Product Documentation

LDAP Configuration

Aug 26, 2015
You can configure a connection in XenMobile to one or more directories, such as Active Directory. You then use the LDAP configuration to import groups, user accounts, and related properties. LDAP is an open source, vendor-neutral application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. Directory information services are used to share information about users, systems, networks, services, and applications available throughout the network. A common usage of LDAP is to provide single sign-on (SSO) for users, where a single password (per user) is shared among multiple services, enabling a user to log on one time to a company website, and then be automatically logged into the corporate intranet.

How LDAP works

A client starts a LDAP session by connecting to a LDAP server, referred to as a Directory System Agent (DSA). The client then sends an operation request to the server, and the server responds with the appropriate authentication.

To configure LDAP connections in XenMobile

  1. In the the XenMobile web console, click Configure > Settings > More > LDAP.

    The LDAP configuration page appears.

  2. Click Add

    The Add LDAP page appears.

  3. Configure the following settings:
    • Directory type: Click the appropriate directory type. By default, Microsoft Active Directory is selected.
    • Primary server: Enter the primary server used for LDAP; you can enter either the IP address or the fully qualified domain name (FQDN).
    • Secondary server: Optionally, enter the IP address or FQDN for the secondary server (if one has been configured).
    • Port: Enter the port number used by the LDAP server. By default, the port number is set to 389 for unsecured LDAP connections. Use port number 636 for secure LDAP connections, use 3268 for Microsoft unsecure LDAP connections, or 3269 for Microsoft secure LDAP connections.
    • Domain name: Enter the domain name.
    • User base DN: Enter the location of users in Active Directory through a unique identifier. Syntax examples include: ou=users, dc=example, or dc=com.
    • Group base DN: Enter the group base DN group name specified as cn=groupname. For example, cn=users, dc=servername, dc=net where cn=users is the group name; DN and servername represents the name of the server running Active Directory.
    • User ID: Enter the user ID associated with the Active Directory account.
    • Password: Enter the password associated with the user.
    • Domain alias: Enter an alias for the domain name.
    • XenMobile Lockout Limit: Enter a number between 0 and 999 for the number of failed logon attempts. Setting this field to 0 indicates that XenMobile will never lock out the user based on failed logon attempts.
    • XenMobile Lockout Time: Enter a number between 0 and 99999 representing the number of minutes a user must wait after exceeding the lockout limit. Setting this field to 0 indicates that the user will not be forced to wait after a lockout.
    • Global Catalog TCP Port: Enter the TCP port number for the Global Catalog server. By default, the TCP port number is set to 3268; for SSL connections, use port number 3269.
    • Global Catalog Root Context: Optionally, enter the Global Root Context value used to enable a global catalog search in Active Directory. This search is in addition to the standard LDAP search, in any domain without the need to specify the actual domain name.
    • User search by: In the list, click userPrincipalName, or sAMAccountName.
    • Use secure connection: Click YES to enable secure connections.
  4. Click Save.