LDAP Preferences

FileWave supports connecting ~~your~~an LDAP ~~network~~directory, ~~directory~~such –as Active Directory, Open Directory, or ~~eDirectory –~~eDirectory, to your FileWave Server. ~~This~~FileWave ~~capability~~can ~~provides~~use ~~access to~~that directory information ~~for use~~ in Smart Groups and parameterized profiles. ~~You~~LDAP can also ~~use~~be ~~LDAP~~used for enrollment ~~authentication.~~authentication, ~~Using~~which ~~LDAP to authenticate your devices gives~~lets you atrack ~~way to know who (~~which LDAP ~~user)~~user enrolled ~~what~~a device.

Creating an LDAP server entry in Preferences

Use the [+] button to create ~~a new~~an LDAP server ~~entry~~entry, ~~and~~then enter the ~~needed~~ connection ~~information as described below:~~details:

Name - a reference name ~~used~~you ~~by you~~use to ~~differentiate your~~tell LDAP servers apart
Host / IP - ~~enter either a~~the FQDN or IP address ~~for~~of ~~your~~the LDAP server
Port - ~~enter~~ the TCP port ~~required~~FileWave should use to ~~access~~reach ~~your~~the LDAP ~~server (you may need to~~server; check with your network ~~support)~~team if you are not sure
Protocol – select LDAP, LDAPS, or STARTSSL.
- For LDAPS and ~~STARTSSL you have a checkbox that you can potentially uncheck so that~~STARTSSL, the Check Server Certificate option controls whether FileWave checks the LDAP server certificate ~~is not checked~~ against the ~~machine'~~computer's trust store.

IFFor LDAPS or ~~STARTSSL~~STARTSSL, ~~it is recommended to be using~~use a trusted LDAP ~~cert.~~certificate whenever possible.

Server Type - choose Active Directory, Open Directory, or eDirectory
Base DN - ~~enter~~ the primary distinguished ~~names~~name (DN) for ~~your~~the LDAP ~~server~~server, using ~~the~~ domain components separated by commas. ~~For example, if~~If the LDAP server is ~~running~~ on the same ~~box~~system as the FileWave ~~server,~~Server, ~~your~~the ~~base~~Base DN may be as simple as "dc=home,dc=~~local";~~local. ~~but if~~If the LDAP server is ~~running~~ on ~~a different~~another system, ~~the value of the base DN~~it may ~~be involve using~~use a more ~~extended~~specific ~~value,~~value such as "dc=tanner,dc=filewave,dc=~~net"~~net.
LDAP User DN - ~~if you are doing~~for authenticated ~~binds to your LDAP server, you will need to~~binds, enter a ~~valid~~ user account that ~~has~~is ~~been~~allowed ~~designated~~to bind to the LDAP server. Leave this blank for ~~binding. If you are doing~~ anonymous ~~binding, this entry is left blank.~~binds.
LDAP User Password - ~~enter a~~the password ~~to complete~~for the ~~authenticated~~LDAP ~~bind;~~bind account; not needed for anonymous binds
Refresh Interval (sec) - ~~enter~~how ~~a value~~often, in ~~seconds for~~seconds, the FileWave Server ~~to contact~~contacts the LDAP server to refresh ~~the~~ available data. IfDuring ~~you~~setup ~~are~~and ~~just setting up~~testing, a ~~FileWave~~short ~~server~~interval onsuch as 120 seconds can be useful. In production, a ~~network with an established LDAP server, you should set the~~24-hour interval ~~relatively~~is ~~short~~usually ~~(~120~~safer: ~~seconds) while you are testing and making changes. Once you go into production mode, you should change the interval to 24 hr. (~~86,400 ~~seconds).~~seconds.
Change Limit (%) - ~~LDAP~~prevents LDAP-related items ~~will~~from ~~not be~~being removed ifwhen more than the ~~given~~specified percentage ~~of the items disappear~~disappears after a sync. This isprotects toFileWave ~~avoid~~from ~~loss~~large ofunintended ~~data~~removals ifcaused ~~something~~by ~~goes~~a ~~wrong with the~~bad LDAP configuration.

