LDAP Setup
The LDAP features within the Admin area allow you to pull user information from your school's active directory into Every without having to manually enter any user details. If you decide to use this option, your IT team should be able to action the following steps and our customer services team will be happy to help if you encounter any problems.
Be aware that LDAP requires a user email address to make a match, so please ensure that all users on your active directory have an email address associated with their account. Any users without an associated email will not be imported.
Please note:
To make amendments to users you must have Admin access. If you do not, and want to make changes please refer to an Admin user within your organisation.
Part 1 - Creating an LDAP User Template
Step One
Click on Admin on the navigation bar, then go to the green Download LDAP (Headless) button at the top of the screen.
Step Two
Once the file has downloaded, extract the folder and copy the contents into another folder within your property's active directory server.
These folders are unique to each property, so you cannot duplicate LDAP files across multiple sites on Every. It may help to place the LDAP folder directly onto your active directory's desktop for ease of access.
Step Three
Return to the Admin section on Every. Under the blue User Administration tab, click the blue LDAP User Templates tab and scroll down. You will now need to choose the green Create LDAP User Template button toward the bottom-right. This will expand a window below where you can enter LDAP user template titles and their corresponding user levels. The other fields are not mandatory.
Step Four
As a rule of thumb, most schools will have four templates to match Every's four user levels. For example, if your school was called Every, the title could be Every_AdminStaff. This would then be linked with the user level Admin. The next template would read Every_StandardStaff, and so on.
Step Five
Please save each LDAP User Template once you have entered the relevant information.
Part 2 - Managing Active Directory Mappings
Step Six
Once you have set up your LDAP User Templates, you will then be able to move onto the blue Manage Active Directory Mappings tab. The aim of this tab is to match the LDAP User Template titles you've created with the names of the staff security groups that are located on your school's active directory. For clarity, we suggest you set up the following four groups within your active directory:
Within the active directory, sort the appropriate staff into each of these groups based on their required user level.
Step Seven
Click the green Create Mapping button and enter the exact Active Directory Group title along with the corresponding LDAP User Template name. Tick the Enabled box and Save. Do this for each group and template.
The mapping will then allow LDAP to navigate to the security group on the active directory indicated using the Active Directory Group field name. Once found, LDAP will then pull those users into the system through the associated template. This instructs what access level the user(s) will be assigned to, the user group they are attached to, their module access, and their email notification settings.
Part 3 - Setting up Task Scheduler
Step Eight
Switch to your active directory and open Task Scheduler. Create a new task, making sure this is not a basic task, and call it Every.Ldap.Headless - this must be typed exactly as it appears here, otherwise the task will fail to run.
The author of the task must:
-
have the same name as the Windows Account Name field within their Every user account, and;
-
be at Admin user level within Every already.
You can check this by going to the blue User Administration tab within Admin, then clicking the blue Users tab and searching for that user y using the green Users Search field or the searchable table columns. Once you have found the relevant user, click the pencil icon to the right-hand side to view and edit the necessary details. Their Windows Account Name will often be the server name followed by a '\' and their username.
Step Nine
Back on Task Scheduler, the following checkboxes must be ticked: 'Run when user is logged on', and 'Run with highest privileges'. Select the Actions tab and choose New. Ensure the action is to 'Start program' and then select 'Browse' to locate the file within the LDAP extracted files that is named Ldap.Headless and has the file type 'Application'. Choose this file, click 'Ok', and ensure the task has been saved successfully.
You can now go to the file location of Ldap.Headless with the file type 'Application' and click on this to run it or run the task from within the Task Scheduler. After a minute or so, refresh your Every Admin page to view your newly imported user list.
Step Ten
A log file will automatically be created within the folder where the LDAP files were extracted. You can scan through the log file to check for any errors to resolve.
If the LDAP application is set up to run regularly then any changes to a user on the Every system must also be done on the active directory.
If your IT team has any problems, feel free to contact our customer support team with the log file and any error messages - we will be happy to help.
Troubleshooting Errors
Before exploring these troubleshooting options, please check through the sections above to ensure you have set up LDAP correctly for your property.
The best way to find the source of the problem is to check the most recent log file after LDAP was run, as this will show the majority of errors. The LDAP log file can be found within the LDAP folder location on your PC.
If you are still experiencing issues with LDAP, please review the most common fixes below.
Check your Admin user's Windows Account Name matches that on your Active Directory Server.
Please ensure that the 'Admin' user account that was used to set up the LDAP user templates and the active directory mappings on Every has the exact same windows account name as their active directory user name. To check this, please log in to Every and go to Admin, find the user who set up Every and click on the pencil edit icon beside their name. Within that screen is a field that asks for Windows Account Name. It has to be exactly the same as the user who is logged on to the active directory, it normally has the server name followed by a '\' then user name for example: "SERVER\John"
Check the LDAP (Headless) folder was downloaded from this property's Admin area on Every.
Please ensure that the downloaded LDAP folder was downloaded from the Admin section within Every for the specific property it is going to be used for. Each property's LDAP download has a unique token to keep it individual to that property's active directory, so shared LDAP files between properties will not work when multiple active directories are in use.
Check that the task author on Task Scheduler has the same Windows Account name as appears for this user on Every.
Within Task Scheduler on the active directory please make sure that the author of the task also has an 'Admin' user level account on Every and that their 'Windows Account Name' matches up.
Check all users have email addresses associated with their account on your Active Directory.
When importing users from the active directory please make sure that each user has an email address attached to their active directory user account.
Check that Task Scheduler can reach your downloaded LDAP (Headless) folder on your Active Directory.
Please make sure that Task Scheduler can reach the LDAP folder without issue. Placing the LDAP folder directly onto the active directory's desktop will help.
Check you have downloaded the latest version of the LDAP (Headless) file.
Please make sure you have downloaded the latest version of the LDAP file using the 'Download LDAP (Headless)' button at the top of your Admin area on Every.