LDAP (Lightweight Directory Access Protocol)

LDAP is an open, vendor-neutral application protocol for accessing and maintaining distributed directory information services over an IP network.

What to Know

LDAP is the lingua franca of enterprise directory services, enabling MDM platforms to integrate with Active Directory, OpenLDAP, and other directory systems for authentication, authorization, and data synchronization. Rather than maintaining duplicate user databases, MDM systems query LDAP directories to authenticate admins, retrieve user attributes for device assignments, and apply policies based on group memberships. This creates a single source of truth for identity and organizational structure, reducing administrative overhead and eliminating synchronization drift between systems.

LDAP integration enables sophisticated policy scoping — devices can be automatically assigned to policies based on user department, location, or role retrieved from the directory. When users change departments or leave the organization, updates in the directory automatically propagate to MDM policy assignments. LDAP also supports secure authentication through LDAP over SSL/TLS (LDAPS), protecting credentials during authentication queries.

Common Scenarios

Enterprise IT: Corporate MDM platforms integrate with Active Directory via LDAP to authenticate IT admins using their domain credentials and retrieve organizational unit structures for policy scoping. When assigning devices to users, IT queries LDAP for email addresses, department affiliations, and manager relationships to automatically apply appropriate policies. LDAP groups from AD are mapped to MDM device groups, allowing IT to manage devices by department or role without manually maintaining group memberships in multiple systems. IT must configure LDAPS (port 636) rather than plain LDAP (port 389) to protect credentials and ensure firewall rules allow MDM servers to reach domain controllers.

MSP: MSPs integrate client MDM instances with each client’s directory infrastructure via LDAP, requiring per-client configuration of bind credentials, base DNs, and search filters. MSPs should use dedicated service accounts with read-only LDAP access rather than administrator credentials to limit exposure if credentials are compromised. Multi-client MSP workflows often require mapping different LDAP schemas and attribute names across diverse client directory implementations (Active Directory, Azure AD, OpenLDAP, Google Workspace LDAP). MSPs must monitor LDAP connectivity and certificate validity to catch integration failures before they impact client operations.

Education: School districts use LDAP integration to synchronize student rosters from student information systems to MDM, automatically assigning devices based on grade level, school building, or classroom. Teachers and staff are authenticated via LDAP against district Active Directory, while students may use simplified authentication methods. Education LDAP integrations often involve complex organizational structures with multiple schools, grade levels, and role-based access requirements that must be mapped to MDM policies and device assignments.

In Addigy

Addigy supports LDAP integration for administrator authentication and user information retrieval through the Addigy Identity feature. Administrators can configure LDAP connections to Active Directory or other LDAP-compliant directories, enabling single sign-on for admin console access and automating user-device associations based on directory attributes. Addigy supports LDAPS for secure communication and provides flexible attribute mapping to accommodate different directory schemas.

When configuring LDAP integration, Addigy admins specify bind credentials, base search paths, and attribute mappings through the admin console. Addigy provides connection testing tools to validate LDAP connectivity and query results before enabling production use. Addigy’s LDAP integration enables automatic user provisioning and device assignment workflows that reduce manual administrative work while maintaining consistency with organizational directory structures.