This tab is for defining server settings for LDAP configuration:
CAE LearningSpace Essentials can be connected with directory servers that use the Lightweight Directory Access Protocol (LDAP) to provide you with an efficient way of user authentication and group synchronization.
LDAP synchronization provides possibilities to import and synchronize groups of users based on the data of the selected server.
Available to users with Admin role.
Go to Directory Access Settings in System, and configure the directory server(s) of your institution (more than one can be added).
See how to use the LDAP Server Settings dropdown.
LDAP login settings
- Use for login: the system will use the specified LDAP server for login authentication
- Use full DN: search for the user directly by the user’s full distinguished name
- Authentication ID: you can set which field should be checked with LDAP login
- DN prefix: Distinguished Name will start with the given prefix
- DN postfix: Distinguished Name will end with the given postfix
- Resolve samAccountName: authenticate the user through a specified query user who has access to the LDAP server (query user name, password and base)
Manage further settings such as user authentication methods and synchronization.
LDAP authentication modes
Servers set for login have two modes of authentication:
Use full DN (selected by default):
This method requests a user's full distinguished name to authenticate them. Specify the Authentication ID, DN prefixes and postfixes to find users on your directory server.
Every user who is a match for the request can log in to CAE LearningSpace Essentials with their credentials stored on the directory server.Resolve samAccountName:
This method requires a query user and the users’ samAccountName to authenticate them.- Provide the name and password of your directory server's query user.
- Provide a query base to define the level of the query in your directory tree.
Every user who is a match for the query can log in to CAE LearningSpace with their credentials stored on the directory server.
By applying a query user, you grant CAELearningSpace Essentials permission to search the provided query base and authenticate any user who has a match for their samAccountName.
It is important that the query user has permission to search in the affected LDAP tree.
See more at How can I configure LDAP login.
LDAP synchronization
Switch on LDAP synchronization to import users with ease from your directory server(s) into a user group in CAE LearningSpace.
Provide the name and password of the query user (dedicated for synchronization) of your directory server.
- Query user: query user's full DN in the LDAP server
- Query password: query user’s password
- Query base: defines the starting point of the search on the LDAP server (query user needs access to this base)
- Mapping: enter the attributes used on your directory server that correspond with each of the personal detail fields (e.g. first name, email, UCID, etc.).
CAE LearningSpace needs these details in Mapping to match each data field with an attribute and execute a successful synchronization.
See more at How can I complete LDAP synchronization.
Note
In case of invalid users or missing/incorrect data on your directory server, the system will warn you. Meanwhile, users who are successfully authenticated can still be imported.
To import users into a group, go to User Manager and edit or create a new group. Select the LDAP tab in the Create / Edit Group pop-up and follow the steps on this page. Only Admin users can import users.
In case your directory server is down, users authenticated by LDAP will be unable to log in with their email and password from the directory server.
For a temporary solution, LDAP authentication can be disabled for each user one by one in their Edit User window and login details can be entered manually in CAE LearningSpace Essentials.
Overview
Content Tools