Overview

LDAP is a standards-based, cross-platform, extensible protocol that runs directly on top of the TCP/IP layer LDAP is used to access information stored in a specially organized information directory LDAP can interact with many different kinds of databases without special integration, which makes LDAP more flexible than other authentication methods. When you want your transmission always to be secure, use LDAP+GSSAPI Instead of authenticating directly with the LDAP server, the user is first authenticated using Kerberos to obtain a Kerberos ticket This ticket is presented to the LDAP server using the GSSAPI protocol for access LDAP+GSSAPI is typically used for networks that run Active Directory. Create an LDAP or LDAP+GSSAPI Login Method Edit or Delete the LDAP or LDAP+GSSAPI Login Method LDAP+GSSAPI requires a Kerberos network account For details, refer to Creating a Kerberos Login Method. Supported printers can store a maximum of eight unique LDAP or LDAP+GSSAPI login methods A unique name is required for each method. Administrators can create up to 32 user-defined groups that apply to each unique login method. LDAP and LDAP+GSSAPI rely on an external server for authentication If the server is down, then users cannot access the printer using LDAP or LDAP+GSSAPI. To help prevent unauthorized access, log out from the printer after each session. From the Embedded Web Server, click Settings > Security > Login Methods . In the Network Accounts section, click Add Login Method > LDAP . Select the authentication type: LDAP LDAP+GSSAPI LDAP LDAP+GSSAPI Configure General Information settings. Setup Name : Type a unique name for the LDAP network account. Server Address : Type the IP address or the host name of the LDAP server. Server Port : Type the port number to which LDAP queries are sent Note : If you are using SSL, then use port 636 Otherwise, use port 389. Required User Input : Select the required LDAP authentication credentials to be used when a user logs in to the printer This setting is available only in the LDAP setup. Use Integrated Windows Authentication : Select one of the following: Do not use. Use if available : Use Windows operating system authentication credentials, if available. Require : Use Windows operating system authentication credentials only Note : This setting is available only in the LDAP+GSSAPI setup. Setup Name : Type a unique name for the LDAP network account. Server Address : Type the IP address or the host name of the LDAP server. Server Port : Type the port number to which LDAP queries are sent Note : If you are using SSL, then use port 636 Otherwise, use port 389. Required User Input : Select the required LDAP authentication credentials to be used when a user logs in to the printer This setting is available only in the LDAP setup. Use Integrated Windows Authentication : Select one of the following: Do not use. Use if available : Use Windows operating system authentication credentials, if available. Require : Use Windows operating system authentication credentials only Note : This setting is available only in the LDAP+GSSAPI setup. Configure Device Credentials settings. Anonymous LDAP Bind : Bind the printer with the LDAP server anonymously This option is applicable only if your LDAP server allows anonymous binding Enabling this option does not require you to provide authentication credentials This option is available only in the LDAP setup. Use Active Directory Device Credentials : Use user credentials and group designations that are pulled from the existing network comparable to other network services This option is available only in the LDAP+GSSAPI setup. If Anonymous LDAP Bind or Use Active Directory Device Credentials is disabled, then provide the authentication credentials used to bind the printer with the LDAP server. Device Username For LDAP setup, type the fully qualified distinguished name (DN) of a user registered to the LDAP server. For LDAP+GSSAPI setup, type the DN of a user registered to the Kerberos server. Device Realm : The realm used for the Kerberos server This setting is available only for the LDAP+GSSAPI setup. Device Password : Type the password for the user. Anonymous LDAP Bind : Bind the printer with the LDAP server anonymously This option is applicable only if your LDAP server allows anonymous binding Enabling this option does not require you to provide authentication credentials This option is available only in the LDAP setup. Use Active Directory Device Credentials : Use user credentials and group designations that are pulled from the existing network comparable to other network services This option is available only in the LDAP+GSSAPI setup. If Anonymous LDAP Bind or Use Active Directory Device Credentials is disabled, then provide the authentication credentials