Adding an On-Premises LDAP Connection

Before you begin

If your SOTI MobiControl instance is a cloud instance, you'll need to set up SOTI Cloud Link to establish a connection between your LDAP connection and SOTI MobiControl.

Learn more at SOTI Cloud Link.

About this task

To add an on-premises LDAP connection to SOTI MobiControl:

Procedure

  1. Select Global Settings from the main menu.
  2. Do one of the following:
    • From the Settings tree on the left, select Services > Directory to display the Directory dialog box (see Directory).
    • From the Settings tree on the left, select Console Settings > Authentication Options to display the Authentication Options page (see Authentication Options). Under Authentication Type, select MobiControl. Click Manage Directories to open the Directory dialog box (see Directory).
  3. In the LDAP Directories dialog box, click the + icon.
  4. Enter your LDAP server information.
    Name Enter a name for the LDAP connection. This name is used for reference only.
    Server Type Select the LDAP server type. The server type will decide what default search attributes will be used. Select one of:
    • Active Directory
    • Open Directory
    • Domino
    • Other LDAP
    Server Address Enter the hostname or IP address of the LDAP server and the connection port. The default port is 389. If using SSL, the port is 636. The port can be any value if it matches server's settings.
    Use SSL Turn the toggle on to make SOTI MobiControl secure the LDAP communication over a Secure Sockets Layer (SSL) tunnel.
    Accept Untrusted Certificates Turn the toggle on to allow SSL connections to use Untrusted Certificates, which in most cases are self-signed CA root certificates. It's not recommended to enable this in a production environment.
  5. Specify how authentication is handled.
    Authentication Type Choose how to make a connection to the server. The authentication type should match the server's settings:
    • Anonymous - the connection should be made without passing credentials
    • Basic - basic authentication should be used on the connection
    • Negotiate - Microsoft Negotiate authentication should be used on the connection
    Username Enter the user name used for binding to the connection when the Authentication Type is Basic or Negotiate.
    Password Enter the password of the binding user.
  6. Set the scope of the LDAP connection.
    Base DN (Distinguished Name) Enter the top level of the LDAP directory tree is the base, referred to as the "base DN." This option is to define the highest level of the LDAP search scope, a.k.a. RootContainer.
    Follow Referrals Turn on the toggle to allow the binding server and the referral servers listed in the search response to be searched.
  7. Optional: Add SOTI Cloud Link.
    This setting only applies to SOTI MobiControl Cloud instances, not on-premises installations.

    Learn more at SOTI Cloud Link.

  8. Define your general attributes.
    Object Class Enter an identifier name of the Object Class, a keyword indicating this is an objectClass definition (or others). The default is "objectClass," and an alternative could be "objectCategory."
    Object Class Group Attribute Enter the keyword to define the search filter for group related searching.
    Object Class User Attribute Enter the keyword to define the search filter for user related searching.
    Default Naming Context Enter the Root DSE Attribute, which is used to define the root directory server entry (DSE) for the server instance.
  9. Define your group attributes.
    Identifier 1 Enter the keyword to define the search filter for fetching the object Security Identifier (SID) of the group.
    Identifier 2 Enter the keyword to define the search filter for fetching the object Globally Unique Identifier (GUID) of the group.
    Common Name Enter the keyword to define the search filter for fetching the common name.
    Account Name Enter the keyword to define the search filter for fetching the account name.
    Authentication Search Pattern Enter the search string for fetching the authentication information
    Member Enter the keyword to define the search filter for fetching memberships of group attributes.
    Nested Group Enter the keyword to define where the search filter should look for when searching groups.
  10. Define your user attributes.
    Identifier 1 Enter the keyword to define the search filter for fetching the object Security Identifier (SID) of the user.
    Identifier 2 Enter the keyword to define the search filter for fetching the object Globally Unique Identifier (GUID) of the user.
    Common Name Enter the keyword to define the search filter for fetching common names.
    Account Name Enter the keyword to define the search filter for fetching account names.
    Email Enter the keyword to define the search filter for fetching user emails.
    Authentication Search Pattern Enter the search string for fetching the authentication information
    Add User Search Pattern Enter the search string for fetching the add user information.
    SSO User Search Pattern Enter the search string for fetching the SSO user information.
    User Principal Name Enter the keyword to define the search filter for fetching user principal names.
    Password Last Set Enter the date and time that the password for the account was last changed.
    First Name Enter the keyword to define the search filter for fetching the user's first name.
    Middle Name The keyword to define the search filter for fetching the user's middle name.
    Last Name Enter the keyword to define the search filter for fetching the user's last name.
    Phone Number Enter the keyword to define the search filter for fetching the user's phone number.
    Custom Attribute 1 Enter the keyword to define the search filter for fetching the first customized user property.
    Custom Attribute 2 Enter the keyword to define the search filter for fetching the second customized user property.
    Custom Attribute 3 Enter the keyword to define the search filter for fetching the third customized user property.
  11. Click Save.

Results

You can now enroll your devices using LDAP or use it for SOTI MobiControl console authentication.