Adding an On-Premises LDAP Connection

Before you begin

If your SOTI MobiControl instance is a cloud instance, you'll need to set up SOTI Cloud Link to establish a connection between your LDAP connection and SOTI MobiControl.

Learn more at SOTI Cloud Link.

About this task

To add an on-premises LDAP connection to SOTI MobiControl:

Procedure

Select Global Settings from the main menu.
Do one of the following:
- From the Settings tree on the left, select Services > Directory to display the Directory dialog box (see Directory).
- From the Settings tree on the left, select Console Settings > Authentication Options to display the Authentication Options page (see Authentication Options). Under Authentication Type, select MobiControl. Click Manage Directories to open the Directory dialog box (see Directory).
In the LDAP Directories dialog box, click the + icon.

Enter your LDAP server information.


Name	Enter a name for the LDAP connection. This name is used for reference only.
Server Type	Select the LDAP server type. The server type will decide what default search attributes will be used. Select one of: Active Directory Open Directory Domino Other LDAP
Server Address	Enter the hostname or IP address of the LDAP server and the connection port. The default port is 389. If using SSL, the port is 636. The port can be any value if it matches server's settings.
Use SSL	Turn the toggle on to make SOTI MobiControl secure the LDAP communication over a Secure Sockets Layer (SSL) tunnel.
Accept Untrusted Certificates	Turn the toggle on to allow SSL connections to use Untrusted Certificates, which in most cases are self-signed CA root certificates. It's not recommended to enable this in a production environment.

Specify how authentication is handled.


Authentication Type	Choose how to make a connection to the server. The authentication type should match the server's settings: Anonymous - the connection should be made without passing credentials Basic - basic authentication should be used on the connection Negotiate - Microsoft Negotiate authentication should be used on the connection
Username	Enter the user name used for binding to the connection when the Authentication Type is Basic or Negotiate.
Password	Enter the password of the binding user.

Set the scope of the LDAP connection.


Base DN (Distinguished Name)	Enter the top level of the LDAP directory tree is the base, referred to as the "base DN." This option is to define the highest level of the LDAP search scope, a.k.a. RootContainer.
Follow Referrals	Turn on the toggle to allow the binding server and the referral servers listed in the search response to be searched.

Optional: Add SOTI Cloud Link.
This setting only applies to SOTI MobiControl Cloud instances, not on-premises installations.
Learn more at SOTI Cloud Link.

Define your general attributes.


Object Class	Enter an identifier name of the Object Class, a keyword indicating this is an objectClass definition (or others). The default is "objectClass," and an alternative could be "objectCategory."
Object Class Group Attribute	Enter the keyword to define the search filter for group related searching.
Object Class User Attribute	Enter the keyword to define the search filter for user related searching.
Default Naming Context	Enter the Root DSE Attribute, which is used to define the root directory server entry (DSE) for the server instance.

Define your group attributes.


Identifier 1	Enter the keyword to define the search filter for fetching the object Security Identifier (SID) of the group.
Identifier 2	Enter the keyword to define the search filter for fetching the object Globally Unique Identifier (GUID) of the group.
Common Name	Enter the keyword to define the search filter for fetching the common name.
Account Name	Enter the keyword to define the search filter for fetching the account name.
Authentication Search Pattern	Enter the search string for fetching the authentication information
Member	Enter the keyword to define the search filter for fetching memberships of group attributes.
Nested Group	Enter the keyword to define where the search filter should look for when searching groups.

Define your user attributes.


Identifier 1	Enter the keyword to define the search filter for fetching the object Security Identifier (SID) of the user.
Identifier 2	Enter the keyword to define the search filter for fetching the object Globally Unique Identifier (GUID) of the user.
Common Name	Enter the keyword to define the search filter for fetching common names.
Account Name	Enter the keyword to define the search filter for fetching account names.
Email	Enter the keyword to define the search filter for fetching user emails.
Authentication Search Pattern	Enter the search string for fetching the authentication information
Add User Search Pattern	Enter the search string for fetching the add user information.
SSO User Search Pattern	Enter the search string for fetching the SSO user information.
User Principal Name	Enter the keyword to define the search filter for fetching user principal names.
Password Last Set	Enter the date and time that the password for the account was last changed.
First Name	Enter the keyword to define the search filter for fetching the user's first name.
Middle Name	The keyword to define the search filter for fetching the user's middle name.
Last Name	Enter the keyword to define the search filter for fetching the user's last name.
Phone Number	Enter the keyword to define the search filter for fetching the user's phone number.
Custom Attribute 1	Enter the keyword to define the search filter for fetching the first customized user property.
Custom Attribute 2	Enter the keyword to define the search filter for fetching the second customized user property.
Custom Attribute 3	Enter the keyword to define the search filter for fetching the third customized user property.

Click Save.

Results

You can now enroll your devices using LDAP or use it for SOTI MobiControl console authentication.