How to: Configure AAIRS LDAP Authentication Connectors

In order to determine which AAIRS LDAP authentication connector to use, you need to answer the following questions about your institution’s LDAP authentication authority:

1.  What type of LDAP authentication authority is being used? Specifically, is the LDAP authority based on Unix/Linux or Microsoft operating system? Examples: IBM, Luminis, Novell eDirectory, Oracle, Sun/SunOne, Microsoft 2000, Microsoft 2003, Microsoft 2008.

2.  Are authentication calls based on Direct Bind or binding with a Master/Principal Account?

The table below indicates the recommended authentication connector based on answers to questions above.

Operating System and Authentication Authority Type Direct Bind or Bind with Master/Principal Account Recommended AAIRS Authentication Connector
Microsoft Server 2000, 2003 or 2008 Direct Bind MS LDAP
Microsoft Server 2008 Master/Principal Account Custom
Unix/Linux Direct Bind LDAP
Unix/Linux Master/Principal Account Custom

MS LDAP Connector

To configure the Microsoft (MS) LDAP connector, enter the following:

  • Title:  Text value that describes the authentication authority
  • Server:  URL value for the LDAP server

LDAP Connector

To configure the LDAP connector, enter the following:

  • Title:  Text value that describes the authentication authority
  • Server:  URL value for the LDAP server
  • Port:  Port used for communication with the authentication authority. Examples:  389, 636
  • DN List:  Distinguished Name (DN) list that encompasses all possible Tegrity users (i.e., students, faculty, staff). The DN list is a comma separated list of DC (domain content), OU (organizational unit), and O (organization) values.

Custom Connect for Anonymous Master/Principal Account

To configure the Custom connector to work with an anonymous master/principal account, enter the following:

  • Title:  Text value that describes the authentication authority
  • Service URL:  https://aairs-connectors.tegrity.com/ldap.006/AuthenticationService.asmx
  • Extended Properties:

{“server”:”??1″, “port”:??2, “groups”:[“??3={0},??4”], “validate”:??5, “anonymous_bind”:true}

Where:

  • ??1 is replaced with the FQDN or IP address of the LDAP server
  • ??2 is replaced with the communication port. Examples: 389, 636
  • ??3 is replaced with the type of value (i.e., cn, uid, sAMAccountName) that a user will enter as a login ID when logging in directly to your Tegrity service
  • ??4 is replaced with the Distinguished Name (DN) list that encompasses all possible Tegrity users (i.e., students, faculty, staff). The DN list is a comma separated list of DC (domain content), OU (organizational unit), and O (organization) values.
  • ??5 is replaced with either true or false, depending on whether the user logging in must be validated before his/her password is authenticated.

Custom Connector for Non-Anonymous Master/Principal Account

To configure the Custom connector to work with a non-anonymous master/principal account, enter the following:

  • Title:  Text value that describes the authentication authority
  • Service URL:  https://aairs-connectors.tegrity.com/ldap.006/AuthenticationService.asmx
  • Extended Properties:

{“server”:”??1″, “port”:??2, “app_user”:”??3=??4″, “app_user_password”:”??5″, “groups”:[“??6={0},??7”], “validate”:true, “anonymous_bind”:false}

Where:

  • ??1 is replaced with the FQDN or IP address of the LDAP server
  • ??2 is replaced with the communication port. Examples: 389, 636
  • ??3 is replaced with the type of value (i.e., cn, uid, sAMAccountName) provided for the master/principal account indentified in ??4
  • ??4 is replaced with full DN for the master/principal account (including ID, ou, and dc values).
  • ??5 is replaced with the password of the master/principal account
  • ??6 is replaced with the type of value (i.e., cn, uid, sAMAccountName) that a user will enter as a login ID when logging in directly to your Tegrity service
  • ??7 is replaced with the Distinguished Name (DN) list that encompasses all possible Tegrity users (i.e., students, faculty, staff). The DN list is a comma separated list of DC (domain content), OU (organizational unit), and O (organization) values.

NOTES:

  • If you copy the Extended Properties string above, please paste it in a text editor to make sure that the quote marks are simple quotes and not special quote marks.
  • There is no line feed or return key in the Extended Properties value.

 

Firewall Exceptions

The applicable firewall exceptions need to be enabled at your institution in order to support communication between the indicated authentication authority, your Tegrity service and other Tegrity resources.

Service Protocols Ports Direction Tegrity URLs/IPs
Active Directory TCP 1025 (HTTP) OR 1026 (HTTPS In & Out [INSTITUTION].tegrity.com
LDAP TCP and UDP 389 (LDAP) OR 636 (LDAPS) In & Out [INSTITUTION].tegrity.com

aairs-connectors.tegrity.com

IP Range: 54.85.240.0/21

Popular Articles

Let Tegrity Know!

We welcome your feedback on how we can improve the Tegrity lecture capture service. Please provide any comments and suggestions to your account management team.