LDAP Across Multiple OU's

Kris's Avatar


05 May, 2010 04:59 PM

Does anyone know if Cascade can import users from across multiple OU's by providing a higher level OU as the container-identifier? It doesn't seem to work but maybe I'm doing something wrong.

Our environment has a single LDAP tree with an OU for each campus. Under each campus OU, there are a multitude of OU's breaking the users into different groupings. I would like to be able to just have one user-policy get all of the users from all of the OU's in the tree, or at most one policy for each campus. Is this even possible or am I going to have to provide a user-policy for each OU I need which could be a nightmare since there are probably 20 or 30 per campus.

And just so no one suggests it, there is no way my server guys are going to change the LDAP structure so that isn't an option. ;-)


  1. 1 Posted by Joel on 05 May, 2010 05:40 PM

    Joel's Avatar

    Hi Kris,

    Unfortunately you will have to have a user-policy for each OU I believe, or perhaps you could use the one base (top level) OU and filter based on certain attributes if you have any that distinguish themselves from the rest of the users in your LDAP instance.


  2. 2 Posted by Kris on 05 May, 2010 05:47 PM

    Kris's Avatar

    Thanks Joel. That's what I was afraid of. I haven't been able to get filters to work so far but I will keep trying.


  3. Tim closed this discussion on 05 May, 2010 05:53 PM.

  4. Kris re-opened this discussion on 05 May, 2010 06:35 PM

  5. 3 Posted by Kris on 05 May, 2010 06:35 PM

    Kris's Avatar

    OK, so I got it working with just the OU's for each campus. Then instead of using multiple object-attribute-filter's (which is what was causing it to not work), I used a freeform-filter. That was able to search the underlying OU's and I have successfully imported all of our users.


Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts


? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac