This topic provides instructions on performing regular, proactive maintenance of the LDAP/AD integration to ensure it continues to function as expected.
LDAP/AD integration overview
The LDAP/AD integration allows users to log into Brightspace using credentials stored in your Active Directory server (LDAP server).
LDAP-specific settings in the Config Variable Browser control the connection and directory lookups. When an LDAP integration is configured as the primary authentication method, the username and password provided on the portal page are checked against the configured user directory.
If the user is not present in the directory, credentials are checked against the Brightspace database. This allows administrative users such as D2LSupport to log in.
Configuration verification
The Config Variable Browser for LDAP authentication is not visible to administrators. Instead, administrators must contact TAMs, CSMs, or Support to ensure LDAP/AD authentication is configured correctly. The following conditions are required to verify LDAP/AD authentication.
- Use of LDAP for authentication
- d2l.Auth.Methods.Primary
- d2l.Auth.Methods.Secondary
- Initial connection to the LDAP server
- d2l.Auth.LDAP.AuthenticationType
- d2l.Auth.LDAP.RootPath
- d2l.Auth.LDAP.Scope
- d2l.Auth.LDAP.StartTLS
- d2l.Auth.LDAP.UseSecondaryServerOnFailure
- Binding user credentials
- d2l.Auth.LDAP.AppUser
- d2l.Auth.LDAP.AppPassword
- d2l.Auth.LDAP.LdapLoginNameAttribute
- d2l.Auth.LDAP.Query
- d2l.Auth.LDAP.RetrieveUserAttribute
Notes:
- If using the StartTLS option, configure RootPath without specifying a port.
- If using a secondary LDAP server on failure, configure LDAP2 configuration variables as well.
Client LDAP server administrators can verify the LDAP server configuration to ensure the server and user are available.
- Verify that the LDAP certificate installed on the server is valid and has not expired.
- Verify that the LDAP server or firewall is accepting connections from Brightspace ports.
- Verify that the binding user is active.
- Brightspace ports are provided during your initial implementation. Contact your TAM, CSM, or D2LSupport if they are unknown.