How to configure LDAP connection for Active Directory

  • Article ID: 118783
  • Rating:
  • 5 customers rated this article 3.6 out of 6
  • Updated: 07 May 2015

Instructions on how to configure LDAP connection settings for AD in SMC, this option is only available to super admins.

Known to apply to the following Sophos product(s) and version(s)
Sophos Mobile Control 4.0

What To Do

1. Create a new customer or open an existing one for editing.
2. Under User directory, select External directory to use LDAP user management for users of the Sophos Mobile Control Self Service Portal.
3. Click Configure external LDAP to specify the LDAP server details.

The LDAP Server Details view is displayed.

Enter the following:

a) In the Primary URL field, enter the URL of the LDAP server. You can enter the server IP
or the server name. Select SSL to use SSL for the server connection.

b) In the Backup URL field, enter the URL of the backup server. You can enter the server IP or the server name. Select SSL to use SSL for the server connection.

c) In the User field, enter a user who has reading rights to the LDAP server. You need to
enter the user with the relevant domain. Supported formats are: <domain>\<user name> or <user name>@<domain>.<domain code>.

d) In the Password field, enter the password for the user.

Click the next arrow.

The LDAP Search base view is displayed.


4. Select the LDAP searchbase. The LDAP search base defines where to search for the user/the group that tries to log in to the Self Service Portal. You can select this from the drop-down list or enter it manually.

Click the next arrow.

The LDAP Search Fields view is displayed.

5. In this step, you define which LDAP fields are to be used for resolving the placeholders %_USERNAME_% and %_EMAILADDRESS_% in profiles. Select the required fields from the User name and Email drop-down lists.

Note: The fields listed are the LDAP fields defined for the user you have specified. For example: If no email address is defined for this user, the mail field is not listed. You can manually enter field names instead of using the drop-down lists.

Click the next arrow.

The LDAP SSP Configuration view is displayed.

6. In the SSP group field, enter the name of the group you want to allow log on permissions at the Self Service Portal. This group has to be defined on the LDAP server. After you have entered the group, click the Resolve group button to resolve the group name into a complete Distinguished Name (DN,).

7. Click the Finish (lightning) button.

You are returned to the Edit customer view, click the Save button to save your changes.

Reference: Mobile Control super administrator guide, section 7.3.1: Configure LDAP connection for Active Directory.

If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent