Skip to main content
Matrix42 Self-Service Help Center

Installation Guide IV: LDAP Connection

Connect your Active Directory

  • Login as Settings Administrator to your Silverback Management Console
  • Navigate to LDAP
  • By default, Silverback is configured for userPrincialName
    • Change, if desired to sAMAccountName
  • Enter your LDAP Server: e.g. dc01.imagoverum.com
  • Change the LDAP Port if needed (Default 389)
  • Change the LDAP Type if needed (Default AD)
  • Enter a LDAP Lookup Service Username 
  • Enter a LDAP Lookup Service Password
  • Enter additional Custom LDAP Variables (optional)
    • Custom LDAP Var0: e.g. employeeID
  • Configure Additional Settings

LDAP Settings Overview

These settings govern how the system connects to LDAP sources, and also what information should be brought back for users.

Setting   Description
LDAP Connection
LDAP Type
  • AD (default)
  • Domino
  • Novel
The type of LDAP Source. Supported types are AD, Domino, and Novell.
LDAP Server e.g. dc01.imagoverum.com The network address of the LDAP server.
LDAP Port e.g. 389 The network port to use for LDAP server connections.
LDAP SSL Yes or No Determines if LDAP/S is used or not. Ensure when activating that your Silverback server is able to communicate proper to your Active Directory on an encrypted level. 
LDAP Lookup Username e.g. service_ldap@imagoverum.com Binds a username for LDAP Lookups and anonymous binds will be used if this is not specified but checking the LDAP connection requires a provided LDAP Lookup Username. 
LDAP Lookup Password e.g. Pa$$w0rd Binds a corresponding password for the LDAP Lookup username. Checking the LDAP connection requires a provided LDAP Lookup Password.
LDAP Filter
Base DN e.g. DC=imagoverum,DC=com The Base DN is used as the starting point for all LDAP users and administrators lookups and as a fall back if the item in the LDAP Mapping section does not work. 
User Filter

e.g. ((&(objectClass=user)(userPrincipalName={0})(MemberOf=CN=Mobile-Users,OU=Groups,DC=imagoverum,DC=com)))

Users must match this filter when using the SSP or they cannot create enrolments. This filter acts also as a fall back if the item in the LDAP Mapping section does not work.
LDAP Attributes
Username Field e.g. userPrincipalName The LDAP property of users username field.
Device Email Field e.g. mail The LDAP property used for the user’s email address.
User Email Field e.g. userPrincipalName The LDAP property used for the user’s Email username.
Certificate Username Field e.g. userPrincipalName The LDAP property used for the user’s certificate username.
VPN Username Field e.g. userPrincipalName The LDAP property used for the user’s VPN username.
Wi-Fi Username Field e.g. userPrincipalName The LDAP property used for the user’s Wi-Fi username.
Wi-Fi Proxy Username Field e.g. userPrincipalName The LDAP property used for the user’s WiFi Proxy username.
SMIME Username Field e.g. sAMAccountName The LDAP property used for the user’s SMIME Certificate username. (*deprecated)
Global HTTP Proxy User Field e.g. userPrincipalName The LDAP property used for the user’s Proxy settings if enabled by profiles.
First Name Field givenName The LDAP property used for the user’s First Name.
Surname Field sn The LDAP property used for the user’s Last Name.
Custom LDAP Variables
Custom LDAP Var0 e.g. distinguishedName First custom variable to be returned for the user. This variable can be used for System Variables when generating profiles and is useful if you need to populate a miscellaneous value into a profile for a user that isn’t covered by the standard values above. 
Custom LDAP Var1 e.g. employeeID Second custom variable to be returned for the user. This variable can be used for System Variables when generating profiles and is useful if you need to populate a miscellaneous value into a profile for a user that isn’t covered by the standard values above. 
Custom LDAP Var2 e.g. displayName Third custom variable to be returned for the user. This variable can be used for System Variables when generating profiles and is useful if you need to populate a miscellaneous value into a profile for a user that isn’t covered by the standard values above. 
Additional Settings
LDAP Request Page Size e.g. 500 How many items should return per page in LDAP request. For large LDAP Results, this can reduce issues with missing users for Tag Population.
LDAP Referral Chasing Option e.g. All Determines if the server should “chase” referrals to other LDAP Sources.
Number of LDAP Request Retries e.g. 3 How many attempts should be made for an LDAP request before the system will fail.
Sleep Seconds Between Filter Tasks e.g. empty Setting to specify static delay between LDAP filter tasks. We recommend to keep the empty specified value.

Check your Settings

  • Press Check LDAP Connection

Save your Settings 

  • Click Save
  • Wait a couple of minutes or restart services 

Type: restart-service w3svc,silv*,epic*,mat*  (Powershell + Administrator Priviliges)

Check your connection

Next Steps

The basic installation and configuration of Silverback is now done. You can now check your hardening options, branding opportunities and start with our Getting Started Guides. 

  • Was this article helpful?