AddressBook field

An AddressBook field allows a user to perform a search in LDAP directory.

Address Book field is designed especially for making queries to LDAP Server from the device.

Search root — Specify the directory node in the LDAP hierarchy where the search starts.

Available syntaxes:

  • LDAP://<server>:<port>/<Hierarchy Path>
  • LDAP://<server>/<Hierarchy Path>
  • LDAP://<Hierarchy Path>  

Here are some examples:

  • LDAP://mydc.mydomain.com/DC=mydc,DC=mydomain,DC=com
  • LDAP://RootDSE
  • LDAP://10.10.11.100:50000/OU=somecontainer,O=mydirectory
  • LDAP://CN=Users,DC=mydc,DC=mydomain,DC=com

Default port is 389 (636 when using SSL).

Authentication (Type)

  • Windows — This option indicates to use the Windows Security Support Provider Interface (SSPI) authentication system when binding to the directory. This binding uses the current Windows security context for authentication.
  • Simple — Used when an LDAP simple bind is desired. An LDAP simple bind is the only binding mechanism defined in the actual LDAP version 3 specification, so it has excellent compatibility across LDAP server vendors. Unfortunately, it relies on a plain text exchange of credentials, as a result it is completely insecure by itself.
  • Anonymous — This option tells the server not to perform authentication before attempting searches. As such, the state of the LDAP connection will not be authenticated. This flag is not typically used with Active Directory, as unauthenticated users can do very little in the directory. In fact, Windows Server 2003 Active Directory does not allow anonymous operations by default. This flag is generally used with non-Microsoft directories that allow completely anonymous access.
  • SSL — Specifies that the SSL/ TLS protocol will be used to encrypt the network traffic with the directory server, including the Bind request. When specifying this option, an SSL certificate must be installed and available in Active Directory or LDAP server. Under the covers, server will change the TCP port (if it is not already specified) from the default port 389 to port 636, and SSL will be used to secure the communication. SSL is often supported by third-party LDAP directories and should be the preferred method of protecting credentials when communicating with directories other than Active Directory.

Scope

  • OneLevel — Searches the immediate child objects of the base object, excluding the base object.
  • Subtree — Searches the entire subtree, including the base object and all its child objects.

Last Name Attribute — First Name Attribute, Email Attribute. LDAP Attributes which contain last name, first name and e-mail respectively.

Test lookup — Allows to check authentication options interactively

Allow to edit value on device side — If this check box is selected, a user can enter a value into the text-box, otherwise, only listed options are available for the user to select from.

Item Separator — If Allow Multiple Select is checked, Item Separator is used between the selected values to form the value of the field.

Allow Multiple Select — If checked, a user will be able to select multiple options simultaneously. The value will form from the values of the selected options separated by Item Separator.