Skip to main content

LDAP User Authentication Setup

📋 Before you start: LDAP integration must be enabled for your account by Edlio. If you're not sure whether your contract includes LDAP authentication, email [email protected] before opening a setup ticket.

Your Edlio admin site can be configured to authenticate users through your existing LDAP infrastructure. With LDAP integration, user profiles are created the first time the user signs in — there's no upfront roster import to manage.

Setup overview

There are two steps:

  1. Share three things with your IT team so they can prepare your directory.

  2. Submit a ticket to Edlio Support through Eddy with the configuration details.

Optional advanced settings — Authentication Filter and User Group Rules — are covered at the end and can be added during or after initial setup.

Step 1: Share with your IT team

Your IT team needs to do three things before we can configure your site:

1. Whitelist Edlio's IP address

Allow our system to communicate with your LDAP server(s) by whitelisting this IP on any related firewall:

54.69.150.76

That address needs access to TCP/UDP port 389 or 636. If unsure, open both.

2. Create a read-only "lookup" account

Create a read-only lookup account for Edlio with permissions to read user data (name, address, telephone, etc.) so we can populate the profile of any user who signs in through LDAP.

3. Confirm each user returns a unique GUID

Every user who signs into the Edlio CMS through LDAP needs to return a unique GUID on directory lookups. Each vendor refers to this property differently:

  • Microsoft Active Directory: objectGUID

  • Oracle Internet Directory: orclobjectguid

  • Novell eDirectory: uid

Step 2: Submit a ticket to Edlio Support

Edlio Support tickets are submitted through Eddy, Edlio's AI support assistant, directly inside your CMS admin dashboard.

Open Eddy in your admin dashboard

Log into your Edlio admin site and click the Eddy chat icon in the bottom-right corner of the screen.

If you don't see the chat icon, your browser may have JavaScript disabled or an ad-blocker active. See the troubleshooting steps on the Edlio support page under "Support Launcher Not Appearing."

Describe what you need

Click Ask a Question and type a request like:

"Please set up LDAP authentication for our Edlio site."

Eddy may suggest knowledge-base articles first. If you want to skip straight to a ticket, continue the conversation — Eddy will connect you with the support team.

Include this information in the ticket

So Edlio Support can configure LDAP without a back-and-forth, include:

  • Vendor and version of the LDAP server (we support Active Directory, Oracle Internet Directory, and Novell eDirectory)

  • Host address

  • Protocol — LDAP or LDAPS

  • Port — 389 or 636

  • Search base — resembles OU=___,DC=____,DC=____

  • Lookup Distinguished Name (DN) — resembles CN=____,OU=___,DC=____,DC=____

  • Lookup password

  • Your school or district name

  • Your website URL

Submit and confirm

Eddy will generate the ticket with your conversation details and hand it to the Edlio Support team. You'll receive email confirmation and can track ticket status from the Tickets panel inside Eddy.

Edlio Support will complete the LDAP configuration on our end and confirm with you once it's active.

Optional advanced settings

The initial LDAP connection can be set up with the information above. The following settings give you finer control over user access and CMS privileges — they can be added during or after initial setup.

Authentication Filter

Add one or more LDAP Security or Distribution Groups to restrict each Edlio site to. This limits access to only the users you want, instead of the entire Search Base.

Groups added to the Authentication Filter must be within the Search Base to be visible to our system.

Example: districts often have an LDAP group per location/school plus an Administrators group. Each Edlio site is then filtered to allow that school's group plus the Administrators group. A group can be added to multiple sites.

Let Edlio Support know which groups should go with which site. Group format:

CN=____,OU=___,DC=____,DC=____

User Group Rules

Edlio can automatically grant CMS privileges based on LDAP group membership. A few examples:

  • Website Administrator privileges granted to members of an "Administrators" LDAP group.

  • Teacher privileges granted to members of a "Teachers" LDAP group.

  • Automatic access to Password Protected Pages for users in an LDAP group named after their department.

Rules can be set for groups that are not in the Authentication Filter. Basic conditional logic (and, or, not) is supported.

LDAP security at Edlio

  • IP-restricted requests: all LDAP requests come from Edlio's IP block, so your ACL entries can limit exposure precisely.

  • Encryption: we support LDAPS / SSL for encryption in transit, and our database is fully encrypted at rest.

  • Monitoring: Intrusion Detection Systems (IDS) operate at multiple network levels, with an extensive logging framework and automated anomaly audits.

Related

Related Articles
Restrict CMS Sign-In to an Organizational Unit (Google SSO or Microsoft SSO)
LDAP User Troubleshooting
LDAP Configuration & Common Requests
Email authentication records: SPF, DKIM, DMARC, and MX
Moving away from Edlio: DNS records and domain transfer
Did this answer your question?