Installation Guide IV: LDAP Connection
Connect your Active Directory
- Login as Settings Administrator to your Silverback Management Console
- Navigate to LDAP
- By default, Silverback is configured for userPrincialName
- Change, if desired to sAMAccountName
- Enter your LDAP Server: e.g. dc01.imagoverum.com
- Change the LDAP Port if needed (Default 389)
- Change the LDAP Type if needed (Default AD)
- Enter a LDAP Lookup Service Username
- Enter a LDAP Lookup Service Password
- Enter additional Custom LDAP Variables (optional)
- Custom LDAP Var0: e.g. employeeID
- Configure Additional Settings
LDAP Settings Overview
These settings govern how the system connects to LDAP sources, and also what information should be brought back for users.
Setting | Description | |
---|---|---|
LDAP Connection | ||
LDAP Type |
|
The type of LDAP Source. Supported types are AD, Domino, and Novell. |
LDAP Server | e.g. dc01.imagoverum.com | The network address of the LDAP server. |
LDAP Port | e.g. 389 | The network port to use for LDAP server connections. |
LDAP SSL | Yes or No | Determines if LDAP/S is used or not. Ensure when activating that your Silverback server is able to communicate proper to your Active Directory on an encrypted level. |
LDAP Lookup Username | e.g. service_ldap@imagoverum.com | Binds a username for LDAP Lookups and anonymous binds will be used if this is not specified but checking the LDAP connection requires a provided LDAP Lookup Username. |
LDAP Lookup Password | e.g. Pa$$w0rd | Binds a corresponding password for the LDAP Lookup username. Checking the LDAP connection requires a provided LDAP Lookup Password. |
LDAP Filter | ||
Base DN | e.g. DC=imagoverum,DC=com | The Base DN is used as the starting point for all LDAP users and administrators lookups and as a fall back if the item in the LDAP Mapping section does not work. |
User Filter |
e.g. ((&(objectClass=user)(userPrincipalName={0})(MemberOf=CN=Mobile-Users,OU=Groups,DC=imagoverum,DC=com))) |
Users must match this filter when using the SSP or they cannot create enrolments. This filter acts also as a fall back if the item in the LDAP Mapping section does not work. |
LDAP Attributes | ||
Username Field | e.g. userPrincipalName | The LDAP property of users username field. |
Device Email Field | e.g. mail | The LDAP property used for the user’s email address. |
User Email Field | e.g. userPrincipalName | The LDAP property used for the user’s Email username. |
Certificate Username Field | e.g. userPrincipalName | The LDAP property used for the user’s certificate username. |
VPN Username Field | e.g. userPrincipalName | The LDAP property used for the user’s VPN username. |
Wi-Fi Username Field | e.g. userPrincipalName | The LDAP property used for the user’s Wi-Fi username. |
Wi-Fi Proxy Username Field | e.g. userPrincipalName | The LDAP property used for the user’s WiFi Proxy username. |
SMIME Username Field | e.g. sAMAccountName | The LDAP property used for the user’s SMIME Certificate username. (*deprecated) |
Global HTTP Proxy User Field | e.g. userPrincipalName | The LDAP property used for the user’s Proxy settings if enabled by profiles. |
First Name Field | givenName | The LDAP property used for the user’s First Name. |
Surname Field | sn | The LDAP property used for the user’s Last Name. |
Custom LDAP Variables | ||
Custom LDAP Var0 | e.g. distinguishedName | First custom variable to be returned for the user. This variable can be used for System Variables when generating profiles and is useful if you need to populate a miscellaneous value into a profile for a user that isn’t covered by the standard values above. |
Custom LDAP Var1 | e.g. employeeID | Second custom variable to be returned for the user. This variable can be used for System Variables when generating profiles and is useful if you need to populate a miscellaneous value into a profile for a user that isn’t covered by the standard values above. |
Custom LDAP Var2 | e.g. displayName | Third custom variable to be returned for the user. This variable can be used for System Variables when generating profiles and is useful if you need to populate a miscellaneous value into a profile for a user that isn’t covered by the standard values above. |
Additional Settings | ||
LDAP Request Page Size | e.g. 500 | How many items should return per page in LDAP request. For large LDAP Results, this can reduce issues with missing users for Tag Population. |
LDAP Referral Chasing Option | e.g. All | Determines if the server should “chase” referrals to other LDAP Sources. |
Number of LDAP Request Retries | e.g. 3 | How many attempts should be made for an LDAP request before the system will fail. |
Sleep Seconds Between Filter Tasks | e.g. empty | Setting to specify static delay between LDAP filter tasks. We recommend to keep the empty specified value. |
Check your Settings
- Press Check LDAP Connection
Save your Settings
- Click Save
- Wait a couple of minutes or restart services
Type: restart-service w3svc,silv*,epic*,mat* (Powershell + Administrator Priviliges)
Check your connection
- Open Silverback Self Service Portal (e.g. https://silverback.imagoverum.com/ssp)
- Enter a Username (e.g. maria.miller@imagoverum.com or IV\mmiller)
- Enter a Password (e.g. Pa$$w0rd)
- Click Sign-In
- You should see now the Enrollment Wizard
- If you face problems:
- Restart Services
- Login as an Settings Administrator
- Review your LDAP settings
- Restart Services
- Check Log Files (e.g. https://silverback.imagoverum.com/admin/logs)
- Check your DNS
- Check your Firewall Rules
Next Steps
The basic installation and configuration of Silverback is now done. You can now check your hardening options, branding opportunities and start with our Getting Started Guides.
- Learn how to use Active Directory Groups for accessing the Silverback Management Console
- Review our Application Server Hardening Guide to ensure a proper security level for your Management Server
- Getting Started Guides
- As an alternative you can get familiar with our