LDAP authentication picked up computer accounts


I have a brand new setup.

Se are syncing to Active Directory and I made use of the 3268 port since I have subdomains and OUs with user accounts.

One side affect was the fact that computer accounts and IIS accounts coming in as accounts. I also have one user who can’'t login as the account does not exist. I think this is because I hit the 1000 mark.

Anyhow very basic configuration. Do I have to make use of the (&sAMAccountName=(objectClass=organizationPerl)) to filter out the computer accounts?

Or is it better to use a group and dump all users into it?

Also, is there a way to hide the password for the admin account?

Here is the xml config sans particular info:

Message was edited by: mshember

You’'ll just need to change your query to exclude the computer accounts

My search query just includes user accounts with an email account and a surname so I exclude computer accounts, service accounts etc.


Check out the thread above. I just got done resolving this same issue. Hopefully my time researching an answer will help you out. The second post in particular will resolve the computer issue you are having as i had the same thing happen. The third post can help you limit more accounts out that you don’'t need, but are still user accounts.

I thought so!

This seems to work for the most part!

(&(objectCategory=person)(mail=*)(objectClass=user)(!(userAccountControl:1.2.840 .113556.1.4.803:=2)))

The ! section will eliminate disabled accounts.