Sync LDAP Servers with Linewize Filter

Linewize Filter uses LDAP to sync across users and groups. You can connect to multiple Domain Controllers using different LDAP queries to sync only the users and groups you need.

• Linewize Filter Appliance deployments: If you use a Linewize Filter Appliance, it connects to your LDAP server, downloads and processes the requested data, and then uploads the IDs to the Linewize Filter cloud.
• Linewize Filter Cloud-only deployments: If you are using a cloud-only deployment of Linewize Filter, you can only sync users through Entra ID and/or Google. These are the only supported sources for syncing users in a cloud-only setup.

Once synced, groups can be used as classrooms in Classwize and where Linewize Filter allows custom configurations by Group.

Before you begin

1. Create a service account in your directory with LDAP read permission.
2. Ensure you have a Linewize Filter account with the Owner/Global Admin role.

Configure LDAP Servers

1. Go to Configuration > Authentication > LDAP Servers.
2. Select Add LDAP Server.
3. Select Enabled.
4. Select Sync Enabled. This will automatically sync the list of users and groups, following the Linewize Filter nightly sync schedule.

   Warning

   Select Sync Enabled on only one LDAP server per set of settings. You may have multiple LDAP Servers for different data turned on, but any failover servers with identical settings (pointing to another IP address) should remain turned off. This ensures the nightly Linewize Filter sync works correctly.

5. You can select Sync Organization Units. If enabled, this will sync any organizational units previously set up on your server.
6. Select the Server Type using the dropdown.
   • Manual
   • Active Directory
   • OpenLDAP
   • Novell eDirectory
7. Select the Protocol using the dropdown.
   
   • LDAP: The most commonly used protocol. We recommend using LDAPS if your environment supports it.
   • LDAPS: Secure LDAP. Provides encrypted communication and is recommended where possible
8. Enter the Server Hostname. This is the server IP address. You can also type in the hostname if you have set up internal DNS.
9. Enter the Server Port.
   • Use Port 389 for LDAP.
   • Use Port 636 for LDAPS, although some deployments also work with Port 389.
10. Enter the Base DN. This is where the server will search for users. This would typically be done at the top level (DC=) but it can also be done at a user level (OU=).
11. Enter a Username. We recommend using the following naming convention DOMAIN\username or username@DOMAIN
12. Enter the Password from your service account.
13. You can change the Search Query. To ensure only active user accounts and groups are synced, the default query is:
    (&(!(objectClass=computer))(!userAccountControl:1.2.840.113556.1.4.803:=2)))
    This default excludes:
    
    • Computer accounts (objectClass=computer)
    • Deactivated users (userAccountControl:...=2)
14. Syncing by DN will maintain multiple groups with the same name.
    
    • Select Sync by DN for LDAP services.
    • Clear Sync by DN if you use an eDirectory service.
15. Select Save.

Sync LDAP Servers

Manual sync

1. Select Sync All and Refresh the page.
2. Once the sync is finished, check the Status section to see whether the sync was successful or unsuccessful.
3. The Status column will display the number of synced users and groups when successfully synced.

Automatic nightly sync