Example: For a specific group in Active Directory, you only want users in the Support Dept who are in the admin group to be able to logon and have admin rights in the K1000 appliance.
The User located in Active Directory is under support dept.kace.com
The Group in Active Directory is: admin.support.kace.com
To setup in the K1000 appliance LDAP authenication for the admin profile, the following parameters can be used:
1. Go to Settings -> Users Authentication -> Edit Mode -> Admin role
2. Search Base DN: cn=support dept,dc=kace, dc=com
The Search Base DN will identify the folder and subfolder to look into. It is a good practice to point to the location where the user is located.
3. Search Filter: (&(samaccountname=KBOX_USER)(memberOf=cn=admin,ou=support,dc=kace,dc=com))
The Search Filter will identifies with the properties of the account to search against
For this specific setup, it would only allow users in the group: cn=admin,ou=support,dc=kace,dc=com to logon to the K1000 appliance and receive admin rights.