Objective
The purpose of this document is to provide instructions on how to perform regular, proactive maintenance of the LDAP/AD integration to ensure it continues to function as expected.
LDAP/AD Integration Overview
The LDAP/AD integration allows users to log into Brightspace using credentials found in your Active Directory server (LDAP Server).
LDAP specific settings in the Config Variable Browser control the connection and directory lookups. When an LDAP integration is configured as the primary authentication method, the username and password provided at the portal page are checked against the configured user directory.
If the user is not present in the directory, credentials are checked against the Brightspace database. This allows administrative users like D2LSupport to login.
The LDAP/AD SSL requirements can be reviewed under Certificate Guidelines for D2L Cloud Hosted Clients.
Configuration Verification
Brightspace Administrators with Config Variable Browser access can verify the Brightspace configuration variables to ensure that LDAP/AD integration is set up correctly.
- Use of LDAP for authentication
- d2l.Auth.Methods.Primary
- d2l.Auth.Methods.Secondary
- Initial connection to LDAP server:
- d2l.Auth.LDAP.AuthenticationType
- d2l.Auth.LDAP.RootPath
- d2l.Auth.LDAP.Scope
- d2l.Auth.LDAP.StartTLS
- d2l.Auth.LDAP.UseSecondaryServerOnFailure
- Binding user credentials:
- d2l.Auth.LDAP.AppUser
- d2l.Auth.LDAP.AppPassword
- Directory lookup:
- d2l.Auth.LDAP.LdapLoginNameAttribute
- d2l.Auth.LDAP.Query
- d2l.Auth.LDAP.RetrieveUserAttribute
NOTES:
- If using the StartTLS option, configure RootPath without specifying a port
- If using a secondary LDAP server on failure ,fill out LDAP2 config variables as well
Client LDAP Server Administrators can verify the LDAP server configurations to ensure the server and user are available.
- The LDAP certificate installed on the server is valid and has not expired
- The LDAP server or firewall is accepting connections from the Brightspace ports
- The Binding user is active
NOTES:
- Brightspace ports would have been provided during your initial implementation. You may contact your TAM/CSM or D2LSupport to verify if unknown.