Best Practices for Customizing Open Source LDAP Directory Service Type

Introduction

Open source LDAP for directory services is supported by Workspace ONE UEM. For instance, similar to Novell e-Directory, Lotus Domino, Microsoft Active Directory, Workspace One has a Samba OpenLDAP server for Directory services. In the Linux environment, Samba OpenLDAP is a widely used LDAP server.

Other than Novell e-Directory, Active Directory, or Lotus Domino, if the admin chooses to select any other LDAP server, refer through the following configuration tips while configuring open source LDAP directory service that covers the most critical steps.

Bind Authentication Type

To allow the AirWatch server to communicate with the domain controller, the admin is required to select the type of bind authentication.

The admin can select Digest, Kerberos, Anonymous, Basic, NTLM, or GSS-NEGOTIATE. Start by setting the bind authentication type, if unsure, to Basic. When Test Connection is clicked, the admin will know if your selection is not correct.

Bind User Name

Provide the credentials used to authorize with the domain controller. On the directory server, this account (which the entered username identifies) enables read-access permission and binds the connection when authenticating users. For the bind username, the full base distinguished name is considered to be a best practice to use. For instance, use CN=admin,DC=domain,DC=com.

User Search Filter

Enter the search parameter in the User Tab that is used to associate user accounts with Active Directory accounts and make sure the user search filter is appropriately configured. If the search filter is set as follows, expect appropriate results :

(&(objectCategory=person)(sAMAccountName={EnrollmentUser})).

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.