BES10 logo
BlackBerry Enterprise Service 10 version 10.2
 

Connect the BlackBerry Device Service to an LDAP directory

You can connect the BlackBerry Device Service to an LDAP directory so that it can access the list of users in your organization.
Before you begin:
Create an LDAP account for the BlackBerry Administration Service that is located in the relevant LDAP realm. When you create the account, specify a password that meets the security requirements of your organization and configure the following password settings:
  • The user is not required to change the password at next login.
  • The user's password never expires.

If the LDAP connection is SSL encrypted, import the server certificate before connecting the BlackBerry Device Service to the company directory. For instructions, see Import the server certificate for an LDAP connection using SSL.

  1. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Company directory integration.
  2. Click Manage company directory connections.
  3. Click Create a company directory connection.
  4. Type a name and description for the company directory connection.
  5. In the Type drop-down list, click LDAP.
  6. Click Next.
  7. In the Server discovery drop-down list, perform one of the following actions:
    • To automatically discover the LDAP server, click Automatic. In the DNS domain name field, type the domain name for the server that hosts the company directory.
    • To specify one or more LDAP servers, click Specify servers. Type the name of the LDAP server and click the Add icon. Repeat this step to add more servers.
  8. In the Enable SSL drop-down list, perform one of the following actions:
    • If the LDAP connection is SSL encrypted, click Yes.
    • If the LDAP connection is not SSL encrypted, click No.
  9. In the Port field, type the TCP port number for communication (for example, 636 for SSL enabled or 389 for SSL disabled).
  10. In the Authorization required drop-down list, perform one of the following actions:
    • If authorization is required for the connection, in the Authorization required drop-down list, click Simple. In the Login field, type the DN of the user who has authorization to log in to LDAP (for example, cn=admin,o=Org1). In the Password and Confirm password fields, type the password.
    • If authorization is not required for the connection, in the Authorization required drop-down list, click None.
  11. Optionally, in the Search base field, type the value to use as the base DN for basic user information searches.
  12. Optionally, in the User search filter field, type an LDAP search filter to improve basic user information search performance and results.
  13. Optionally, in the User search scope drop-down list, perform one of the following actions:
    • To search all objects below the base object, click All levels. This is the default setting.
    • To search objects that are one level immediately below the base object, click One level.
    • To search for a particular object, click Object level.
  14. In the Display name field, type the attribute for each user's display name (for example, displayName). If you do not set the value, a default value is used.
  15. In the Email address field, type the attribute for each user's email address (for example, mail). If you do not set the value, a default value is used.
  16. In the Username field, type the attribute for each user's username (for example, userName).
  17. In the Unique identifier field, type the attribute for each user's unique identifier (for example, uid).
  18. In the UPN for SCEP field, type the attribute for the user principal name for SCEP (for example, userPrincipalName).
  19. In the Email profile account name field, type the attribute for each user’s email profile account name (for example, mail).
  20. In the First name field, type the attribute for each user’s first name (for example, givenName).
  21. In the Last name field, type the attribute for each user’s last name (for example, sn).
  22. Click Save.
Last updated: 2015-02-23
©2015 BlackBerry. All Rights Reserved. | Glossary