5 Replies Latest reply on Apr 7, 2015 3:28 AM by Frank Wils

    LDAP Integration Services

    carlos Expert

       

      While configuring Avalanche to connect to the Core server, In LDMS core server address, do I need to set the core server with a public static IP (and DNS entry) to be able to connected to avalanche?

      Also, what is the LDAP? Is this the same as the Cloud service Appliance? and if so, do I need to enter the CSA IP in the LDAP Server Address box?

      Do I need to fill out both the LDMS and LDAP sections?

      This is listed in their help page, but still doesn't answer my questions:

       

      LDAP Integration Services

      The credentials used for the LDAP integration services associated with LANDESK Mobility Manager.  In order to use these options, you must select the Enable User Targeting option. You must also provide this information if you want to use LDAP credentials to log in to Avalanche.

      LDMS Core Server. The address and credentials to access the LDMS core server.

      LDAP Account. The address and credentials to access the LDAP server. Required to enroll Windows 8 devices.

      Cloud Services Appliance. If you are using a CSA to facilitate communication between the Avalanche servers and the LDMS core server, enable the checkbox and provide the publicly available address of the CSA. An address must be entered here if you wish to enable secure communication with wrapped apps. For more information about secure communication with wrapped apps, see App Wrapping Settings Payload (Android/iOS).

       

      Thank you for you help.

        • 1. Re: LDAP Integration Services
          SupportEmployee

          Typically you should be able to use the FQDN of the core server for the LDMS core server address.

          The LDAP server is your companies AD Server that we would connect to for Active Directory Integration for enrollments. This is not required but if you do not connect to your company LDAP Server then certain functionality will be lost.

          You should enter the fqdn of the CSA or the public IP address, both should work (if you are going to use a CSA). The CSA helps Avalanche in the cloud communicate with your LDMS Core that is behind your network.

           

          Hope this helps.

           

          Thanks,

          Nick

          1 of 1 people found this helpful
          • 2. Re: LDAP Integration Services
            Frank Wils ITSMMVPGroup

            Just a small add-on to what Nick says, under LDAP you can just enter your domain, you don't have to (and shouldn't) target a specific server. So, in my case, it would be Axle-IT.local. This will allow you to target LDAP groups to receive specific MDM policies, users to enroll using their own username/password and sign on in Avalanche using your own credentials.

             

            Ths CSA is the doorway between Avalanche (in the cloud) and the LDAP and LANDESK Core server in your domain. You don't need it, but if you still want all of this to work without CSA, you need to open some ports in your firewall so the Avalanche enviroment can connect directly to your LDAP/LANDESK Core.

             

            Frank

            1 of 1 people found this helpful
            • 3. Re: LDAP Integration Services
              SupportEmployee

              Great points Frank.

              • 4. Re: LDAP Integration Services
                carlos Expert

                UPDATED

                Thank you Maag and Nick for your comments,  both are correct, however let me add what I have learned so far so it may help everyone else.

                LDAP stands for "Lightweight Directory Access Protocol" which is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol network. Directory services play an important role in developing intranet and Internet applications by allowing the sharing of information about users, systems, networks, services, and applications throughout the network.

                In plain English, The LDAP Integration Services Section is where the settings to which core and how to connect are detailed (LDMS to connect to server core and LDAP to link to the DOMAIN Controller)

                This section is divided in 2 sub-sections, HOWEVER is very important to note that IF the CSA (Cloud Service Appliance) is going to be used, then the Use Cloud Service Appliance check box has to be checked, and the PUBLIC IP of the CSA is entered in the form https://PublicIP or https://PublicDynamicName  this would change the information needed in the 2 sections mentioned before (I assume that the configuration of the CSA has been completed and that it can be reached from any browser at its corresponding IP, If not, troubleshoot that first Before continuing, I will not explain in this post how to do that since that is a topic on itself. I had problems using the CSA so I connected directly to the core by using the direct link method mentioned below.

                Firewall requirements are not listed here, but access to and from the network resources have to be enabled/open, check with your NA.

                  

                a) LDMS Core Server

                       Core Server Address:  If the CSA is not used (direct link) then the PUBLIC IP or DNS OF THE CORE SERVER goes in this box including https://

                                                            If the CSA is used (Indirect link) then the FQDN of the Core Server is entered here, you can find the FQDN under system properties, example: ComputerName.domain.local

                       LDMS Service Account:  This is the Domain\Username used for admin/mobility in the core (usually the admin account), this account has to have permissions in the LANDesk Management Suite user group under local users in the server itself. This is the same for both direct or indirect connection.

                       LDMS Password: Domain Password of the account used above.

                 

                Once this section is completed, select TEST, It should connect.

                Now go to the core, under Mobility in the main TOOLS, click Mobile Device Management--> The avalanche web page should open.

                 

                b) LDAP Account (THE LDMS has to be configured and working for this section to connect, it used the LDMS link to access)

                Seem that this section is to enable secure communication with wrapped apps. For more information about secure communication with wrapped apps, see http://help.wavelink.com/docs/help/en_US/AOD/6.1/Default.htm#Avalanche/SDProfiles/AppWrapSettings.htm I haven't found much more info about this section, looks like it is to connect or link to the domain controller, I'll update if I find more information.

                       LDAP Server Address: This is the Domain example: myADdomian.local

                       LDAP Service Account: This is an admin AD Domain\Username.

                       LDAP Service Password: Domain Password of the account used above.

                 

                This is what I was looking for in my original question, I hope it helps more users.

                 

                Regards

                -CS

                • 5. Re: LDAP Integration Services
                  Frank Wils ITSMMVPGroup

                  Hi Carlos,

                   

                  Good job on the extended information, however, on 1 point you are not entirely correct:

                   

                  LDAP basically translates as your AD in most cases. When connecting LDAP (AD) to your Core, you enable only a part of the functionality you can use with AD. So please allow me a little rewrite of 2 sections:

                   

                  --------------

                   

                  In plain English, The LDAP Integration Services Section is where the settings to which AD DOMAIN you connect and how the connection is detailed.

                   

                  ---------------

                  LDAP Account

                  This section is to enable secure communication with wrapped apps, enable the use of LDAP (AD)  Enrollment so users can use their own username/password and enabling the targetting of LDAP (AD) groups with MDM policies.

                         LDAP Server Address:  If the CSA is not used (direct link) then you need to open ports on your firewall to allow communication  and you need to enter the FQDN of your (AD) domain goes in this box, like ldap://LANDESK.Com

                                                              If the CSA is used (Indirect link) communication goed through the CSA without opening any more ports, and you also enter the FQDN of your (AD) domain goes in this box, like ldap://LANDESK.Com

                         LDMS Service Account:  If the CSA is used or not used (direct link) then enter the Domain User Name in the form: Domain\Username, this account has to have permissions in the LANDesk Management Suite user group under local users in the server itself.

                         LDMS Password: DomainPassword

                   

                  ---------------------

                   

                  Hope this makes sense

                   

                  Thanks,

                  Frank

                  1 of 1 people found this helpful