In addition to querying the core database, Management Suite also provides the
directory manager tool that lets you locate, access, and manage
devices in other directories via LDAP (the Lightweight Directory
Access Protocol).
You can query devices based on specific attributes such as
processor type or OS. You can also query based on specific user
attributes such as employee ID or department.
For information about creating and running database queries from
the Queries groups in the network view, see Database queries.
Use the directory manager tool to manage the LDAP directories
you use with LANDesk
Management Suite. The LDAP server, username and password you
enter are saved and used when you browse or execute queries to the
directory. If you change the password of the configured user in the
LDAP directory, you must also change the password in this tool.
NOTE: The account you
configure in directory manager must be able to read the users,
computers and groups that you use for management with LDMS.
To configure a new directory
Click Configure > Manage Directories.
Click Add.
Enter the DNS name of the directory server in the
LDAP:// field.
Enter the User name and Password.
NOTE: If you are
using Active Directory, enter the name as
<domain-name>\<nt-user-name>. If you are using another
directory service, enter the distinguished name of the user.
Click OK to save the information. The
information you enter is verified against the directory before the
dialog box closes.
To modify an existing directory configuration
Click Configure > Manage Directories.
Click the directory you want.
Click Edit.
Change the server, username, password as desired
Click OK to save the information. The
information is verified against the directory before the dialog box
closes
To delete an existing directory configuration
Click Configure > Manage Directories.
Click the directory you want.
Click Delete.
NOTE: All LDAP
queries using this directory will be deleted when the directory is
removed.
About the Directory manager
window
Use directory manager to accomplish the following tasks:
Manage directory: Opens the Directory
properties dialog where you identify and log in to an LDAP
directory.
Remove directory: Removes the selected
directory from the preview pane and stops managing it.
Refresh view: Reloads the list of managed
directories and targeted users.
Launch organization view:
New query: Opens the LDAP query dialog
where you can create and save an LDAP query.
Delete query: Deletes the selected query.
Run query: Generates the results of the
selected query.
Object properties: See the properties for the
selected object.
Using directory manager, you can drag LDAP groups and saved LDAP
queries onto scheduled tasks, making them task targets.
The directory manager window consists of two panes: a directory
pane on the left and a preview pane on the right.
Directory pane
The directory pane displays all registered directories and
users. As an administrator, you can specify the name of a
registered directory and see a list of queries that are associated
with the directory. You can create and then save new queries for a
registered directory with a right mouse click or by using drop-down
menus. After creating a query, you can drag and drop it to the
Scheduled tasks window so that the task is applied to users
who match the query.
Preview pane
When you select a saved query in directory manager's directory
pane on the left side of the dialog, the policies and tasks
targeted to that query appear in the preview pane on the right
side. Likewise, when an individual LDAP user is selected in the
directory pane, the policies and tasks targeted to that user appear
in the preview pane.
Creating LDAP
directory queries
To create and save a directory query
The task of creating a query for a directory and saving that
query is divided into two procedures:
To select an object in the LDAP directory and initiate a new
query
Click Tools > Distribution > Directory
Manager.
Browse the Directory Manager directory pane,
and select an object in the LDAP directory. You'll create an LDAP
query that returns results from this point in the directory tree
down.
From directory manager, click the New query
toolbar button. Note that this icon only appears when you select
the root organization (o) of the directory tree (o=my company) or
an organizational unit (ou=engineering) within the root
organization. Otherwise, it's dimmed.
The Basic LDAP query dialog box appears.
To create, test, and save the query
From the Basic LDAP query dialog box, click an
attribute that will be a criterion for the query from the list of
directory attributes (example = department).
Click a comparison operator for the query (=,<=,
>=) .
Enter a value for the attribute (example department =
engineering).
To create a complex query that combines multiple
attributes, select a combination operator (AND or OR) and repeat
steps 1 through 3 as many times as you want.
When you finish creating the query, click
Insert.
To test the completed query, click Test
query.
To save the query, click Save. The saved query
will appear by name under Saved queries in the directory
pane of directory manager.
