- User Account Activation and Authentication
- Explanation of LDAP in Edline
- How Do I Get Started?
- FAQ: Troubleshooting Unsuccessful Connections
- Q: How is the Edline username constructed and what is required for the construction?
- Q: Will parent accounts on Edline be LDAP activated/authenticated?
- Q: A user cannot login, what should I check?
- Q: A user forgot their password or screen name, and cannot login.
- Q: A user cannot login with the correct username and password.
- Q: A user’s name has changed (first name, last name) and now their network login is different. How can I manually correct that on Edline?
- Q: A user cannot combine their accounts.
- Q: I have multiple users using a single LDAP login on my school network. Can I get them different Edline accounts?
- Q: I have users who have multiple LDAP logins on my school network? Can they combine their Edline accounts?
- FAQ: Troubleshooting Unsuccessful Connections
The Edline LDAP integration provides a degree of centralized control over user accounts by linking those user accounts to your district’s LDAP passwords.
Some of the benefits of this integration include:
- The ability of districts and schools to customize password complexity
- Set password expiration periods
- Disable user accounts from a centralized LDAP system
User Account Activation and Authentication
User Accounts for teachers, staff and students must first be created in Edline. Once those user accounts have been created and the LDAP integration has been added to your sites, the user must then activate their accounts using their network username and password. Users may activate their accounts with the Standard Activation code, but this will not sync their account with their network login.
Explanation of LDAP in Edline
- A user attempts to log in to Edline with their LDAP email address ([LDAP Short Name]@[LDAP Domain]) and their LDAP password.
- Edline searches all LDAP enabled districts to see if the LDAP Domain is in their domain list.
- If the LDAP Domain is in their domain list, then the system will attempt to bind to the assigned LDAP server using the LDAP Short Name and LDAP password provided.
- If the LDAP Short Name matches the value in the LDAP field where short names are stored (for example, sAMAccountName), and the password authenticates, then the unique SIS user field value is returned to Edline.
- Edline searches for all accounts where the unique SIS user field value from LDAP matches the Admin System ID in Edline.
- Edline will display all user accounts that have the same Admin System ID value and the accounts can be combined, if desired.
How Do I Get Started?
- Download and complete the Edline LDAP Integration document.
Select the Save As option and select a location to save the form.
- Please email this completed document to firstname.lastname@example.org.
FAQ: Troubleshooting Unsuccessful Connections
Q: How is the Edline username constructed and what is required for the construction?
A: For the login name, we are looking for (LDAP Short Name)@(LDAP Domain) (for example, email@example.com)
Q: Will parent accounts on Edline be LDAP activated/authenticated?
A: No, parent accounts will be activated and authenticated with a Standard Edline Activation Code.
Q: A user cannot login, what should I check?
A: If a user cannot login, please check the following:
- Is your LDAP server up and running? Can you login to other internal systems using the network login and password?
- Is your firewall open? Have you made changes to your firewall, and have not entered or changed the required IP addresses?
- Is the user entering the correct username?
- Is the user entering the correct password?
Q: A user forgot their password or screen name, and cannot login.
A: Password retrieval is disabled for LDAP users. They will need to contact their school, who can reset the user’s password on their LDAP system.
Q: A user cannot login with the correct username and password.
A: If the user has already entered an incorrect password multiple times, the district’s LDAP may be set to deny any future login attempts, even with the correct authentication information. The user should cease login attempts for a significant period of time before retrying. If that still doesn’t work, they need to contact their school.
A: Based on the dependencies between LDAP and Edline, it is important to update the LDAP directory first when a user name or network login changes. We will operate under the premise that the Student Information System has already been updated.
In the LDAP directory
- Update the Unique SIS User Field (e.g. employeeID), if necessary (the field containing the Admin System ID in Edline)
- Update the Screen Name Field (e.g. sAMAccount) (the field containing the LDAP Short Name in Edline)
In Edline, changes should be made to affected fields as necessary. Timing is important due to dependencies between Edline and LDAP, as affected users will not be able to login until the Edline data matches the LDAP values.
- Update the following fields on the Modify User screen in Edline:
- Admin System ID
- LDAP Short Name
- Screen Name(for consistency)
- Last Name
Q: A user cannot combine their accounts.
A: Users at LDAP schools/districts are subject to additional restrictions on account combination. Namely, users cannot combine accounts across different districts (or, if a single school, users cannot combine accounts across different schools). Also, users cannot combine accounts with different Admin System IDs. If a user is at multiple schools, accounts can be combined only if the ID is the same at each location.
A: Each LDAP user can only have one Edline account. However, these users can be given separate Standard Authentication accounts.
A: No, they cannot.