Configure User Directory Lookup
The User Directory Lookup service allows client apps to look up first name, last name, and the associated photo or avatar from your company directory. A User ID Property Name determines whether query results from various sources, such as
Microsoft Exchange Web
Services
(EWS) and LDAP, correspond to the same user and may therefore be consolidated into a single result.- In theBlackBerry Enterprise Mobility Server Dashboard, underBlackBerry Services Configuration, clickMail.
- ClickUser Directory Lookup.
- In theUser ID Property Namefield, type the name of the property that identifies the user. By default, this is "Alias".
- Select theEnable GAL Lookupcheckbox, theEnable LDAP Lookupcheckbox, or both.
- If you enable LDAP lookup, you can use it to validate digital certificate connections to the LDAP server.
- In theLDAP Server Namefield, type the name of the LDAP Server. For example, ldap.<DNS_domain_name>.
- In theLDAP Server portfield, type the port number of the LDAP Server. By default, the port number is 389.
- Optionally, select theEnable SSL LDAPcheckbox to tunnel data through an SSL-encrypted connection. If you enable SSL LDAP, the port number defaults to 636. This step requires you to import the LDAP certificate chain into theBEMSdashboard. For more information, see "Upload the SSL certificate to the BEMS database" in the BEMS-Core configuration content.
- Optionally, edit theLDAP User Name Query Templatefield. The LDAP user name query searches for a user by their user name.BEMSreplaces the "{key}" with the user name when performing the query. By default, the template is(&(|(mail=*{key}*)(name=*{key}*)(displayName=*{key}*)(sAMAccountName=*{key}*) (givenName=*{key}*)(sn=*{key}*))(objectClass=user)(objectCategory=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
- Optionally, in theLDAP Base DNfield, provide a base DN for the LDAP search. If this field is not completed,BEMStries to find the base DN in the namingContexts attribute.
- In theAuthentication Typedrop-down list, select an authentication type. By default the Authentication Type is Anonymous.
- If you selectBasic, enter the LDAP Logon User name and password. In aMicrosoft Active Directoryenvironment, enter the username in the formatdomain\usernameor User Principal Name (UPN)username@domain.
- If you selected theEnable SSL LDAPcheckbox, and selectCertificateauthentication, enter the keystore password and add the certificate file.
- Optionally, specify the timeout before theBEMSconnection attempt to the LDAP server times out. In theLDAP Connection Timeoutfield, increase or decrease the value, in seconds, as required. The default value is 30 seconds. You can specify between zero and 300 seconds.
- Optionally, specify the timeout before theBEMSsearch for users from your organization’s Global Address List and their password expiry details times out. In theLDAP Search Timeoutfield, increase or decrease the value, in seconds, as required. The default value is 30 seconds. You can specify between zero and 300 seconds.
- In theUser search keyfield, type a username or email address to search for.
- ClickTest.
- ClickSave.