Skip to main content
Matrix42 Self-Service Help Center

Installation Guide IV: LDAP Connection

Connect your Active Directory

  • Login as Settings Administrator to your Silverback Management Console
  • Navigate to LDAP
  • By Default Silverback is configured for userPrincialName
    • Change, if desired to sAMAccountName (not recommended)
  • Enter your LDAP Server: e.g. dc01.imagoverum.com
  • Change the LDAP Port if needed (Default 389)
  • Change the LDAP Type if needed (Default AD)
  • Enter a LDAP Lookup Service Username 
  • Enter LDAP Lookup Service Password
  • Enter Custom LDAP Variables (optional)
    • Custom LDAP Var0: e.g. employeeID
  • Configure Additional Settings

LDAP Settings Overview

These settings govern how the system connects to LDAP sources, and also what information should be brought back for users.

Setting   Description
LDAP Connection
LDAP Type
  • AD (default)
  • Domino
  • Novel
The type of LDAP Source. (LDAP, Domino, Novell)
LDAP Server e.g. dc01.imagoverum.com The network address of the LDAP server
LDAP Port e.g. 389 The network port to use for LDAP server connections
LDAP SSL Yes or No Determines if LDAP/S is used or not. Ensure when activating that your Silverback server is able to communicate proper to your Active Directory on an encrypted level. 
LDAP Lookup Username e.g. service_ldap@imagoverum.com Binds a username for LDAP Lookups and anonymous binds will be used if this is not specified but checking the LDAP connection requires a provided LDAP Lookup Username. 
LDAP Lookup Password e.g. Pa$$w0rd Binds a corresponding password for the LDAP Lookup username. Checking the LDAP connection requires a provided LDAP Lookup Password.
LDAP Filter
Base DN e.g. DC=imagoverum,DC=com The Base DN is used as the starting point for all LDAP users and administrators lookups and as a fall back if the item in the LDAP Mapping section does not work. 
User Filter e.g. (&(objectClass=user)(userPrincipalName={0})) Users must match this filter when using the SSP or they cannot create enrolments.  This filter acts also as a fall back if the item in the LDAP Mapping section does not work.
LDAP Attributes
Username Field e.g. userPrincipalName The LDAP property of users username field.
Device Email Field e.g. mail The LDAP property used for the user’s email address
User Email Field e.g. userPrincipalName The LDAP property used for the user’s Email username
Certificate Username Field e.g. userPrincipalName The LDAP property used for the user’s certificate username
VPN Username Field e.g. userPrincipalName The LDAP property used for the user’s VPN username
Wi-Fi Username Field e.g. userPrincipalName The LDAP property used for the user’s Wi-Fi username
Wi-Fi Proxy Username Field e.g. userPrincipalName The LDAP property used for the user’s WiFi Proxy Username
SMIME Username Field e.g. sAMAccountName The LDAP property used for the user’s SMIME Certificate Username – This is used for WiFi Certificate Generation (*deprecated)
Global HTTP Proxy User Field e.g. userPrincipalName The LDAP property used for the user’s Proxy settings if enabled by profiles
First Name Field givenName The LDAP property used for the user’s First Name
Surname Field sn The LDAP property used for the user’s Last Name
Additional Settings
LDAP Request Page Size e.g. service_ldap@imagoverum.com How many items should return per page in LDAP request. For large LDAP Results, this can reduce issues with missing users for Tag Population
LDAP Referral Chasing Option e.g. Pa$$w0rd Determines if the server should “chase” referrals to other LDAP Sources
Number of LDAP Request Retries e.g. 500 How many attempts should be made for an LDAP request before the system will fail.
Sleep Seconds Between Filter Tasks e.g. empty Setting to specify static delay between LDAP filter tasks. We recommend to keep the empty specified value.

Add your Custom LDAP Variables

These variables are used for System Variables when generating profiles. These are useful if you need to populate a miscellaneous value into a profile for a user that isn’t covered by the normal values above. 

Setting   Description
Custom LDAP Var0 e.g. distinguishedName Custom Variable to be returned for the user
Custom LDAP Var1 e.g. employeeID Custom Variable to be returned for the user
Custom LDAP Var2 e.g. displayName Custom Variable to be returned for the user

Check your Settings

  • Press Check LDAP Connection

Save your Settings 

  • Click Save
  • Wait a couple of minutes or restart services 

Type: restart-service w3svc,silv*,epic*,mat*  (Powershell + Administrator Priviliges)

Check your connection

Next Steps

The basic installation and configuration of Silverback is now done. You can now check your hardening options, branding opportunities and start with our Getting Started Guides. 

  • Was this article helpful?