LDAP declarative configuration for Apple devices
Use the LDAP configuration to enter settings for connecting to an LDAPv3 directory.
Note: LDAP connections don’t initiate a VPN connection; if the VPN hasn’t been established by another app, such as Safari, the LDAP lookup fails.
The LDAP configuration supports the following:
Minimum supported operating system versions and channels: iOS 15, iPadOS 15, Shared iPad user, macOS 13 user, visionOS 1.1.
Requires supervision: No.
Supported enrollment methods: User Enrollment, Device Enrollment, Automated Device Enrollment.
Setting | Description | Required | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Account name | The name that apps show to the user for this LDAP directory account. If not present, the system generates a suitable default. | No | |||||||||
Hostname | The IP address or fully qualified domain name (FQDN) of the LDAP server. | Yes | |||||||||
Port | The port number of the LDAP server. | No | |||||||||
Authentication credentials asset | Asset declaration that contains the credentials for this account. See Authentication credentials and identity asset settings. | No | |||||||||
Search settings | Define the scope and search base for your LDAP server. | No |
Search settings
The following are used for LDAP searches.
Setting | Description | Required | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Visible description | The description of this search setting in the Contacts and Settings apps. If not present, the apps display no name. | No | |||||||||
Search base | The path to the node where a search starts. For example, ou=people,o=betterbag | No | |||||||||
Scope | The type of recursion to use in the search.
| No |
Note: Each MDM vendor implements these settings differently. To learn how various LDAP settings are applied to your devices and users, consult your MDM vendor’s documentation.