Skip to main content
Skip table of contents

Set Up the LDAP Directory

Use the LDAP Directory Setup page to configure PowerSchool to authenticate by either Active Directory LDAP or Open Directory LDAP.

  1. Navigate to the Configure LDAP Directory page. 
  2. Use the following table to enter information in the Server Configuration fields:

    Field

    Description

    LDAP Server Hostname or IP Address

    Enter the hostname or IP address of the LDAP directory server, such as 192.168.1.12.

    LDAP Port

    Enter the TCP port to use, such as 636.

    Enable SSL (Recommended prior to enabling LDAP)

    To enable SSL between PowerSchool and the LDAP Directory, do one of the following:

    • Select the SSL Enabled (File System Keystore) option if the LDAP server certificate has been added to either the cacerts or jssecerts files on the server.

      This option is available for backwards compatibility.
    • Select the SSL Enabled (PowerSchool Keystore) option if the LDAP server certificate has been added via the Certificate Management Console.

      It is strongly recommended that prior to enabling LDAP, SSL also be enabled.

    Active Directory FQDN

    If using Active Directory, enter the fully qualified domain name of the Active Directory Server, such as ad.powerschool.com.

    Typically this will be the same as the LDAP Server Hostname, but does not have to be. When authenticating against Active Directory, the Security Principal is of the form userID@fqdn.

    When configuring LDAP for Open Directory, this field may be left blank.

    LDAP Admin DN

    Enter the distinguished name (DN) of an account in the LDAP Directory with read privileges within the directory, such as cn=Administrator,cn=users,dc=ad,dc=powerschool,dc=com

    The distinguished name can be the directory administrator account, but an account with read-only access is sufficient. This account is used for directory searches when attempting to synchronize usernames between PowerSchool and the Directory.

    LDAP Admin Password

    Enter the password for the Admin DN.

    Maximum Active LDAP Connections (per node)

    Enter the number of active simultaneous LDAP connections per node.

    This number represents the maximum number of users that can simultaneously sign into PowerSchool using LDAP authentication per PowerSchool node. This does not represent the maximum number of users that can be logged into PowerSchool at any given time.

    Test Connection on Borrow

    When PowerSchool makes a LDAP authentication attempt, the connection is made using a connection from the connection pool. In some cases, the connection to the LDAP server may have been closed without PowerSchool's knowledge.

    By default, this setting is Disabled. Choose Enable to enable this setting. When enabled the connection will be tested to ensure the connection is still valid before using the connection. Enabling this feature may cause a delay in LDAP authentication while the connection is being tested.

  3. Click Validate Server Connection to establish an anonymous connection to the directory using the values entered on this page and to authenticate the connection using the Admin DN and Password credentials, if provided.
  4. If using Active Directory, click Active Directory Defaults to populate all schema configuration items with reasonable defaults based on the Server Configuration. If using Open Directory, click Open Directory Defaults to populate all schema configuration items with reasonable defaults based on the Server Configuration. If any of the Server Configuration information is missing or ambiguous, you will be prompted for clarification.
  5. Use the following table to enter information in the Schema Configuration fields:

    Field

    Description

    Enable LDAP

    Select the Staff, Teachers, and Students checkboxes to enable LDAP Authentication.

    LDAP Authentication may be selectively enabled for three distinct groups of users: Staff, Teachers and Students. The remaining attributes, Domain Context and User ID Attribute, can be set for each user type.

    It is strongly recommended that prior to enabling LDAP, SSL be enabled.

    Domain Context

    The Domain Context to which the user will bind when trying to authenticate, such as cn=users,dc=ad,dc=powerschool,dc=com for Staff, Teachers, and Students. This domain context is also used when performing LDAP Directory Synchronization activities. For example, if you are trying to synchronize the username for a student, the student domain context will be used as the base when searching the directory.

    User ID Attribute

    Specify which schema attribute to use when forming the distinguished name (DN) when the user attempts to sign in, such as uid for Staff, Teachers, and Students. For example, if the User ID Attribute is uid and the domain context is cn=users,dc=ldap,dc=powerschool,dc=com, then the DN for user jsmith becomes uid=jsmith,cn=users,dc=ldap,dc=powerschool,dc=com.

  6. Click Submit.
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.