Our site uses cookies to improve your browsing experience. To learn more please read our Privacy Policy
RSS Feed

Authentication with a local LDAP server

If the username in Fronter is the same as the registered username on the LDAP server, it is possible to set up LDAP authentication for Fronter.

How to get started

To set it up, please go to 

https://fronter.com/[customerurl]/testdata/ldaptest.phtml

and fill in the form with your LDAP server details.

The different components of the test page and their function is defined as follows:

  • ldap server: The url or IP address of the LDAP server
  • ldap port: The port to connect on this is normally 636 for encrypted ldaps protocol or 389 for plain
  • ldap bind_rdn1: Distinguished Name dn for the LDAP Bind User can be composed of The Common Name cn, Org Unit/s ou, and Domain Components dc
  • bind password1: the password for the bind user
  • base_dn(for searching): the dn for the search root, all entities you wish to authenticate must be children of this root so the LDAP bind user can find them

The bind user needs sufficient access to be able to search the tree (from the base_dn) to find any users who are wishing to authenticate with this LDAP configuration. So in other words the bind_rdn1 user must have read access on the base_dn and it's children.

The following parameters are to be used for confirmation that the above parameters are correct and should contain a valid user for testing and their password:

  • search filter: Attribute to search for (normally samaccountname)
  • users login password: password for the user

How to have it set it up

When you have a successful connection with your LDAP server, and you have received a result saying "bind successful", please provide Fronter with all the necessary details. Fronter is then able to set up the connection between your Fronter installation and the LDAP server.

When the connection is established, update the user passwords in Fronter to "ldap1:". If a specific user group, e.g. employees need to authenticate against another LDAP server, this can be done by setting their passwords to "ldap2:".

More information

For more information and details around LDAP authentication and supported SSO methods, please see the whitepaper in our Downloads.

Troubleshooting tips

  • If the test page keeps loading or times out, your LDAP server may not be accepting requests from the Fronter IP range completely, or to the specified LDAP port (please refer to Fronter IP range)
  • If you get the error message Unable to bind to server: Can't contact LDAP server the server URL is most likely wrong
  • Try to specify the URL using both LDAPS and port number in the URL. E.g. ldaps://xxx.xxx.xxx.xxx:636
  • Use different users for testing when you specify the user which should have access to do the bind_rdn1 and for the search filter
  • If you get the error message Unable to bind to server: Invalid credentials you have a wrong username or password for one of the users you have specified
  • It is not necessary to set up any SSL certificates in order to get this to work. If required, see here for how to setup SSL on an AD server (support.microsoft.com).

Please note: Before starting the setup process you should consult the local support team and account manager to ascertain if this service is available to your school. For example, there is a limit in the number of LDAP connections an individual Fronter installation can have.