334
or if i only want to get all the OU and not anything else what do i do here - think this might be better?

Optimum High-Definition Video Viewing and Control

The ATEN VM0404HA 4x4 4K HDMI Matrix Switch supports 4K resolutions of UHD (3840 x 2160) and DCI (4096 x 2160) with refresh rates of 30 Hz (4:4:4) and 60 Hz (4:2:0). It is ideal for applications where the routing of 4K digital signals is required.

LVL 74

Expert Comment

by:Glen Knight
ID: 26292341
You are probably only likely to be able to bind to one OU at a time.
LVL 28

Expert Comment

ID: 26293291
I use this to address two OUs below root and can scan to users in both OUs:
OU=com, OU=root, DC=mycompany,DC=mydomail,DC=org
Note that the order is sometimes important, OUs from high to low and DC from low to high
LVL 71

Accepted Solution

Chris Dent earned 1500 total points
ID: 26334402

Can you supply it with an LDAP Filter? In many cases a reasonable LDAP Filter can be used to limit the results to a more useful set. For example, if all your users have "Company" filled in, you could use "(&(objectClass=user)(objectCategory=person)(company=*))".

It's very rare to see an option to allow you to bind to more OUs. By that I mean it would be a problem to search this structure from AD Users and Computers:

             | -- _Finance
             | -- _IT
             | -- _Warehouse

To do so requires the system to perform and combine the results of three separate searches. That's a lot more work than the simple LDAP programs tend to like.

It's part of why you see this kind of structure in AD quite frequently:

             | -- Departments
                           | -- _Finance
                           | -- _IT
                           | -- _Warehouse

It gives you the ability to return each of those three departments by setting the search base to "OU=Departments,DC=MyDomainName,DC=com". Easily dropping all of the default users.

Of course, altering your AD structure for one printer might be a bit over the top :)


Author Closing Comment

ID: 31676034
as it did not directly give a solution to my issue, but it helped me in finding the solution

Featured Post

Moving data to the cloud? Find out if you’re ready

Before moving to the cloud, it is important to carefully define your db needs, plan for the migration & understand prod. environment. This wp explains how to define what you need from a cloud provider, plan for the migration & what putting a cloud solution into practice entails.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
Backups and Disaster RecoveryIn this post, we’ll look at strategies for backups and disaster recovery.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

741 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question