LDAP FAQs

June 29, 2016 Rex McWilliams

The Lightweight Directory Access Protocol (LDAP) is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol network. Once you have indicated that you would like to integrate your LDAP server with ExamSoft, you must complete an addendum and provide us with your server information.

How long does LDAP take?
Generally, LDAP takes 10 business days from the time that we receive all the required information until the time of completion and testing. Keep in mind this timeline is dependent upon continued, prompt communication from the institution’s IT department for troubleshooting.

What is required of the institution when setting up LDAP?
The institution must complete the addendum and server information forms. The institution is responsible for importing student data into the ExamSoft portal ensuring that the student ID entered matches the student’s LDAP ID. The institution is also responsible for adding user accounts and their LDAP ID into the ExamSoft portal.

What is required of the school when doing the LDAP integration?
The institution must fully complete the LDAP Server Information form. The institution must allow ExamSoft LDAP Traffic through firewall.

What IP Addresses need to be allowed through the firewall?

  • 207.200.20.0/24
  • 207.200.21.0/24
  • 207.200.25.0/24

Does ExamSoft own those IP addresses?
Yes, ExamSoft owns the full range of IP addresses.

Can I use a point-to-point and VPN connection when integration LDAP?
We do not support point-to-point or VPN LDAP connections.

Does ExamSoft store any of our passwords in their servers?
No. The only information stored in our databases is the IDs imported by the institution.

Does ExamSoft support SAML?
Yes, please see our SAML FAQs for more information. 

How is the connection to the LDAP Server managed?
Depending on your needs and the set-up of the server, we can connect in one of two ways. The first option is a search and bind method. With this method, we need a service account with access to search the LDAP directory. When using search and bind, this account cannot be disabled or deleted after the initial set-up. When someone attempts to log in, we will log in to the server with the service account you provided and search the directory for the authentication. The other option is a direct bind, in which we will take the credentials attempting to log in and pass them directly to the LDAP Server for an authentication request.

Does LDAP work for the application and the website?
Yes. LDAP is used for the SofTest Application as well as for the website log-in information. When a student attempts to log in via the application, their credentials will be passed to the portal via SSO to be passed to the LDAP server.

Why do you need a test username and password for student and faculty users?
Having test credentials on file allows us to complete initial testing on the integration. These credentials also allow us to test any reported downtime or outages to get those issues resolved immediately. The test account for students and users should be contained in the same DN or organizational unit as the actual students and faculty.

How does ExamSoft know the LDAP ID for the students and faculty?
For students, the LDAP ID should match the student ID in the ExamSoft portal. For faculty and users, once LDAP is enabled an additional field will be available from the users page for you to add the LDAP ID for each user. This will need to be completed prior to that user being able to log in.

Why is there still a required password field when setting up new users or students in ExamSoft if you will be authenticating against the LDAP Server?
The password field in ExamSoft is a placeholder field and is not used during the authentication process. If you opt to disable LDAP, this password would become the new active password.

Must domains for faculty and students be the same for LDAP integration?             
No.

How do I start the process of having LDAP enabled for my institution?
The LDAP Addendum can be provided to you by your Customer Success Specialist or Implementation Team. 

 
Previous Article
SAML Integration FAQs
SAML Integration FAQs

This FAQ guide will answer the most frequent questions regarding the integration between SAML and ExamSoft'...

Next QRG
Examplify: Lab Guidelines
Examplify: Lab Guidelines

This guide will review the guidelines for setting up your lab-based testing environment with Examplify.