[cisco-voip] Directory Filtering question

Ryan West rwest at zyedge.com
Thu Apr 17 19:53:37 EDT 2008


Wow.  It sure is finiky, I just reapplied the same filter, removed my LDAP entries, turned off auth, turned off LDAP, then turned it back on and it started working again.  Is there some sort of a built in timer that can't be circumvented.  I did a manual sync at least three times with no luck.

Hopefully the weekly resync will actually detect when users are disabled and properly remove them.  What has been your experience with this Andrew?

Thanks,

-ryan

-----Original Message-----
From: cisco-voip-bounces at puck.nether.net [mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of Ryan West
Sent: Thursday, April 17, 2008 7:39 PM
To: Andrew Short; cisco-voip at puck.nether.net
Subject: Re: [cisco-voip] Directory Filtering question

Andrew,

I was able to use just the filter listed below, but when I use the following filter no users are matches, can you see what I might be missing.

(&(objectclass=user)(!(objectclass=Computer))(!(UserAccountControl:1.2.840.113556.1.4.803:=2))(|(ipPhone=1*)(ipPhone=2*)(ipPhone=3*)(ipPhone=4*)(ipPhone=5*)(ipPhone=6*)(ipPhone=7*)(ipPhone=8*)(ipPhone=9*)(ipPhone=0*)))

Thanks!

-ryan

-----Original Message-----
From: Andrew Short [mailto:Andrew.Short at cdw.com]
Sent: Thursday, April 17, 2008 3:56 PM
To: Ryan West; cisco-voip at puck.nether.net
Subject: RE: [cisco-voip] Directory Filtering question

I've done this and also found (ipPhone=*) to go wanting.  In our case
the customer was very good about massaging the AD data and I was able to
use this instead:

(|(ipPhone=1*)(ipPhone=2*)(ipPhone=3*)(ipPhone=4*)(ipPhone=5*)(ipPhone=6
*)(ipPhone=7*)(ipPhone=8*)(ipPhone=9*)(ipPhone=0*))

This plus the default filter almost fills your 255 char limit, but if
it's all you need it's fantastic.


-----Original Message-----
From: cisco-voip-bounces at puck.nether.net
[mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of Ryan West
Sent: Thursday, April 17, 2008 3:48 PM
To: cisco-voip at puck.nether.net
Subject: [cisco-voip] Directory Filtering question

Hello,

Does anyone have an example of a filter that has been tested that looks
for an attribute, such as the ipPhone field contains data, and then
returns only those records.  This is possible using some filters that
come with Active Directory Users and Computers.  I am very close, but I
can't seem to the filter right.

Here is an ugly one that come straight from AD:

(&(&(|(&(objectCategory=person)(objectSid=*)(!samAccountType
:1.2.840.113556.1.4.804:=3))(&(objectCategory=person)(!objectSid=*))
(&(objectCategory=group)(groupType:1.2.840.113556.1.4.804:=14)))(obj
ectCategory=user)(ipPhone=*)))

A simpler version, using the information in the axltoolkit, is start
with the base configuration of:

(&(objectclass=user)(!(objectclass=Computer))(!(UserAccountControl:1.2.8
40.113556.1.4. 803:=2)))

and add (ipPhone=*) to the end to make:

(&(objectclass=user)(!(objectclass=Computer))(!(UserAccountControl:1.2.8
40.113556.1.4. 803:=2))(ipPhone=*))

This should work, however, in either of the two cases it returns the
same userlist that has some information I do want to sync.  Do I need to
wipe our my LDAP database before resyncing, or would the users (assuming
they were no longer syncing) just drop off after a period of time?

Any help on this would be greatly appriciated.


Thanks,

-ryan
_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip
_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip


More information about the cisco-voip mailing list