Installation Guide IV: Connect Active Directory
Connect your Active Directory
- Login as Settings Administrator to your Silverback Management Console
- Navigate to LDAP
- By Default Silverback is configured for userPrincialName
- Change, if desired to sAMAccountName (not recommended)
- Enter your LDAP Server: e.g. dc01.imagoverum.com
- Change the LDAP Port if needed (Default 389)
- Change the LDAP Type if needed (Default AD)
- Enter a LDAP Lookup Service Username
- Enter LDAP Lookup Service Password
- Enter Custom LDAP Variables (optional)
- Custom LDAP Var0: e.g. employeeID
- Configure Additional Settings
LDAP Settings
These settings govern how the system connects to LDAP sources, and also what information should be brought back for users.
| Setting | Description | |
|---|---|---|
| Account Field | e.g. userPrincipalName | Clicking the link will download a full export of all the settings. Note that this is encrypted with the servers web settings encryption certificate. |
| Distinguished Name | e.g. DC=imagoverum,DC=com | The DN used for LDAP users lookup, this is a fall back if the item in the LDAP Mapping section does not work. |
| Email Field | e.g. mail | The LDAP Property used for the user’s email address |
| LDAP Filter | e.g. (&(objectClass=user)(userPrincipalName={0})) | Users must match this filter when using the SSP, or they cannot create enrolments, this is a fall back if the item in the LDAP Mapping section does not work. |
| LDAP Administrator Filter | e.g. OU=Silverback | Organization Unit where all your Administrator accounts are stored. Please refer to Release Notes Silverback 18.0 Update 3 for any additional information. |
| LDAP Server | e.g. dc01.imagoverum.com | The network address of the LDAP Server |
| LDAP Port | e.g 389 | The network port to use for LDAP Server connections |
| LDAP Type |
|
The type of LDAP Source. (LDAP, Domino, Novell) |
| Certificate User Field | e.g. userPrincipalName | Determines if LDAP/S is used or not |
| Email User Field | e.g. userPrincipalName | The LDAP Property used for the user’s Email username |
| VPN User Field | e.g. userPrincipalName | The LDAP Property used for the user’s VPN username |
| LDAP Wi-Fi Field | e.g. userPrincipalName | The LDAP Property used for the user’s Wi-Fi username |
| LDAP Wi-Fi Proxy User Field | e.g. userPrincipalName | The LDAP Property used for the user’s WiFi Proxy Username |
| LDAP Wi-Fi SMIME User Field | e.g. sAMAccountName | The LDAP Property used for the user’s SMIME Certificate Username – This is used for WiFi Certificate Generation |
| LDAP Global HTTP Proxy User Field | e.g. userPrincipalName | The LDAP Property used for the user’s Proxy settings if enabled by profiles |
| LDAP First Name User Field | givenName | The LDAP Property used for the user’s First Name |
| LDAP Surname User Field | sn | The LDAP Property used for the user’s Last Name |
| LDAP Lookup Username | e.g. service_ldap@imagoverum.com | If needed, a Bind username for LDAP Lookups, anonymous binds will be used if this is not specified |
| LDAP Lookup Password | e.g. Pa$$w0rd | If needed, a Bind password for LDAP Lookups |
| LDAP Request Page Size | e.g. 500 | How many items should return per page in LDAP request. For large LDAP Results, this can reduce issues with missing users for Tag Population |
| LDAP Referral Chasing Option |
|
Determines if the server should “chase” referrals to other LDAP Sources |
| Number of LDAP Request Retries | e.g. 3 | How many attempts should be made for an LDAP request before the system will fail. |
Add your Custom LDAP Variables
These variables are used for System Variables when generating profiles. These are useful if you need to populate a miscellaneous value into a profile for a user that isn’t covered by the normal values above.
| Setting | Description | |
|---|---|---|
| Custom LDAP Var0 | e.g. distinguishedName | Custom Variable to be returned for the user |
| Custom LDAP Var1 | e.g. distinguishedName | Custom Variable to be returned for the user |
| Custom LDAP Var2 | e.g. distinguishedName | Custom Variable to be returned for the user |
Check your Settings
- Press Check LDAP Connection
Save your Settings
- Click Save
- Wait a couple of minutes or restart services
Type: restart-service w3svc,silv*,epic*,mat* (Powershell + Administrator Priviliges)
Check your connection
- Open Silverback Self Service Portal (e.g. https://silverback.imagoverum.com/ssp)
- Enter a Username (e.g. maria.miller@imagoverum.com or IV\mmiller)
- Enter a Password (e.g. Pa$$w0rd)
- Click Sign-In
- You should see now the Enrollment Wizard
- If you face problems:
- Restart Services
- Login as an Settings Administrator
- Review your LDAP settings
- Restart Services
- Check Log Files (e.g. https://silverback.imagoverum.com/admin/logs)
- Check your DNS
- Check your Firewall Rules
Next Steps
The basic installation and configuration of Silverback is now done. You can now check your hardening options, branding opportunities and start with our Getting Started Guides.
- Review our Silverback Server Hardening Guide to ensure a proper security level for your Management Server
- Getting Started Guides
- As an alternative you can get familiar with our