Chat now with support
Chat with Support

KACE Systems Management Appliance 9.1 Common Documents - Administrator Guide

About the KACE Systems Management Appliance (SMA) Getting started
Configuring the appliance
Requirements and specifications Power-on the appliance and log in to the Administrator Console Access the Command Line Console Tracking configuration changes Configuring System-level and Admin-level General Settings Configure appliance date and time settings Enable Two-Factor Authentication for all users Verifying port settings, NTP service, and website access Configuring network and security settings Configuring Agent settings Configuring session timeout and auto-refresh settings Configuring locale settings Configuring the default theme Configure data sharing preferences About DIACAP compliance requirements Configuring Mobile Device Access Enable fast switching for organizations and linked appliances Linking Quest KACE appliances Configuring history settings
Setting up and using labels to manage groups of items Configuring user accounts, LDAP authentication, and SSO Using Replication Shares Managing credentials Configuring assets
About the Asset Management component Using the Asset Management Dashboard About managing assets Adding and customizing Asset Types and maintaining asset information Managing Software assets Managing physical and logical assets Maintaining and using manual asset information Managing locations Managing contracts Managing licenses Managing purchase records
Setting up License Compliance Managing License Compliance Setting up Service Desk Configure the Cache Lifetime for Service Desk widgets Creating and managing organizations Importing and exporting appliance resources
Managing inventory
Using the Inventory Dashboard Using Device Discovery Managing device inventory
About managing devices Features available for each device management method About inventory information Tracking changes to inventory settings Managing inventory information Finding and managing devices Provisioning the KACE SMA Agent Manually deploying the KACE SMA Agent Using Agentless management Adding devices manually in the Administrator Console or by using the API Forcing inventory updates Managing MIA devices Obtaining Dell warranty information
Managing applications on the Software page Managing Software Catalog inventory
About the Software Catalog Viewing Software Catalog information Adding applications to the Software Catalog Managing License assets for Software Catalog applications Associate Managed Installations with Cataloged Software Using software metering Using Application Control Update or reinstall the Software Catalog
Managing process, startup program, and service inventory Writing custom inventory rules
Deploying packages to managed devices
Distributing software and using Wake-on-LAN Broadcasting alerts to managed devices Running scripts on managed devices Managing Mac profiles Using Task Chains
Patching devices and maintaining security
About patch management Subscribing to and downloading patches Creating and managing patch schedules Managing patch inventory Managing Dell devices and updates Maintaining device and appliance security
Using reports and scheduling notifications Monitoring servers
Getting started with server monitoring Working with monitoring profiles Managing monitoring for devices Working with alerts
Using the Service Desk
Configuring Service Desk Using the Service Desk Dashboard Managing Service Desk tickets, processes, and reports
Overview of Service Desk ticket lifecycle Creating tickets from the Administrator Console and User Console Creating and managing tickets by email Viewing tickets and managing comments, work, and attachments Merging tickets Using the ticket escalation process Using Service Desk processes Using Ticket Rules Run Service Desk reports Archiving, restoring, and deleting tickets Managing ticket deletion
Managing Service Desk ticket queues About User Downloads and Knowledge Base articles Customizing Service Desk ticket settings Configuring SMTP email servers
Maintenance and troubleshooting
Maintaining the appliance Troubleshooting the KACE SMA
Appendixes Glossary About us Legal notices

Add or edit LDAP Labels

Add or edit LDAP Labels

You can add and edit LDAP Labels as needed. Be sure to test LDAP Labels before you enable them.

1.
Go to the LDAP Label Detail page:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
b.
On the left navigation bar, in the Home section, click Label Management.
d.
Display the LDAP Label Detail page by doing one of the following:
Select Choose Action > New.

Option

Description

Enabled

Enable the appliance to run the LDAP Label.

NOTE: Select the Enabled check box only after you have tested the LDAP Label to verify that the LDAP criteria is correct and labels are applied as expected.

Type

The LDAP Label type. There are two types of LDAP Labels:

Device: Labels applied to device records. This is useful if you want to automatically group devices by name, description, and other LDAP criteria. When devices are inventoried, this query runs against the LDAP server to determine whether any devices contain LDAP attributes with values that correspond to the LDAP search filter criteria. If a result is returned, the device is assigned the label specified in the Associated Label Name field.

You must include at least one KACE SMA variable, such as KBOX_COMPUTER_NAME, in device labels for the LDAP label to be applied to a device. During LDAP label processing, the variable is used to compare an attribute's value in the LDAP directory to determine whether relationships exists between the LDAP object and a KACE SMA object. See LDAP variables.

