Basic configuration: LDAP mode

Follow these steps to configure basic LDAP mode settings for user visibility.

Before you begin

Make sure that you can connect to your LDAP server through telnet or any other mechanism before you set up the Cloud Extender®.

Procedure

  1. Configure your LDAP setup by using the following options:
    Configure LDAP Visibility window in the Cloud Extender Configuration Tool
  2. Enter your LDAP information and click Next to validate your credentials:
    LDAP servers and ports information
    Option Description
    LDAP Server Type The LDAP server type in your environment.
    The Cloud Extender supports the following LDAP server types:
    • IBM® Domino® LDAP
    • Oracle LDAP
    • Novell eDirectory
    • Microsoft Active Directory
    • OpenLDAP (for any customized directory)
    Use Secure LDAP Enable this option if your LDAP supports secure authentication.
    Servers The host name and the port of your LDAP server.

    The Cloud Extender supports multiple LDAP servers if the servers are mirroring LDAP servers.

    Authentication Type The authentication type such as Basic or Digest based on your LDAP environment.
    Bind Username/Bind Password The admin user name and password of your service account. This account is used to bind to LDAP to authenticate other users.

    Some implementations of LDAP accept the bind user name in a standard format like user@company.com, while other LDAP implementations might require a Distinguished Name (DN) of the user.

    The following list provides an example of the DN format: uid=username,c=us,ou=subdomain,dc=company,dc=com

    LDAP Search base for Users The search base for users is the root location in your directory from where all users are searched.

    The Cloud Extender discovers any user under the hierarchy. Enter the Distinguished Name (DN) of the Organization Unit (OU) that has users. Related information: Automatic OU lookup from the Corporate Directory (User Visibility)

    LDAP Search base for Users and Groups
    User Search Attribute The name of the LDAP field that identifies the user in your directory. The name varies between the LDAP types and you can use only one attribute.
    The following list includes common user search attributes:
    • Active Directory
      • samAccountName (DOMAIN\username)
      • email (user@company.com)
      • userPrincipalName (user@domain.company.com)
    • OpenLDAP
      • mail (user@company.com)
      • uid (user) v Novell eDirectory
      • mail (user@company.com)
      • cn (user)
    • Oracle LDAP
      • loginid (user)
      • mail (user@company.com)
      • uid (user) v IBM Domino LDAP
      • cn (user)
      • mail (user@company.com)
      • uid (user)
    Import Groups with no users Select this option to import empty groups into MaaS360®.
    By default, the Cloud Extender uploads only groups that have at least one user as its member. You might need to import empty groups into MaaS360 to preconfigure apps, policies, and content, before a user becomes a member of this group.
    Note: Selecting this option might result in many imported groups.
    LDAP Search Base for Groups (Optional) The search base for groups is the location on your directory that includes all defined user groups.

    This option is similar to the LDAP Search base for Users option. The Cloud Extender uses this attribute to discover all groups from this root location.

  3. Click Next to validate the configuration. If a failure message is displayed, check LDAP connectivity from the Cloud Extender server, port, credentials, and authentication type.
  4. Click Advanced to review Advanced configuration options. The values for Advanced configuration mode are populated with default configuration settings based on the LDAP server type selection. To change these settings, click Advanced and go to the Advanced configuration: LDAP mode topic for detailed procedures.
  5. Click Test Reachability to test the LDAP integration.
    Test Reachability window
    Test Reachability window
  6. Select Show User Attributes to view a sample set of user objects that the Cloud Extender discovered.
    Sample values for user visibility window
  7. Click Save to complete the setup and return to the Cloud Extender Summary page.