8.5 Integrating Maple T.A. with an LDAP Server - Maple T.A. 2016 Help
Maple T.A. Online Help

Instructor
Search Maple T.A. 2016 Help:

8.5 Integrating Maple T.A. with an LDAP Server

LDAP Overview for Instructors

The LDAP integration in Maple T.A. allows you to integrate Maple T.A. with your campus database for user authentication, making the instructor's class administration even easier. LDAP integration allows Maple T.A. users to log in with a username and password that are managed by your university's IT group in a central repository -- an "LDAP Server." Your Maple T.A. system administrator can give you more information on whether LDAP is used at your institution.

What LDAP means to the Maple T.A. course administrator:

  1. There is no student "Maple T.A. username" or "Maple T.A. password." Students only need their university username and university password to log in to Maple T.A.
  1. As the Maple T.A. administrator, you don't have to worry about usernames, passwords, or resetting passwords. Your IT group will do that.

Basic user profile information comes from the LDAP directory. Your system administrator configures which information in the LDAP profile will be made available to Maple T.A.

Login and Forgotten Passwords with LDAP

Login

Anyone in the LDAP directory can use Maple T.A. The user simply logs in to Maple T.A. using his or her university username and password.

  1. A user enters his or her username and password.
  1. Maple T.A. presents these credentials to the LDAP server, and the LDAP server performs authentication.
  1. If the credentials are rejected by the LDAP server, login is denied. If the credentials are accepted,
  1. If the user is already known to Maple T.A., profile information is acquired from the LDAP directory. Maple T.A.'s database is updated to reflect any changes.
  1. If the user is not known to Maple T.A., the user is added to the Maple T.A. database, retrieving profile information from the LDAP directory. Maple T.A. then displays a validation page for the user. The user is given the opportunity to add profile information not supplied by the LDAP directory, and must confirm the final profile information.

The login username and password are case-sensitive. You may use any combination of upper and lower case. Maple T.A. stores the username as found in the LDAP directory and that username will appear in web pages and reports.

Forgotten Passwords

If a user forgets his or her password, the user must contact their university's IT group. In an LDAP environment, Maple T.A. does not manage passwords and the Maple T.A. course administrator cannot reset or retrieve passwords.

User Manager - Add Users with LDAP

The Add User action on the Administer Users page allows you to locate individuals in the LDAP directory who are not in Maple T.A. and add them to Maple T.A. The effect is the same as if the user had logged in.

You can search for users by attribute: username, first name, last name, or email address. You can use a * as a wild card. For example:

Last Name an*

This will display all names that start with "an" that are in the LDAP directory but not in Maple T.A. These searches are not case-sensitive, so an* produces the same results as An*.

Once you have created a list of users in this way, you can select those you want to add to Maple T.A.

User Manager - Import with LDAP

When you import users in an LDAP Maple T.A. environment, user information is verified and updated from the LDAP directory. The roster import file must follow the specifications for Roster File Upload. The usernames in the import file are used to match users to the LDAP directory.

When you import users with LDAP:

  1. The LDAP server is consulted to verify each user is in the LDAP directory. Users that are not in the directory will not be imported.
  1. User matching is done by username.
  1. Profile information from the LDAP directory will override any corresponding information in the import file.
  1. Under User Details, if the check box Require User to validate on next login is enabled, it is ignored with LDAP. No validation is necessary on the user's next login.