Home » Accessing your company directory » Installing the BlackBerry Cloud Connector

Install and configure the BlackBerry Cloud Connector

Before you begin:

Download the installation and activation files.
Use an administrator account with the Security Administrator or Enterprise Administrator role.

Open the BlackBerry Cloud Connector installation file (.exe) that you downloaded from the administration console.
If a Windows message appears and requests permission to make changes to the computer, click Yes.
Read the introduction. Click Next.
Read and accept the license agreement. Click Next.
If you want to change the installation file path, click Choose and navigate to the file path that you want to use. Click Next.
Select where you would like to add a shortcut to open the setup console. Click Next.
Review the preinstallation summary. Click Install.
When you are prompted, type the port number for the Apache Tomcat server. The default port is 8088. Click OK.
When the installation completes, click Done.
The setup console for the BlackBerry Cloud Connector opens.
When you activate the BlackBerry Cloud Connector, it sends data over HTTPS to enroll with BES10 Cloud. After it is activated, the BlackBerry Cloud Connector sends and receives data over TCP. If you want to route data through a proxy server behind your organization's firewall, see Configure proxy settings for the BlackBerry Cloud Connector.
In the Friendly name field, type a name for the BlackBerry Cloud Connector.
Click Next.
Click Browse. Select the activation file that you downloaded from the administration console.
Click Activate.
In the drop-down list, click the type of directory that your organization uses.
Click Configure.

Follow the steps for your organization’s directory type:

Directory type	Steps
Microsoft Active Directory	In the Username field, type the username of the Microsoft Active Directory account. In the Domain field, type the FQDN of the domain that hosts Microsoft Active Directory. For example: domain.example.com. In the Password field, type the password of the Microsoft Active Directory account. In the Domain controller discovery drop-down list, click one of the following: If you want automatic discovery, click Automatic. If you want to specify the domain controller server, click Select from list below. Click + and type the FQDN of the server. Repeat this step to add additional servers. In the Global catalog search base field, type the search base that you want to access (for example, OU=Users,DC=example,DC=com). To search the entire Global Catalog, leave the field blank. In the Global catalog discovery drop-down list, click one of the following: If you want automatic catalog discovery, click Automatic. If you want to specify the catalog server, click Select from list below. Click + and type the FQDN of the server. If necessary, repeat this step to specify additional servers. Click Save.
LDAP directory	In the LDAP server discovery drop-down list, click one of the following: If you want automatic discovery, click Automatic. In the DNS domain name field, type the DNS domain name. If you want to specify the LDAP server, click Select from list below. Click + and type the FQDN of the server. Repeat this step to add additional servers. In the Enable SSL drop-down list, select whether you want to enable SSL authentication for LDAP traffic. If you click Yes, click Browse and select the SSL certificate for the LDAP server. In the LDAP port field, type the port number of the LDAP server. In the Authorization required drop-down list, select whether BES10 Cloud must authenticate with the LDAP server. If you click Yes, type the username and password of the LDAP account. The username must be in distinguised name format (for example, CN=Megan Ball,OU=Sales,DC=example,DC=com). In the Search base field, type the search base that you want to access (for example, OU=Users,DC=example,DC=com). In the LDAP user search filter field, type the filter that you want to use for LDAP users. For example: (&(objectCategory=person)(objectclass=user)(memberOf=CN=Local,OU=Users,DC=example,DC=com)). In the LDAP user search scope drop-down list, click one of the following: If you want user searches to apply to all levels below the base DN, click All levels. If you want to limit user searches to one level below the base DN, click One level. In the Unique identifier field, type the attribute for each user’s unique identifier (for example, uid). The attribute must be immutable and globally unique for every user. In the First name field, type the attribute for each user’s first name (for example, givenName). In the Last name field, type the attribute for each user’s last name (for example, sn). In the Login attribute field, type the attribute for each user’s login attribute (for example, cn). This is the attribute for the value thats users will type to log in to BES10 Self-Service with their directory credentials. In the Email field, type the attribute for each user’s email (for example, mail). In the Display name field, type the attribute for each user’s display name (for example, displayName). In the Email profile account name field, type the attribute for each user’s email profile account name (for example, mail). Click Save.

Directory type

Steps

Microsoft Active Directory

In the Username field, type the username of the Microsoft Active Directory account.
In the Domain field, type the FQDN of the domain that hosts Microsoft Active Directory. For example: domain.example.com.
In the Password field, type the password of the Microsoft Active Directory account.
In the Domain controller discovery drop-down list, click one of the following:
- If you want automatic discovery, click Automatic.
- If you want to specify the domain controller server, click Select from list below. Click + and type the FQDN of the server. Repeat this step to add additional servers.
In the Global catalog search base field, type the search base that you want to access (for example, OU=Users,DC=example,DC=com). To search the entire Global Catalog, leave the field blank.
In the Global catalog discovery drop-down list, click one of the following:
- If you want automatic catalog discovery, click Automatic.
- If you want to specify the catalog server, click Select from list below. Click + and type the FQDN of the server. If necessary, repeat this step to specify additional servers.
Click Save.

LDAP directory

In the LDAP server discovery drop-down list, click one of the following:
- If you want automatic discovery, click Automatic. In the DNS domain name field, type the DNS domain name.
- If you want to specify the LDAP server, click Select from list below. Click + and type the FQDN of the server. Repeat this step to add additional servers.
In the Enable SSL drop-down list, select whether you want to enable SSL authentication for LDAP traffic. If you click Yes, click Browse and select the SSL certificate for the LDAP server.
In the LDAP port field, type the port number of the LDAP server.
In the Authorization required drop-down list, select whether BES10 Cloud must authenticate with the LDAP server. If you click Yes, type the username and password of the LDAP account. The username must be in distinguised name format (for example, CN=Megan Ball,OU=Sales,DC=example,DC=com).
In the Search base field, type the search base that you want to access (for example, OU=Users,DC=example,DC=com).
In the LDAP user search filter field, type the filter that you want to use for LDAP users. For example: (&(objectCategory=person)(objectclass=user)(memberOf=CN=Local,OU=Users,DC=example,DC=com)).
In the LDAP user search scope drop-down list, click one of the following:
- If you want user searches to apply to all levels below the base DN, click All levels.
- If you want to limit user searches to one level below the base DN, click One level.
In the Unique identifier field, type the attribute for each user’s unique identifier (for example, uid). The attribute must be immutable and globally unique for every user.
In the First name field, type the attribute for each user’s first name (for example, givenName).
In the Last name field, type the attribute for each user’s last name (for example, sn).
In the Login attribute field, type the attribute for each user’s login attribute (for example, cn). This is the attribute for the value thats users will type to log in to BES10 Self-Service with their directory credentials.
In the Email field, type the attribute for each user’s email (for example, mail).
In the Display name field, type the attribute for each user’s display name (for example, displayName).
In the Email profile account name field, type the attribute for each user’s email profile account name (for example, mail).
Click Save.

In the BES10 Cloud administration console, click Settings.
In the left pane, click External integration > BlackBerry Cloud Connector.
In the Step 4: Test connection section, click Next.

After you finish:

If you want to install a second BlackBerry Cloud Connector for redundancy, repeat Download the installation and activation files and repeat this task on a different computer. When you configure a second instance, use the same directory configuration.
If necessary, Configure proxy settings for the BlackBerry Cloud Connector.
If you want to change the directory settings that you configured, in the BlackBerry Cloud Connector setup console, click the edit icon.
If you want to delete a directory configuration, in the BlackBerry Cloud Connector setup console, click the delete icon.

Other sources of help

Install and configure the BlackBerry Cloud Connector