LDAP jobs not functioning as expected on DEV or TEST

Discussion created by jcopersi on Mar 15, 2011
Latest reply on Mar 17, 2011 by Chris_Hackett
Hello all. I have been working on this with one of our developers for some time now. Currently, we do not have much automation on our Clarity tool. However, we are working to implement a better LDAP filter for Clarity. Currently, our LDAP filter just uses virtually no restrictions.
Here is our filter:

extensionAttribute15 is basically just a category we have in our AD that specifies your employment. IF the field is blank, it is a group account, or a test account and does not relate to a user. Any other input in that field means it is some sort of employee or individual. I am working on a filter to allow the use of a user group to filter out who gets into Clarity and who does not. I have named this group Clarity Users.
When I run the new filter in our DEV instance, nothing happens. When I run it in our TEST instance, the user count goes from over 2000 to 855. Filtering out external accounts, it goes down to about 775. There are not 775 users in the user group I created, there are 6.
Here is the new filter:

(&(extensionAttribute15=*)(objectclass=organizationalPerson)(memberOf=CN=Clarity Users,OU=Static Groups,OU=Groups,DC=companyname,DC=com))

I have tested this filter in an LDAP browser and received the correct response. When I run the LDAP obsolete job in Clarity, it does not remove all but the 6 in this group and when I add new users to the Clarity group, it does not add their account to clarity, or activate the account. Ideas?