Configuring BlackBerry Device Service with DSfW

  • 7012113
  • 09-Apr-2013
  • 10-Jun-2013

Environment

Novell Open Enterprise Server 11.1 (OES11SP1)
Domain Services for Windows
DSFW

Situation

How to configure BlackBerry Device Service with DSfW
How to configure Domain Services for Windows with BlackBerry Device Service

Resolution

The BlackBerry Device Service (BES10) searches the following required attributes:
displayName
mail
samAccountName
distinguishedName
objectGUID

The attributes listed below may not be populated on user accounts there for will need to be added.
These attributes can be mapped to the fields of their choice in BlackBerry Administration Service if they are available in other AD fields:
displayName - Users name
mail - e-Mail address

The attributes below should already be populated when the user is samified by DSfW
samAccountName
distinguishedName
objectGUID

During installation, select BlackBerry Administration Service for the administration account rather than Active Directory, if Active Directory is selected, it may produce an error involving a missing Global Catalog server, this can be ignored and BlackBerry Administration Service account will be the only choice.

Add an Active Directory enabled account as an administrative account after the installation completes and the services are running.

Log into the BlackBerry Administration Service console, click on Create a User, and then initiating the search.
The samified users with the attributes discussed above properly populated should be returned.
Before actually adding a user account, please follow the BlackBerry Device Service - Administration Guide to prepare the service to host and manage the BlackBerry enabled accounts.

Errors regarding the Global Catalog servers encountered during the install can be ignored.  The April 2013 Maintenance Patch along with removing the 'Require TLS for Simple Binds with Password' option on the ldap group object will resolve this error.  
Removing the 'Require TLS for Simple Binds with Password' can be acomplished using iManager or by running the following command:
ldapconfig -s 'Require TLS for Simple Binds with Password=no'

Additional Information

A script to add displayName is available at dsfwdude.com
The script takes the value from samAccountName and applies it to displayName.