LDAPS Group Sync Profile

From Studentnet Wiki
Revision as of 04:59, 2 August 2024 by Jrobertson (talk | contribs)
Jump to navigation Jump to search

LDAPS Group Sync Profiles are used to process groups from Active Directory (AD) and put them in the dashboard

Minimum requirements for a group to be synced from AD to Cloudwork

Each group that needs to be synced into Cloudwork require the following attributes in AD:

  • Friendly Name Field
  • Group Email Field
  • Mail Field

Information and Settings to have ready before creating sync profile

Directory Configuration

In your directory:

  • Open your firewall and allow IP ranges from here
  • Create a user in your directory which has read permissions and save the following details about newly created user:
    • Username:
    • Password:
    • Directory Location:
  • Have the LDAP path for the container you want synced:
  • Note down the IP address your directory server is on:
  • Note has the mail attribute populated with the user's email address? If not where is this stored?

Creating a the LDAP Group Sync Profile

  1. In the Cloudwork Dashboard>Sync Profile>New Sync Profile>LDAP Group Sync Profile
  2. Fill in the form:
    • Description: Name or Description of Sync profile
    • Ldap Server:IP Address or hostname of the directory server to collect information from
    • Ldap User: Directory and username of newly created user
    • Ldap Password: Password of newly created user
    • Search Container: The LDAP path for the container you want synced
    • Role: Depending on user type, select the appropriate type of Teacher, Student, Alum, Staff, Employee or Parent
  3. Click submit

Base Settings

Base Settings
Field Description
Userdesc.png A short description to identify the sync profile
Userldapserver.png IP address or host name of the directory server to collect information from. Password reset will only work over LDAPS://
Userldapuser.png Username to bind to when collecting
Userldappassword.png Password to use when collecting information from the server

Group Settings

User Settings
Field Description Active Directory Example if available
Usersearchcontainer2.png The qualified name for the container to look for users. eg, OU=students, OU=users, DC=yourdomain, DC=com Usersearchcontainer.png
Friendly name for the group
The field that contains the name of the group
Default Group Type - this setting decides which users can send to the group
The LDAP attribute that stores the SIS ID for a group. This field is important for Canvas, and other services.
Group Faculty Attribute - Not sure
Group form attribute - not sure
Email address attribute used to look up group members
LDAP query paramaters that will be be used to further restrict Cloudwork's default group syncing
Group types - not sure!

Advanced Settings

Advanced Settings
Field Description
Advdomain.png The email domain for groups. If Force Mail Domain is selected, user accounts created or updated by replace the email domain with this domain
Advdirectoy.png The directory type that the users are syncing from
Advdeleteaction.png When a user is deleted or moved to a location that Cloudwork can't see, Cloudwork will perform the chosen action
Retrieved from "https://wiki.studentnet.net/index.php?title=LDAPS_Group_Sync_Profile&oldid=2236"