User: Labels applied to user records. This is useful if you want to automatically group users by domain, location, budget code, or other LDAP criteria. LDAP Labels are applied to or removed from user records when users are imported to the appliance manually or according to a schedule. You can use user variables, such as KBOX_USER_NAME, in user labels. During LDAP label processing, the variable is used to compare an attribute's value in the LDAP directory to determine whether relationships exists between the LDAP object and a KACE SMA object. See LDAP variables.
TIP: To test a label, replace the KBOX_ variables with the appropriate values for your environment, then select Test.

Associated Label

The manual label, or container label, to associate with this LDAP Label. Each LDAP Label must have an associated label.

Associated Label Description

Notes from the label selected in the Associated Label Name field.

Server

The IP address or the hostname of the LDAP server. If the IP address is not valid, the appliance waits to timeout, resulting in login delays during LDAP authentication.

Port

The LDAP port number, which is usually 389 (LDAP) or 636 (secure LDAP).

Base DN

The criteria used to search for accounts.

This criteria specifies a location or container in the LDAP or Active Directory structure, and the criteria should include all the users that you want to authenticate. Enter the most specific combination of OUs, DCs, or CNs that match your criteria, ranging from left (most specific) to right (most general). For example, this path leads to the container with users that you need to authenticate:

OU=end_users,

DC=company,DC=com.

Advanced Search

The search filter. For example:

(&(sAMAccountName=KBOX_USERNAME)(memberOf=CN=financial,DC=example,DC=com))

Login

The credentials of the account the KACE SMA uses to log in to the LDAP server to read accounts. For example:

LDAP Login:CN=service_account,CN=Users,DC=company,DC=com.

If user name and password are not provided, the tree lookup is not performed. Each LDAP Label can connect to a different LDAP or Active Directory server.

Password

The password of the account the KACE SMA uses to log in to the LDAP server.

Label Attribute

For User-type labels: Enter a label attribute, such as: memberOf.

This setting returns a list of groups this user is a member of. The union of all the label attributes forms the list of labels you can import. If the search filter contains both the label names and user names, the label attribute is not required.

Label Prefix

For User-type labels only: Enter the label prefix. For example: ldap_

The label prefix is a string that is added to the beginning of all the labels.

If you are unsure of the Base DN and Advanced Search information, use the LDAP Browser. See Use the LDAP Browser.

NOTE: Negative search filters are formatted as follows: (!(sAMAccountName=David)). Any other format using negatives will result in an error.
3.
Click the Test button to test the new label. Change the label parameters and test again as needed.
4.
If the LDAP Label is ready to use, select the Enabled check box. Otherwise, save the label without enabling it.
5.
Click Save.

Enable LDAP Labels

Enable LDAP Labels

After you have added and tested an LDAP Label, you can enable it. Device LDAP Labels that are enabled run against the LDAP server when devices check in to the appliance. User LDAP Labels that are enabled run against the LDAP server when users are imported manually or imported according to a schedule.

Add and test an LDAP Label. See Add or edit LDAP Labels.

1.
Go to the LDAP Label Detail page:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
b.
On the left navigation bar, in the Home section, click Label Management.
2.
Select the Enabled check box.
3.
Click Save.

Delete LDAP Labels

Delete LDAP Labels

Deleting an LDAP Label removes the criteria associated with the LDAP Label, but it does not delete any other labels associated with the LDAP Label.

1.
Go to the LDAP Label Detail page:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
b.
On the left navigation bar, in the Home section, click Label Management.
3.
Select Choose Action > Delete, then click Yes to confirm.

Use the LDAP Browser

Use the LDAP Browser

The LDAP Browser enables you to browse and search data located on an LDAP server, such as an Active Directory server.

To use the LDAP Browser, you must have the Bind DN and the LDAP password to log on to the LDAP server.

The LDAP Browser can be useful when you need to enter information in the Search Base DN and the Search Filter fields for LDAP queries.

1.
Go to the LDAP Browser:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
b.
On the left navigation bar, in the Home section, click Label Management.
2.
Specify LDAP Server settings:

Option

Description

IP Address or Hostname

The IP address or the hostname of the LDAP server. If the IP address is not valid, the appliance waits to timeout, resulting in login delays during LDAP authentication.

Port

The LDAP port number, which is usually 389 (LDAP) or 636 (secure LDAP).

Login

The credentials of the account the KACE SMA uses to log in to the LDAP server to read accounts. For example:

LDAP Login:CN=service_account,CN=Users,

DC=company,DC=com.

If user name and password are not provided, the tree lookup is not performed. Each LDAP Label can connect to a different LDAP or Active Directory server.

Password

The password of the account the KACE SMA uses to log in to the LDAP server.

3.
Click Test.

If the operation fails, verify the following:

4.
Click Next.
The Narrow the Search window appears.

Option

Description

LDAP EasySearch

Type a string that you want to search for.

Search on

Indicate if you want to search for indexed or non-indexed fields by selecting the appropriate option, as required.

Other attributes

Type a comma-separated list of Active Directory fields that you want to search for.

6.
Click Go.
Related Documents