Advanced User Management and LDAP Integration
What is LDAP  How to setup LDAP integration with IC  Creating and linking new users to LDAP  Connecting existing users to LDAP  Advantages and Disadvantages to LDAP integration  Managing Tasks with Task Scheduler in IC  Using IC to create users in other systems  How LDAP can save you time in other systems

usernames. groups. passwords. etc)  .Advanced User Management and LDAP Integration LDAP = Lightweight Directory Access Protocol  LDAP creates a standard language that can be read by other services or vendors  LDAP can be used to manage users and computers information (names.

Advanced User Management and LDAP Integration  Directory Structure  MS Active Directory .

Advanced User Management and LDAP Integration  Setting up LDAP in IC .

dc=domain component (AD)  Username – sAMaccountName (AD) .Advanced User Management and LDAP Integration Hosts – you can use computer DNS name or ip address  Bind User – user only needs rights to browse directory   User might need to identify domain domain\binduser  Search Base – is the top location where users could be located  OU= folders.

Advanced User Management and LDAP Integration  Creating New Users  Create new user in Infinite Campus then click link with LDAP .

Advanced User Management and LDAP Integration  Creating New User from LDAP  Create new user from LDAP by using Create Person/User from LDAP tool .

Advanced User Management and LDAP Integration  Linking Existing Accounts Manually  IC username Must Match LDAP username  Click button Link with LDAP ○ If the text changes the link was successful .

Advanced User Management and LDAP Integration  Allow users to link account with LDAP .

 Get-QADUser -SizeLimit 5000 -ip sAMAccountName.aspx  Register the snap-in.com/activeroles-server/arms.quest. then install the QAD Snap-ins from this site: http://www.  Download. distinguishedName | Select sAMAccountName.admanagement  Then on a server that is a member of the domain logged in as an admin run the following script from the active roles management version of powershell.Advanced User Management and LDAP Integration  Connecting current users to ldap using Active Directory  Download and install PowerShell and . (Key point) add-PSSnapin quest. distinguishedName | export-csv c:\ADUsers.csv .activeroles.Net Framework. Go to Microsoft's site and choose the correct version to suit your operating system.

Then have a person use sql to match username from AD (SamAccountName) to campus and update the field LDAPDN in the UserAccount table with the value from DistinguishedName filed in csv file.  .Advanced User Management and LDAP Integration    This will create a file on the c:\ called adusers.csv You can then use excel to clean up the user accounts. You might also want to update the users password to reflect that their password is no longer stored in IC.

Advanced User Management and LDAP Integration  Automate LDAP updates  What happens when you move a user in AD.bat ○ IC server take the file via DTS and updates the table with any changes to LDAPDN field . Novell etc ○ Server in Domain runs script > Campus User account Update.

Advanced User Management and LDAP Integration  Automate LDAP updates ○ IC server take the file via DTS and updates the table with any changes to LDAPDN field .

Advanced User Management and LDAP Integration  Advantages to LDAP Integration  Uses one set of usernames and passwords  Disabling a user account in one place disables it everywhere  Allows for stricter password policies ○ Easier for users to remember a more complex password because they use if for more things .

Advanced User Management and LDAP Integration  Disadvantages to LDAP Integration  Requires extra admin setup  If a password is discovered all systems using LDAP will be vulnerable .

co.ldapbrowser.htm  http://docs.uk/Logon/LD AP_attributes_active_directory.org/en/LDAP_authentication  LDAP utilities ○ http://www.Advanced User Management and LDAP Integration  LDAP Resources  Infinite University – Campus LDAP Authentication  http://www.moodle.com – 30 day free trial ○ http://jxplorer.org/ .computerperformance.Java browser .

Advanced User Management and LDAP Integration  Managing Tasks in Infinite Campus   Change LDAP Users campus passwords .

Advanced User Management and LDAP Integration  Managing Tasks in Infinite Campus Re-enable Student accounts that are disabled  .

Advanced User Management and LDAP Integration  Managing Tasks in Infinite Campus Automatically Create New Student Accounts  .

Advanced User Management and LDAP Integration  Systems we use LDAP on  Infinite Campus  Moodle  Safari Montage (Video Streaming)  Copiers (Toshiba and Konica)  Compliance Vault (Email Archiving)  Barracuda Spam Filter  Cymphonix Web Filter  Mac’s .

rdl .Advanced User Management and LDAP Integration  Using Infinite Campus to create Active Directory Users  Using SRS > NewStudentAccounts.

vbs is run  File is moved and renamed to users home directory  All students in excel file are imported into AD ○ You must go into each student and reapply their home directory for the setting to stick.xls  CreateUsers. . It appears to deal with rights.Advanced User Management and LDAP Integration  Using Infinite Campus to create Active Directory Users  File is exported to c:\newstudentaccount.

Advanced User Management and LDAP Integration Questions? By Scott Dyreson .

Sign up to vote on this title
UsefulNot useful