Apple Platform Deployment
- Welcome
- Intro to Apple platform deployment
- What’s new
- 
        
        - 
        
        - Declarative status reports
- Declarative app configuration
- Authentication credentials and identity asset declaration
- Background task management declarative
- Calendar declarative configuration
- Certificates declarative configuration
- Contacts declarative configuration
- Exchange declarative configuration
- Google Accounts declarative configuration
- LDAP declarative configuration
- Legacy interactive profile declarative configuration
- Legacy profile declarative configuration
- Mail declarative configuration
- Maths and Calculator app declarative configuration
- Passcode declarative configuration
- Passkey Attestation declarative configuration
- Safari extensions management declarative configuration
- Screen Sharing declarative configuration
- Service configuration files declarative configuration
- Software Update declarative configuration
- Software Update settings declarative configuration
- Storage management declarative configuration
- Subscribed Calendars declarative configuration
 
- 
        
        
- 
        
        - Accessibility payload settings
- Active Directory Certificate payload settings
- AirPlay payload settings
- AirPlay Security payload settings
- AirPrint payload settings
- App Lock payload settings
- Associated Domains payload settings
- Automated Certificate Management Environment (ACME) payload settings
- Autonomous Single App Mode payload settings
- Calendar payload settings
- Mobile payload settings
- Mobile Private Network payload settings
- Certificate Preference payload settings
- Certificate Revocation payload settings
- Certificate Transparency payload settings
- Certificates payload settings
- Conference Room Display payload settings
- Contacts payload settings
- Content Caching payload settings
- Directory Service payload settings
- DNS Proxy payload settings
- DNS Settings payload settings
- Fonts payload settings
- Domains payload settings
- Energy Saver payload settings
- Exchange ActiveSync (EAS) payload settings
- Exchange Web Services (EWS) payload settings
- Extensible Single Sign-on payload settings
- Extensible Single Sign-on Kerberos payload settings
- Extensions payload settings
- FileVault payload settings
- Finder payload settings
- Firewall payload settings
- Fonts payload settings
- Global HTTP Proxy payload settings
- Google Accounts payload settings
- Home Screen Layout payload settings
- Identification payload settings
- Identity Preference payload settings
- Kernel Extension Policy payload settings
- LDAP payload settings
- Lights Out Management payload settings
- Lock Screen Message payload settings
- Login Window payload settings
- Managed Login Items payload settings
- Mail payload settings
- Network Usage Rules payload settings
- Notifications payload settings
- Parental Controls payload settings
- Passcode payload settings
- Printing payload settings
- Privacy Preferences Policy Control payload settings
- Relay payload settings
- SCEP payload settings
- Security payload settings
- Setup Assistant payload settings
- Single Sign-on payload settings
- Smart Card payload settings
- Subscribed Calendars payload settings
- System Extensions payload settings
- System Migration payload settings
- Time Machine payload specifics
- TV Remote payload settings
- Web Clips payload settings
- Web Content Filter payload settings
- LDAP payload settings
 
 
- 
        
        
- Glossary
- Document revision history
- Copyright

LDAP declarative configuration for Apple devices
Use the LDAP configuration to enter settings for connecting to an LDAPv3 directory.
Note: LDAP connections don’t initiate a VPN connection; if the VPN hasn’t been established by another app, such as Safari, the LDAP lookup fails.
The LDAP configuration supports the following:
- Minimum supported operating system versions and channels: iOS 15, iPadOS 15, Shared iPad user, macOS 13 user, visionOS 1.1. 
- Requires supervision: No. 
- Supported enrolment methods: User Enrolment, Device Enrolment, Automated Device Enrolment. 
| Setting | Description | Required | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Account name | The name that apps show to the user for this LDAP directory account. If not present, the system generates a suitable default. | No | |||||||||
| Hostname | The IP address or fully qualified domain name (FQDN) of the LDAP server. | Yes | |||||||||
| Port | The port number of the LDAP server. | No | |||||||||
| Authentication credentials asset | Asset declaration that contains the credentials for this account. See Authentication credentials and identity asset settings. | No | |||||||||
| Search settings | Define the scope and search base for your LDAP server. | No | |||||||||
Search settings
The following are used for LDAP searches.
| Setting | Description | Required | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Visible description | The description of this search setting in the Contacts and Settings apps. If not present, the apps display no name. | No | |||||||||
| Search base | The path to the node where a search starts. For example, ou=people,o=betterbag | No | |||||||||
| Scope | The type of recursion to use in the search. 
 | No | |||||||||
Note: Each device management service developer implements these settings differently. To learn how various LDAP settings are applied to your devices and users, consult your developer’s device management service documentation.