Objective
The purpose of this document is to provide instructions on how to perform regular, proactive maintenance of the LDAP/AD integration to ensure it continues to function as expected.
LDAP/AD Integration Overview
The LDAP/AD integration allows users to log into Brightspace using credentials found in your Active Directory server (LDAP Server).
LDAP-specific settings in the Config Variable Browser control the connection and directory lookups. When an LDAP integration is configured as the primary authentication method, the username and password provided at the portal page are checked against the configured user directory.
If the user is not present in the directory, credentials are checked against the Brightspace database. This allows administrative users like D2LSupport to log in.
Configuration Verification
The Config Variable Browser for LDAP authentication is not visible for administrators. Instead, administrators must reach out to TAMs, CSMs, or Support to ensure LDAP/AD authentication is set up correctly. The following are the conditions required to verify LDAP/ADauthentication.
Use of LDAP for authentication
- d2l.Auth.Methods.Primary
- d2l.Auth.Methods.Secondary
Initial connection to LDAP server:
- d2l.Auth.LDAP.AuthenticationType
- d2l.Auth.LDAP.RootPath
- d2l.Auth.LDAP.Scope
- d2l.Auth.LDAP.StartTLS
- d2l.Auth.LDAP.UseSecondaryServerOnFailure
- Directory lookup:
Binding user credentials:
- d2l.Auth.LDAP.AppUser
- d2l.Auth.LDAP.AppPassword
- d2l.Auth.LDAP.LdapLoginNameAttribute
- d2l.Auth.LDAP.Query
- d2l.Auth.LDAP.RetrieveUserAttribute
Notes:
- If using the StartTLS option, configure RootPath without specifying a port
- If using a secondary LDAP server on failure, fill out LDAP2 config variables as well
Client LDAP Server Administrators can verify the LDAP server configurations to ensure the server and user are available.
- The LDAP certificate installed on the server is valid and has not expired
- The LDAP server or firewall is accepting connections from the Brightspace ports
- The Binding user is active
- Brightspace ports would have been provided during your initial implementation. You may contact your TAM/CSM or D2LSupport to verify if unknown.