Skip Navigation
  1. BlackBerry Docs
  2. BlackBerry Enterprise Mobility Server 3.7
  3. Configuring BlackBerry Mail
  4. BlackBerry Mail (BEMS Push Notifications service)
  5. Configure the password expiration warning message

Configure the password expiration warning message

For
Active Directory
 users and user groups that use the PSO (Password Settings Object) method to set the maximum password age, you can configure the
BEMS
 dashboard and
BEMS
 Cloud to allow users'
BlackBerry Work
 apps to display a warning message when their
Active Directory
 password is about to expire. By default, this feature is disabled.
In a
BEMS
 Cloud environment, you must configure the Email notifications for
BlackBerry Work
 in the
BlackBerry UEM
 management console using the Credential authentication type to display the Password expiry tab.
For information on displaying a warning message for users that use the GPO (Global Policy Object) method to set the maximum password age, see Configure BlackBerry Work app settings.
  • Make sure that you have the following information:
    • Logon credentials for the service account that is used to authenticate to the domain controller.
    • LDAP server name and port number. The LDAP server name must be one of the Domain Controllers.
  • Verify that the service account has READ permissions to the "Password Settings Container". For instructions, see Add Read permission to the account used to authenticate to the LDAP server.
  • In a
    BEMS
     Cloud environment, also verify that a
    BlackBerry Connectivity Node
     is installed and configured. For more information, see Steps to install and activate the blackberry connectivity node.
  • Verify that administrators use the PSO method to set the maximum password age for the users.
  • Verify that users in your environment are running
    BlackBerry Work
     3.8 or later.
  1. Complete one of the following tasks:
    Environment
    Steps
    BEMS
    on-premises
    1. In the
      BlackBerry Enterprise Mobility Server Dashboard
      , under
      BlackBerry Configuration
      , click
      Mail
      .
    2. Click
      Password Expiry Settings
      .
    3. Select the
      Enable LDAP Lookup
       checkbox to allow
      BEMS
       to query
      Active Directory
       for password expiry details for the users.
    4. In the
      LDAP Server Name
       field, type the name of the LDAP Server (for example, ldap.<
      DNS_domain_name
      >).
    5. In the
      LDAP Server Port
       field, type the port number of the LDAP server. By default, the port number is 389.
    6. Optionally, select the
      Enable SSL LDAP
       checkbox to tunnel data through an SSL-encrypted connection. If you enable SSL LDAP, the default port is to 636. This step requires you to import the LDAP certificate into the
      BEMS
       keystore. For instructions, see "Upload the Microsoft Exchange Server SSL certificate to the BEMS database" in the BEMS-Core configuration content.
    7. In the
      LDAP Base DN
       field, enter the base DN for the LDAP search. If this entry is not set,
      BEMS
       tries to find the base DN in the namingContexts attribute.
    BEMS
    Cloud
    1. In the
      BlackBerry UEM Cloud
       management console, click
      Settings > BlackBerry Dynamics > Email notifications
      .
    2. Click the
      Password expiry
       tab.
    3. Click The Edit icon.
    4. Select the
      Enable password expiry
       checkbox to allow
      BEMS
       to query
      Active Directory
       for password expiry details for the users.
    5. In the
      LDAP server name
       field, type the name of the LDAP Server (for example, ldap.<
      DNS_domain_name
      >).
    6. In the
      LDAP port
       field, type the port number of the LDAP computer. The default port is 389.
    7. Enter the LDAP logon account and password. You can enter the logon account in the format
      domain\username
       or User Principal Name (UPN)
      username@domain
      .
    8. In the
      Base DN (Domain controller)
       field, enter the base DN for the LDAP search. If this entry is not set,
      BEMS
       tries to find the base DN in the namingContexts attribute.
    9. Optionally, select the
      Enable SSL LDAP
       checkbox to tunnel data through an SSL-encrypted connection. If you enable SSL LDAP, type the port number to the LDAP computer that you used in step 6. The default port for is 636. This step requires you to import the LDAP certificate into the
      BEMS
       keystore. For instructions, see Create a trusted connection between BEMS Cloud and Microsoft Exchange Server.
  2. In the
    BlackBerry Enterprise Mobility Server Dashboard
    , under
    BlackBerry Configuration
    , click
    Mail
    .
  3. Click
    Password Expiry Settings
    .
  4. In the
    LDAP Server Port
     field, type the port number of the LDAP server. By default, the port number is 389.
  5. Optionally, select the
    Enable SSL LDAP
     checkbox to tunnel data through an SSL-encrypted connection. If you enable SSL LDAP, the default port is to 636. This step requires you to import the LDAP certificate into the
    BEMS
     keystore. For instructions, see "Upload the Microsoft Exchange Server SSL certificate to the BEMS database" in the BEMS-Core configuration content.
  6. Enter the LDAP Logon User Name and password. You can enter the username in the format
    domain\username
     or User Principal Name (UPN)
    username@domain
    .
  7. Click
    Test
     to test the connection to the LDAP server.
  8. Click
    Save
    .