Configuring LDAP authentication
You can use pre-designated, fixed account names and passwords to enroll devices in MDM, or you can use your existing LDAP (Active Directory, eDirectory, Open Directory) database as the credentials for enrollment. To set this up, you will edit a configuration file on your FileWave server. This can be done at any time during your server setup; as long as it is complete before you begin enrolling MDM clients.
This process consists of:
-
- Backing up the current config file;
- Editing a new config file to properly read the LDAP structure; and,
- Restarting the Apache Process so it reads the new config file.
Getting the files ready
- Open a Terminal Window or use SSH to get into the computer running FileWave Server
- Gain root credentials
sudo -s
- Enter your login password
- Navigate to the FileWave Apache configurations folder:
cd /usr/local/filewave/apache/conf/
- Backup your current mdm_auth.conf by making a copy
cp mdm_auth.conf mdm_auth.conf.bac
- Make a copy of the LDAP example and rename it
cp mdm_auth.conf.example_ldap_auth mdm_auth.conf
- Making the changes
- Open mdm_auth.conf up using your preferred text editor (nano mdm_auth.conf or vi mdm_auth.conf). Make the appropriate changes (the sample file is appropriately commented) and then save the .conf file.
You can also use the Finder to locate the file, then drag a copy to your Desktop and edit it with a text editor, such as TextWrangler.
When done, you will delete the copy in the .../conf/ folder and replace it with your edited copy.)
Note: Active Directory (AD) by default requires you bind to the directory to read. Many people create a read-only directory account.
- Once saved, restart the FileWave Apache process/service:
/usr/local/filewave/apache/bin/apachectl graceful
Now, when a user attempts to enroll a device in your MDM server, he or she will use their LDAP credentials to authenticate.