Have you verified basic functionalities of LDAP authentication in simpler case such as device enrollment (you have to modify the authentication option of an existing add-devices rule)?
Does your ERG (item (2) in your post) has access (port 443) to your MobiControl server instance?
Thank you for requesting an answer from SOTI Support Staff.
Raymond has brought up a good way of doing a "base test" to confirm that your setup of LDAP is working as expected.
Here is a screenshot and link to the help file assistance when configuring SOTI SURF.
As much as I would like to assume the ERG was installed I do not see any mention of this, by name, in your post. Please note the highlighted section in the following image. I have included a link for quick reference afterwards.
Hope this helps!
Technical Support | SOTI Inc. |1.905.624.9828 | email@example.com | www.soti.net |
Thanks Raymond ,
now we are able to loin threw LDAP. in global security setting LDAP was not enabled .
this Soti surf will pass all traffic from device to internal servers ?? including soti surf browser and other device application traffic??
Soti Surf will only route its own traffic destined for intranet sites (based on domains configured in "Intranet Gateway" option in Soti Surf profile payload) through the ERG , and its remaining traffic for whitelisted/non-blacklisted internet sites goes directly between the device and the corresponding sites. However, you can keep a log of all internet and intranet sites visited, and have it transferred to the server for possible audit with a file-sync rule.
Traffic of other applications are not affected by ERG. If your device/platform supports global or per-app firewall policy profile payload, you can use such policy to restrict such traffic for all or specific apps.
in my case application is not accessible on the device network . we have given access to the application on the Surf server . so it will be accessible on the device ???
Is your application on the device a web app running on any web browser app on your device? Or is it a non-web app installed from an apk or from Google Play store?
As of now we are testing on web application only . but in future we want it for device application also which is in house developed .
So, as of now, you can run your web app on Soti-Surf browser app on the device. Assuming that your application server is in your corporate intranet, your device is outside the intranet, and an ERG has been installed in a DMZ in between. If you deploy a "Soti Surf" profile payload with intranet gateway enabled and your app-server domain included, then your web app running on Soti-Surf app on the device can communicate with your app server via an encrypted connection. You can of course enable LDAP authentication and timeout options in your "Soti Surf" profile payload.
If in the future your app is re-implemented in-house as a standalone apk, you will then not be able to use the above approach. You have to check if your device/platform has VPN or firewall policy supported to create secured and authenticated connection to your app server.