LDAP Preferences

FileWave supports connecting an LDAP directory, such as Active Directory, Open Directory, or eDirectory, to your FileWave Server. FileWave can use that directory information in Smart Groups and parameterized profiles. LDAP can also be used for enrollment authentication, which lets you track which LDAP user enrolled a device.
Creating an LDAP server entry in Preferences
Use the [+] button to create an LDAP server entry, then enter the connection details:
Name - a reference name you use to tell LDAP servers apart
Host / IP - the FQDN or IP address of the LDAP server
Port - the TCP port FileWave should use to reach the LDAP server; check with your network team if you are not sure
Protocol – select LDAP, LDAPS, or STARTSSL.
For LDAPS and STARTSSL, the Check Server Certificate option controls whether FileWave checks the LDAP server certificate against the computer's trust store.
For LDAPS or STARTSSL, use a trusted LDAP certificate whenever possible.
Server Type - choose Active Directory, Open Directory, or eDirectory
Base DN - the primary distinguished name (DN) for the LDAP server, using domain components separated by commas. If the LDAP server is on the same system as the FileWave Server, the Base DN may be as simple as dc=home,dc=local. If the LDAP server is on another system, it may use a more specific value such as dc=tanner,dc=filewave,dc=net.
LDAP User DN - for authenticated binds, enter a user account that is allowed to bind to the LDAP server. Leave this blank for anonymous binds.
LDAP User Password - the password for the LDAP bind account; not needed for anonymous binds
Refresh Interval (sec) - how often, in seconds, the FileWave Server is eligible to contact the LDAP server and refresh available data. During setup and testing, a short interval such as 120 seconds can be useful. In production, a 24-hour interval is usually safer: 86,400 seconds.
Change Limit (%) - a safety limit for accepted LDAP extractions. If more than this percentage of LDAP entries are detected as missing or orphaned during extraction, FileWave treats the sync as failed and does not commit the results. This protects FileWave from large unintended removals caused by a bad LDAP configuration.
Remove Missing items after - the number of successful LDAP extractions an LDAP-backed item must be missing from before FileWave removes the item or clone. A value of 0 means missing items are removed immediately after a successful accepted sync.
How these settings work together for removal
These settings are separate controls, but removing missing LDAP-backed items depends on all three:
Refresh Interval controls cadence only. Changing it makes LDAP extractions eligible to run more or less often, but it does not by itself approve removals.
Change Limit decides whether an extraction with missing/orphaned entries is accepted. If the missing entries exceed the configured percentage, the sync is rejected and those results are not committed.
Remove Missing items after decides how many accepted syncs an item must be missing from before FileWave removes it. If the value is 0, removal can happen on the first accepted sync where the item is missing.
For example, if a missing OU represents 25% of the LDAP directory, FileWave will not accept those removals when Change Limit (%) is set from 1% through 25%. If Change Limit (%) is set to 26%, FileWave can accept that extraction; the actual removal still follows the Remove Missing items after threshold.
Watch the Change Limit value: A very low setting, such as 1%, can cause otherwise valid LDAP changes to be treated as invalid whenever more than that percentage of entries changes or disappears. In that case, shortening the refresh interval will only make FileWave retry more often; it will not make the rejected changes commit.
Remove Missing items after timing: For safety, set this to a value equivalent to roughly 24 hours.
(Refresh Interval / 60 seconds / 60 minutes) * x = 24 hours
For a refresh interval of 1800 seconds, or 30 minutes, set this value to 48.
Enable Automatic Group updates for this LDAP creates visible Smart Groups in the Clients pane under an LDAP designator. FileWave updates these Smart Groups at the configured refresh interval.
The LDAP information shown in the Clients pane is a one-way view of the directory server. Changes made on the LDAP server are reflected in FileWave, but changes made in FileWave Central do not change the LDAP directory.
Automatic Group updates can put heavy load on the LDAP server in environments with more than a few hundred records. Enable it deliberately and watch LDAP server performance after the first sync.
The Test Connection button checks whether the server is online, but it does not verify every LDAP setting. Use an LDAP browser tool to verify the directory path and bind account before relying on the configuration.
You can create entries for multiple LDAP servers. An LDAP server can also run on the same device or VM as the FileWave Server.
An LDAP server can be chosen as the Authentication server. In that case, FileWave uses that directory for profiles that support parameterized settings. Selecting use it for extraction adds the directory information to the FileWave database. You can view LDAP settings in Assistants > LDAP Browser in FileWave Central.
The Synchronize Now option at the bottom-right of the LDAP server pane lets you synchronize all LDAP servers, one LDAP server, or only LDAP Custom Fields.