Skip Navigation

Configure User Directory Lookup

The User Directory Lookup service allows client apps to look up first name, last name, and the associated photo or avatar from your company directory. A User ID Property Name determines whether query results from various sources, such as
Microsoft Exchange Web Services
(EWS) and LDAP, correspond to the same user and may therefore be consolidated into a single result.
  1. In the
    BlackBerry Enterprise Mobility Server Dashboard
    , under
    BlackBerry Services Configuration
    , click
    Mail
    .
  2. Click
    User Directory Lookup
    .
  3. In the
    User ID Property Name
    field, type the name of the property that identifies the user. By default, this is "Alias".
  4. Select the
    Enable GAL Lookup
    checkbox, the
    Enable LDAP Lookup
    checkbox, or both.
  5. If you enable LDAP lookup, you can use it to validate digital certificate connections to the LDAP server.
    1. In the
      LDAP Server Name
      field, type the name of the LDAP Server. For example, ldap.<
      DNS_domain_name
      >.
    2. In the
      LDAP Server port
      field, type the port number of the LDAP Server. By default, the port number is 389.
    3. Optionally, select the
      Enable SSL LDAP
      checkbox to tunnel data through an SSL-encrypted connection. If you enable SSL LDAP, the port number defaults to 636. This step requires you to import the LDAP certificate chain into the
      BEMS
      dashboard. For more information, see "Upload the SSL certificate to the BEMS database" in the BEMS-Core configuration content.
    4. Optionally, edit the
      LDAP User Name Query Template
      field. The LDAP user name query searches for a user by their user name.
      BEMS
      replaces the "{key}" with the user name when performing the query. By default, the template is
      (&(|(mail=*{key}*)(name=*{key}*)(displayName=*{key}*)(sAMAccountName=*{key}*) (givenName=*{key}*)(sn=*{key}*))(objectClass=user)(objectCategory=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
    5. Optionally, in the
      LDAP Base DN
      field, provide a base DN for the LDAP search. If this field is not completed,
      BEMS
      tries to find the base DN in the namingContexts attribute.
    6. In the
      Authentication Type
      drop-down list, select an authentication type. By default the Authentication Type is Anonymous.
      • If you select
        Basic
        , enter the LDAP Logon User name and password. In a
        Microsoft Active Directory
        environment, enter the username in the format
        domain\username
        or User Principal Name (UPN)
        username@domain
        .
      • If you selected the
        Enable SSL LDAP
        checkbox, and select
        Certificate
        authentication, enter the keystore password and add the certificate file.
    7. Optionally, specify the timeout before the
      BEMS
      connection attempt to the LDAP server times out. In the
      LDAP Connection Timeout
      field, increase or decrease the value, in seconds, as required. The default value is 30 seconds. You can specify between zero and 300 seconds.
    8. Optionally, specify the timeout before the
      BEMS
      search for users from your organization’s Global Address List and their password expiry details times out. In the
      LDAP Search Timeout
      field, increase or decrease the value, in seconds, as required. The default value is 30 seconds. You can specify between zero and 300 seconds.
    9. In the
      User search key
      field, type a username or email address to search for. 
    10. Click
      Test
      .
  6. Click
    Save
    .