Workspace ONE UEM Directory Integration Examples

2021-07-07

Introduction Below are Omnissa Workspace ONE UEM Directory Integration examples for various directory types. Please note, always refer to VMware documentation as those are official. The below are examples for use as assistance in configuring your own environments.

WARNING: ALWAYS TEST IN NON-PRODUCTION ENVIRONMENTS - NEVER TEST IN PRODUCTION!

NOTES!

Only modified sections are listed below in the Users and Groups sections. Blank entries do not mean delete the corresponding UEM setting. Rather it means the default settings should be left alone.
If viewing in a browser, you may need to scroll right/left on the each of the charts or the whole web page depending on how your browser displays this page.
Anything in "[...]" would be replaced with your network values.

Common UEM Directory Service Configurations Server Settings

Setting	AD - Directory	AD - Basic	OpenLDAP	Lotus Domino	Novell e-Directory	Oracle (ODSEE)
Directory Type	Active Directory	Active Directory	OpenLDAP	Lotus Domino	Novell e-Directory	Other LDAP
Server	[server_FQDN]	[server_FQDN]	[server_FQDN]	[server_IP]	[server_IP]	[server_FQDN]
Encryption Type	none	none	none	none	none	none
Port	389	389	389	389	389	1389
Protocol Version	3	3	3	3	3	3
Service Account Credentials	no	no	no	no	no	no
Authentication Type	NTLM	Basic	Basic	Basic	Basic	Basic
Username	[domain][username]	[domain][username]	cn=[container],dc=[domain],dc=[domain]	[username]	CN=[username],OU=[org_unit],OU=[org_unit],O=[org]	cn=[container]
Password	[password]	[password]	[password]	[password]	[password]	[password]
Domain	[domain]	[domain]	none	none	none	[domain]

User Settings NOTE: Only modified sections are listed below. Blank entries do not mean delete the corresponding UEM setting. Rather it means the default settings should be left alone.

Setting	AD - Directory	AD - Basic	OpenLDAP	Lotus Domino	Novell e-Directory	Oracle (ODSEE)
Base DN	DC=[domain],DC=[domain],DC=[domain]	DC=[domain],DC=[domain]	dc=[domain],dc=[domain]	O=[Org]	O=[Org]	DC=[domain],DC=[domain]
User Object Class
User Search Filter	(&(objectCategory=person)(sAMAccountName={EnrollmentUser}))		(&(objectClass=person)(uid={EnrollmentUser}))	(&(objectClass=person)(uid={EnrollmentUser}))	(&(objectClass=person)(uid={EnrollmentUser}))	(&(objectClass=person)(cn={EnrollmentUser}))
Object Identifier	objectGUID		entryUUID	dominoUNID	GUID	nsuniqueid
Username	sAMAccountName		uid	uid	uid	cn
Member Of	memberOf				groupMembership
Full Name
Display Name
First Name
Middle Name
Last Name
Email Address
Email Username
Mobile Phone
Phone Number
Distinguished Name
User Principal Name
Department
Status
Lockout Time
Object Class			objectClass	objectClass	objectClass	objectClass
Last Modified
Binding Attribute

Group Settings NOTE: Only modified sections are listed below. Blank entries do not mean delete the corresponding UEM setting. Rather it means the default settings should be left alone.

Setting	Active Directory (both)	Open LDAP	Lotus Domino	Novell e-Directory	Oracle (ODSEE)
Base DN	DC=[domain],DC=[domain],DC=[domain]	dc=[domain],dc=[domain]	O=[Org]	O=[Org]
Group Object Class	group	posixGroup	dominogroup		groupofuniquenames
Organizational Unit Object Class
Group Search Filter		(&(objectClass=posixGroup))			Group Attribute("Member")
Membership Attribute					Relative Distinguished Name
Search Members Using
Object Identifier	objectGUID	entryUUID	dominoUNID	GUID	nsuniqueid
Name	name	cn	cn	cn	cn
Member		member
Common Name		cn
Member Of	memberOf	memberOf		groupmembership
Distinguished Name		distinguishedName
Group Object Class		objectClass		objectClass
Organizational Unit
Organizational Unit Object Class

Thanks: Big thanks to VMware Engineering Austin Schoen and John Richards for providing this data.

#WS1 #UEM