IfFor ~~for~~example, ~~example~~if ana ~~entire~~missing OU ~~is suddenly missing that makes up~~represents 25% of ~~your~~the LDAP directory, ~~then the amount of change will be so large that~~ FileWave will not initially accept ~~the~~those ~~changes~~removals ~~if you set~~when Change Limit is set from 1% tothrough 25%,. ~~but~~If ifChange ~~you~~Limit ~~had it~~is set to 26%, itFileWave ~~would~~can accept that removal. ~~When considering the~~The next ~~option~~setting, inRemove ~~conjunction~~Missing ~~with~~items ~~this it~~after, can still ~~take~~require ~~X amount of~~multiple syncs ~~for~~before removals to occur.

Remove Missing items after - 0 means records that ~~records~~are ~~not~~no longer found in ~~the LDAP server,~~LDAP, but are still present in ~~FileWave~~FileWave, ~~will be~~are removed immediately.

~~Setting~~For itsafety, set this to a ~~number that is~~value equivalent to 24 ~~hrs is recommended for safety.~~hours.

(Refresh Interval / ~~60(second~~60 ~~to min)~~seconds / ~~60(min~~60 ~~to hrs))~~minutes) * x = ~~24(hrs)~~24 hours

SoFor ifa ~~I wanted an~~refresh interval of 1800 ~~seconds~~seconds, ~~(30min),~~or I30 ~~would~~minutes, set mythis ~~interval~~value to 4848.

Enable Automatic Group updates for this LDAP creates a visible ~~set of entries (~~Smart ~~Groups)~~Groups in the Clients pane under an LDAP designator. ~~These~~FileWave updates these Smart Groups ~~will be updated by FileWave~~ at the ~~designated~~configured refresh ~~interval~~interval.
The LDAP information ~~provided~~shown in the Clients pane ~~for LDAP~~ is a one-way view of ~~your~~the directory server. ~~While changes~~Changes made aton the LDAP server are ~~automatically~~ reflected in ~~FileWave;~~FileWave, but changes made in FileWave ~~Admin~~Central do not ~~affect~~change the LDAP ~~directory information.~~directory.

~~Choosing to enable the~~ ~~automatic~~Automatic Group updates ~~creates~~can aput ~~visible set of entries in the Clients pane of FileWave Admin, and keeps that information up to date; however, for an LDAP environment of over a few hundred records, the~~heavy load on the LDAP server ~~can~~in ~~get~~environments ~~extremely~~with ~~heavy.~~more than a few hundred records. Enable it deliberately and watch LDAP server performance after the first sync.

The Test Connection button ~~pings~~checks whether the server tois ~~see~~online, ifbut it ~~is online; but~~ does not verify ~~all~~every ~~connection~~LDAP ~~settings.~~setting. ~~You should always use~~Use an LDAP browser tool to verify the ~~link~~directory topath ~~your~~and ~~server.~~bind account before relying on the configuration.
You can create entries for multiple LDAP ~~servers,~~servers. ~~and an~~An LDAP server can bealso ~~running~~run on the same device or VM as the FileWave Server.

An LDAP server can be chosen as the Authentication server. ~~which,~~In ~~in this~~that case, ~~means~~FileWave uses that ~~the~~ directory ~~for that server will be used~~ for profiles that support parameterized settings. Selecting ~~the~~ use it for extraction ~~setting~~ adds the directory information to the FileWave database. You can view ~~the~~ LDAP settings in ~~the~~Assistants ~~Assistants/~~> LDAP Browser in FileWave ~~Admin.~~Central.

AtThe Synchronize Now option at the ~~Bottom~~ bottom-right of the LDAP server ~~pane,~~pane ~~there is a Synchronize Now option. This option will allow~~lets you to synchronize all ~~your~~ LDAP servers, ~~just~~one ~~one,~~LDAP server, or ~~sync~~only LDAP Custom Fields.