LDAP queries

In addition to querying the core database, Endpoint Manager also provides the directory tool that lets you locate, access, and manage devices in other directories via LDAP (the Lightweight Directory Access Protocol).

You can use an on-premise Active Directory source or you can use an external Microsoft Azure Active Directory.

If you will be using Azure Active Directory, you first need to configure it to allow Secure LDAP, also known as LDAP over Secure Sockets Layer (SSL) / Transport Layer Security (TLS). This isn't enabled by default. Follow the steps here before creating a connection from Endpoint Manager: https://docs.microsoft.com/en-us/azure/active-directory-domain-services/tutorial-configure-ldaps.

Note that LDAP access through Microsoft's Graph API isn't currently supported.

You can query devices based on specific attributes such as processor type or OS. You can also query based on specific user attributes such as employee ID or department. LDAP queries can be saved and used as task targets. Queries are dynamic and saved queries are re-run each time they're used.

For information about creating and running database queries from the Queries groups in the network view, see Database queries.

For additional information on how Endpoint Manager gathers LDAP information, see this knowledge base article.

Use the Active directory source dialog box to manage the LDAP directories you use with Ivanti® Endpoint Manager. The LDAP server, username and password you enter are saved and used when you browse or execute queries to the directory. If you change the password of the configured user in the LDAP directory, you must also change the password in this dialog box.

NOTE: The account you configure in directory manager must be able to read the users, computers and groups that you use for management with Endpoint Manager.

To configure a new directory
  1. Click Configure > Manage Active Directory sources.
  2. Click Add.
  3. Enter the DNS name of the directory server in the LDAP:// field.
  4. Enter the User name and Password.

NOTE: If you are using Active Directory or Azure Active Directory, enter the name as <domain-name>\<nt-user-name>.

  1. Click OK to save the information. The information you enter is verified against the directory before the dialog box closes.
To modify an existing directory configuration
  1. Click Configure > Manage Active Directory sources.
  2. Click the directory you want.
  3. Click Edit.
  4. Change the server, username, password as desired
  5. Click OK to save the information. The information is verified against the directory before the dialog box closes
To delete an existing directory configuration
  1. Click Configure > Manage Active Directory sources.
  2. Click the directory you want.
  3. Click Delete.

NOTE: All LDAP queries using this directory will be deleted when the directory is removed.

The task of creating a query for a directory and saving that query is divided into two procedures:

To select an object in the LDAP directory and initiate a new query
  1. From the Network view, click Directory > (your configured active directory) > Browse directory.
  2. Right-click an object in the LDAP directory and click New query. You'll create an LDAP query that returns results from this point in the directory tree down.
  3. The Basic LDAP query dialog box appears.
To create, test, and save the query
  1. From the Basic LDAP query dialog box, click an attribute that will be a criterion for the query from the list of directory attributes (example = department).
  2. Click a comparison operator for the query (=,<=, >=) .
  3. Enter a value for the attribute (example department = engineering).
  4. To create a complex query that combines multiple attributes, select a combination operator (AND or OR) and repeat steps 1 through 3 as many times as you want.
  5. When you finish creating the query, click Insert.
  6. To test the completed query, click Test query.
  7. To save the query, click Save. The saved query will appear by name under Saved queries in the directory pane of directory manager.