SameGoal may be configured so that users authenticate against a central district server via Lightweight Directory Access Protocol (LDAP). Many districts use LDAP to manage users and authentication across a variety of district applications.
SameGoal supports standard configurations of Active Directory and eDirectory. Additional LDAP implementations may work but are not officially supported. To perform authentication against a locally hosted LDAP server, SameGoal servers located in the SameGoal IP range must be able to open TCP connections to your LDAP server from outside your local network.
To configure LDAP:
- Create and install an SSL certificate (self-signed is acceptable) on your LDAP server. LDAPS (port 636) is required. LDAP is not allowed.
- Setup a publicly routeable IP address which port forwards to the private IP address of your LDAP server.
- Limit traffic to connections from the SameGoal IP range.
- Email your LDAP URL and LDAP Domain to email@example.com. The SameGoal technical team will confirm our servers can perform authentication, and enable the LDAP configuration.
lightbulb TIP Your LDAP URL must be well-formed (eg ldaps://w.x.y.z/ or ldaps://ad.district.k12.oh.us/) and publicly routeable.
lightbulb TIP Your LDAP Domain should be the domain you wish users to authenticate within for SameGoal.