Adding an On-Premises LDAP Connection

Before you begin

If your SOTI MobiControl instance is a cloud instance, you'll need to set up a SOTI Cloud Link Agent to establish a connection between your LDAP connection and SOTI MobiControl.

Learn more at SOTI Cloud Link Agent.

About this task

To add an on-premises LDAP connection to SOTI MobiControl:

Procedure

  1. From the main menu, select Global Settings.
  2. Open Directory Service Configuration.
  3. Enter your LDAP server information.
    Name Enter a name for the LDAP connection. This name is used for reference only.
    Server Type Select the LDAP server type. The server type will decide what default search attributes will be used. Select one of:
    • Active Directory
    • Open Directory
    • Domino
    • Other LDAP
    Server Address The hostname or IP address of the LDAP server.
    Port LDAP Server connection port. The default is 389. If using SSL, the port is 636. The port can be any value if it matches server's settings.
    Use SSL If selected, SOTI MobiControl secures the LDAP communication over a Secure Sockets Layer (SSL) tunnel.
    Accept Untrusted Certificates This option allows SSL connections to use Untrusted Certification which in most cases is a self-signed CA root certificate. It's not recommended to enable this in a production environment.
  4. Specify how authentication is handled.
    Authentication Type Choose how to make a connection to the server. The authentication type should match the server's settings.

    Anonymous: Indicates that the connection should be made without passing credentials

    Basic: Indicates that basic authentication should be used on the connection

    Negotiate: Indicates that Microsoft Negotiate authentication should be used on the connection.
    User The user name used for binding to the connection when the authentication Type is Basic or Negotiate.
    Password The password of the binding user.
  5. Set the scope of the LDAP connection.
    Base DN (Distinguished Name) The top level of the LDAP directory tree is the base, referred to as the "base DN". This option is to define the highest level of the LDAP search scope. a.k.a. RootContainer.
    Referrals Control whether the LDAP connection can follow references to alternative locations where the LDAP request may be processed.

    Enable Follow Referrals to allow the binding server and the referral servers listed in the search response to be searched.

    Enable Follow Static Referrals to allow the binding server, the referral servers, and the servers in the static referral server list to be searched. Follow Referrals must be enabled to apply this setting.
  6. Optional: Add a SOTI Cloud Link Agent.
    This setting only applies to SOTI MobiControl Cloud instances, not on-premises installations.

    Learn more at SOTI Cloud Link Agent.

  7. Define your general attributes.
    Object Class Identifier name of the Object Class, a keyword indicating this is an objectclass definition (or others). Default is "objectClass" and an alternative could be "objectCategory".
    Object Class Group Attribute The keyword to define the search filter for group related searching.
    Object Class User Attribute The keyword to define the search filter for user related searching.
    Default Naming Context This defines the Root DSE Attribute and which is used to define the root directory server entry (DSE) for the server instance.
  8. Define your group attributes.
    Identifier The keyword to define the search filter for fetching the object Security Identifier (SID) of the group.
    Identifier The keyword to define the search filter for fetching the object Globally Unique Identifier (GUID) of the group.
    Common Name The keyword to define the search filter for fetching the common name.
    Account Name The keyword to define the search filter for fetching the account name.
    Authentication Search Pattern The search string for fetching the authentication information
    Member The keyword to define the search filter for fetching memberships of group attributes.
    Nested Group The keyword to define where the search filter should look for when searching groups.
  9. Define your user attributes.
    Identifier The keyword to define the search filter for fetching the object Security Identifier (SID) of the user.
    Common Name The keyword to define the search filter for fetching common names.
    Account Name The keyword to define the search filter for fetching account names.
    Email The keyword to define the search filter for fetching user emails.
    Authentication Search Pattern The search string for fetching the authentication information
    Add User Search Pattern The search string for fetching the add user information.
    SSO User Search Pattern The search string for fetching the SSO user information.
    User Principal Name The keyword to define the search filter for fetching user principal names.
    Password Last Set The date and time that the password for the account was last changed.
    First Name The keyword to define the search filter for fetching the user's first name.
    Middle Name The keyword to define the search filter for fetching the user's middle name.
    Last Name The keyword to define the search filter for fetching the user's last name.
    Phone Number The keyword to define the search filter for fetching the user's phone number.
    Custom Attribute 1 The keyword to define the search filter for fetching the first customized user property.
    Custom Attribute 2 The keyword to define the search filter for fetching the second customized user property.
    Custom Attribute 3 The keyword to define the search filter for fetching the third customized user property.
  10. Click OK to save the new LDAP connection.

Results

You can now enroll your devices using LDAP or use it for SOTI MobiControl console authentication.