About the Basic LDAP
query dialog box
LDAP query root: Select a root object in the
directory for this query (LDAP://ldap.xyzcompany.com/ou = America.o
= xyzcompany). The query that you're creating will return results
from this point in the tree down.
LDAP attributes: Select attributes for
user-type objects.
Operator: Select the type of operation to
perform relating to an LDAP object, its attributes, and attribute
values including equal to (=), less than or equal to (<=), and
greater than or equal to (>=).
Value: Specify the value assigned to the
attribute of an LDAP object.
AND/OR/NOT: Boolean operators that you can
select for your query conditions.
Test query: Execute a test of the query you've
created.
Save: Save the created query by name.
Advanced: Create a query using the elements of
a basic LDAP query but in a freeform manner.
Insert: Insert a line of query criteria.
Delete: Delete a selected line of
criteria.
Clear all: Clear all lines of query
criteria.
About the Save LDAP query
dialog box
From the Basic LDAP query dialog box, click Save
to open the Save LDAP query dialog box, which displays the
following:
Choose a name for this query: Lets you choose
a name for the query you've created.
Query Details LDAP Root: Lets you create a
query using the elements of a basic LDAP query, but in a freeform
manner.
Query Details LDAP Query: Displays query
examples you can use as a guide when creating your own query in
freeform.
Save: Lets you save the created query by name.
The query is saved under the Saved queries item under the
LDAP directory entry in the directory manager directory pane.
About the Directory
properties dialog box
From the directory manager toolbar, click the Manage
directory toolbar button to open the Directory
properties dialog box. This dialog box allows you to start
managing a new directory, or to view properties of a currently
managed directory. This dialog box also shows the URL to the LDAP
server and the authentication information required to connect to
the LDAP directory:
Directory URL: Lets you specify the LDAP
directory to be managed. An example of an LDAP directory and the
correct syntax is ldap.<companyname>.com. For example, you
might type ldap.xyzcompany.com.
Authentication: Lets you log in as the
following user (that is, you specify a user path and name and the
user password).
About the Advanced LDAP
query dialog box
From the Basic LDAP query dialog, click Advanced
to open the Advanced LDAP query dialog, which displays the
following:
LDAP query root: Lets you select a root object
in the directory for this query. The query that you're creating
will return results from this point in the tree down.
LDAP query: Lets you create a query using the
elements of a basic LDAP query but in a freeform manner.
Examples: Displays query examples you can use
as a guide when creating your own query in freeform.
Test query: Lets you execute a test of the
query you have created.
The Advanced LDAP query dialog appears when you edit a
query that has already been created. Also, if you select an LDAP
group in directory manager and then create a query from that point,
the Advanced LDAP query dialog appears with a default query
that returns the users who are members of that group. You can't
change the syntax of this default query; only save the query.
More about the Lightweight
Directory Access Protocol (LDAP)
Lightweight Directory Access Protocol (LDAP) is an industry
standard protocol for accessing and viewing information about users
and devices. LDAP enables you to organize and store this
information in a directory. An LDAP directory is dynamic in that it
can be updated as necessary, and it is distributed, protecting it
from a single point of failure. Common LDAP directories include
Novell Directory Services (NDS) and Microsoft Active Directory
Services (ADS).
The following examples show LDAP queries that can be used to
search the directory:
Get all entries: (objectClass=*)
Get entries containing 'bob' somewhere in the common
name: (cn=*bob*)
Get entries with a common name greater than or equal
to 'bob': (cn>='bob')
Get all users with an e-mail attribute:
(&(objectClass=user)(email=*))
Get all user entries with an e-mail attribute and a
surname equal to 'smith':
(&(sn=smith)(objectClass=user)(email=*))
Get all user entries with a common name that starts
with 'andy', 'steve', or 'margaret': (&(objectClass=User)(|
(cn=andy*)(cn=steve*)(cn=margaret*)))
Get all entries without an e-mail attribute:
(!(email=*))
The formal definition of the search filter is as follows (from
RFC 1960):
The token <attr> is a string representing an
AttributeType. The token <value> is a string representing an
AttributeValue whose format is defined by the underlying directory
service.
If a <value> must contain one of the characters * or ( or
), precede the character with the slash (\) escape character.