In your K12 Asset Pro, click the Admin Settings on the bottom of the left-side navigation. Then click “LDAP.”
Note: all fields should be entered in lower case.
1) Select the LDAP enabled checkbox.
2) Select the LDAP Password Sync checkbox if your users will be able to log in to K12 Asset Pro.
3) Select the Active Directory checkbox and enter your active directory domain name without “www.” (yourdomain.com)
3) Enter settings below:
LDAP Server: put he URL of the LDAP server, beginning with ldaps://[example.com] (you can also use the IP address)
Client-Side TLS Key: this is used for Google Workspace
Client-Side TLS Certificate: this is used for Google Workspace
Check the box for “Allow invalid SSL Certificate”
LDAP Bind Username: Admin username to use to connect to for LDAP import. Usually a read-only admin username: cn=read-only-admin,dc=example,dc=com (you may want to create a new username to use for this purpose such as “divotldapuser”)
LDAP Bind Password: Password to use when authenticating to LDAP fro the above username.
Base Bind DN: The base where the search for users will be executed. Put your domain with dc= components for each part of your domain. For example, for divotassets.com you would put dc=divotassets,dc=com . For example.divotassets.com, you would put dc=example,dc=divotassets,dc=com.
LDAP Filter use: &(cn=*)
Username Field: this will typically be samaccountname, but if you are using a SAML/SSO provider for login you may want to use mail instead for proper authentication against the SSO provider.
Last Name should be sn
First Name should be givenname
LDAP Authentication query should be sAMAccountName= (this is the only field that should be mixed case)
LDAP Version should be 3
LDAP Active Flag should be active (Optional flag for disabled user accounts. WARNING: if this flag is set, and doesn’t exist in your directory, users will not be able to log in!)
Department should be departmentnumber
Email should be mail
Job Title should be title
Now click ‘Save’.
You must click ‘Save’ before you can test your connection!
If you try to click ‘Test LDAP Synchronization` without having hit the ‘Save’ button it will not work.
After clicking ‘Save’, you can now return to the LDAP settings page and should be able to click “Test LDAP Synchronization.” If that works, then your LDAP configuration is complete!
