In the past I've scoped polices to people in a department by adding all office computers, then setting a limitation to the relevant LDAP group, allowing them to run even if the computer wasn't assigned to the department correctly. I'm now at 9.62 and scope limitations offers only the options of Network Segments or iBeacons. Existing policies with limitations by LDAP group seems to still be working, but I can't limit new policies that way. Before I turn this in to a support call has anyone run into this before or have any suggestions on settings to check?
Solved
Scope Limitation by LDAP group missing.
+17Best answer by rderewianko
Scoping out to LDAP is only available after you've enabled the policy to be used via self service. Once you check that box it should show.
+18Scoping out to LDAP is only available after you've enabled the policy to be used via self service. Once you check that box it should show.
+17Thank you. Confusingly, it seems to maintain and honor the limitation even after you take the policy off Self Service
+18Thats more UX than anything. I'd expect it not to function without self service enabled. Work flow wise, its a bit confusing, as I tend to work left to right in casper, and often have to jump and go back to make it work.
- RD
+24Just FYI, its not only Self Service that gives you the LDAP Limitations options. You can also set the trigger to Login or Logout, and the options will show up. Basically, only user based triggers, like login and logout, allow you to set LDAP user and LDAP group limitations or exclusions. If its only a computer level trigger, like Recurring Check-in, it won't show up.
The good news is that you can still enable the Recurring check-in trigger as well as the login/logout trigger and the LDAP options still show up.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.