Active directory authentication setup – Google Apps Connector for BlackBerry Enterprise Server Installation and Administration Guide User Manual

38

Google Apps Connector for BlackBerry Enterprise Server Installation and Administration Guide

Active Directory Authentication Setup

BlackBerry Enterprise Server 5.0 that allows individual BlackBerry Enterprise Server users to
log into BAS to perform various administrative processes on their own account. (Historically,
BlackBerry Enterprise Server users would have to contact the BlackBerry Enterprise Server
administrator to perform these actions.)

When a user tries to authenticate against BAS, BAS requires user credentials.

Option One: Active Directory Credentials

By default, any user that is added to a BlackBerry Enterprise Server is given the right to
authenticate themselves with BAS via Active Directory. To enabled Active Directory
authentication, there is some setup that needs to be performed.

1. Make sure that the LDAP administrator user specified in BlackBerry Enterprise Server set

up has enough access to be able to view and query the Active Directory container that
contains the BlackBerry Enterprise Server users.

2. Make sure that each LDAP user object exposes the field “legacyExchangeDN” with a

string that matches the SMTP address of that user in Google Apps. There are many
ways to add properties to users in Active Directory but the easiest way is to use ADSI Edit.
This application is an MMC snap-in that can be download from Microsoft. For a large
number of users, it may be easier to script these modifications.