LDAP: How to configure teacher logins
LDAP is an excellent way to help your teachers easily log in to Meet The Teacher by unifying credentials across all your services. This guide shows you how to configure LDAP as a teacher login method.
- Firstly, please make sure that your LDAP services can be accessed by our server IP addresses.
You may also need to configure network routing if you are behind a proxy. Speak to your IT team if that is the case.
- Next, log into your Meet The Teacher as an administrator and navigate to Settings > Teacher Authentication then select the LDAP option.You should see the following appear:
- Fill in the boxes with the appropriate information:
Attribute Description Example Server The server URL or IP address with the connection port. If you intend on using LDAPS,
please ensure that you prepend "ldaps://" to the server field and that you append the correct port.
BaseDN The root distinguished name to find the users in. This depends on your school's installation of LDAP.
User Attribute The username attribute to be used to match to an existing user on the Parents' Evening System.
In most cases, if you are using Windows Active Directory, this will simply be sAMAccountName.
Domain The domain name of the LDAP server we should connect to.
Search Filter This is used to apply specific terms for access on the system. You can define matches to specific LDAP
attributes, which will be checked each time the login is attempted. Search filters are defined using ldapsearch syntax.
You can find a guide on the CentOS site here.
Department Field This is the field used to specify the department for your school, depending on your LDAP installation.
- Finally, you can check the the setup you have entered by testing the login for a particular user via Test Authentication. If you receive a message telling you that you've successfully authenticated, you can proceed to click on Save System Settings.
If the test doesn't succeed, here are a few troubleshooting steps for the most commonly found issues:
Error Troubleshooting Steps Can't contact LDAP server Check that:
- The LDAP server URL is correct.
- The LDAP domain is correct.
- The LDAP server is accessible to our IPs. Our IPs are 220.127.116.11, 18.104.22.168 and 22.214.171.124. We require bi-directional access to the relevant LDAP port.
- LDAP traffic received at the public address is properly NATed to your LDAP server.
Authenticated, however could not retrieve user details,
check User Attribute and BaseDN is correct
- The BaseDN is correct and the user is inside that BaseDN.
- The User Attribute is correct. In particular, make sure there's no spaces either side of the Username Attribute field.
- The user is inside the Search Filter assigned (if you're using one).
For example, the user might need to be inside a particular group inside the BaseDN.
- Once the connection details are saved, it's worth trying to log in as one of the teachers, or observing one of the teachers logging in, to make sure it's working for them.