Configuration of the IDP server

  • Information needed to configure a school for Crystal Lite.

MoE number










Principals email


Account contact


Account email


ELearning contact


ELearning email             


ICT support contact


ICT support email


IP number 


LDAP type?


External domain name


Domain name of the LDAP server

  Password for AD user name called CrystalDB (user level rights). This is used to access the below OU's.

LDAP group names (if needed)
Full path names of any OU's that need to be accessed (student/staff/management/Google?)


Moodle SSO?
Location of Moodle host's metadata?
Crystal metadata below.

  Google Apps?
Domain name if different from external domain name above.
Email for Google certificate when ready.


My Portfolio?


Crystal already has suitable exchnage metadata with ETV


Any other SSO clouds?

  • Metadata location:

  • Firewall rules
    Port 389 need to be opened for traffic from,,,,, to the local LDAP server on the school's/host firewall
    The second range is for the redundant IDP server.

  • Google setup
  • Password change
    • This is NOT currently part of the Lite package
    • Admin note: If we want to offer the password change function - will have to make a change so that it doesn’t need a user record (or self populate when they do a change) plus we’ll have to have a certificate from them, use port 636 and crystaldb have account operator rights.