used to bind the printer with the LDAP server. Device Username For LDAP setup, type the fully qualified distinguished name (DN) of a user registered to the LDAP server. For LDAP+GSSAPI setup, type the DN of a user registered to the Kerberos server. Device Realm : The realm used for the Kerberos server This setting is available only for the LDAP+GSSAPI setup. Device Password : Type the password for the user. Device Username For LDAP setup, type the fully qualified distinguished name (DN) of a user registered to the LDAP server. For LDAP+GSSAPI setup, type the DN of a user registered to the Kerberos server. For LDAP setup, type the fully qualified distinguished name (DN) of a user registered to the LDAP server. For LDAP+GSSAPI setup, type the DN of a user registered to the Kerberos server. Device Realm : The realm used for the Kerberos server This setting is available only for the LDAP+GSSAPI setup. Device Password : Type the password for the user. Configure Advanced Options settings. Use SSL/TLS : If the LDAP server requires SSL, then select SSL/TLS . Require Certificate : If the LDAP server requires a certificate, then select Yes . Userid Attribute : Type the LDAP attribute to search for when authenticating user credentials The default value is sAMAccountName, which is common in a Windows operating system environment For other directories, you can type uid, cn, or a user-defined attribute For details, contact your system administrator. Mail Attribute : Type the LDAP attribute that contains the email addresses for users The default value is mail. Fax number Attribute : Type the LDAP attribute that contains the fax number for users The default value is facsimiletelephonenumber. Full Name Attribute : Type the LDAP attribute that contains full names for users The default value is cn. Home Directory Attribute : Type the LDAP attribute that contains the home directory for users The default value is homeDirectory. Group Membership Attribute : Type the LDAP attribute required for group search The default value is memberOf. Search Base : This setting is the node in the LDAP server where user accounts reside You can type multiple search bases, separated by commas Note : A search base consists of multiple attributes separated by commas, such as cn (common name), ou (organizational unit), o (organization), c (country), and dc (domain). Search Timeout : Type a value from 5 to 30 seconds or 5 to 300 seconds, depending on your printer model. Follow LDAP Referrals : Search the different servers in the domain for the logged-in user account. Use SSL/TLS : If the LDAP server requires SSL, then select SSL/TLS . Require Certificate : If the LDAP server requires a certificate, then select Yes . Userid Attribute : Type the LDAP attribute to search for when authenticating user credentials The default value is sAMAccountName, which is common in a Windows operating system environment For other directories, you can type uid, cn, or a user-defined attribute For details, contact your system administrator. Mail Attribute : Type the LDAP attribute that contains the email addresses for users The default value is mail. Fax number Attribute : Type the LDAP attribute that contains the fax number for users The default value is facsimiletelephonenumber. Full Name Attribute : Type the LDAP attribute that contains full names for users The default value is cn. Home Directory Attribute : Type the LDAP attribute that contains the home directory for users The default value is homeDirectory. Group Membership Attribute : Type the LDAP attribute required for group search The default value is memberOf. Search Base : This setting is the node in the LDAP server where user accounts reside You can type multiple search bases, separated by commas Note : A search base consists of multiple attributes separated by commas, such as cn (common name), ou (organizational unit), o (organization), c (country), and dc (domain). Search Timeout : Type a value from 5 to 30 seconds or 5 to 300 seconds, depending on your printer model. Follow LDAP Referrals : Search the different servers in the domain for the logged-in user account. Configure Search Specific Object Classes settings. person : Search the person object class. Custom Object Classes : Type the name of the custom object class to search Note : A maximum of three custom object classes can be searched Type the other object class in the other Custom Object Class field. person : Search the person object class. Custom Object Classes : Type the name of the custom object class to search Note : A maximum of three custom object classes can be searched Type the other object class in the other Custom Object Class field. Configure Address Book Setup settings The following settings are used to configure the address book used when scanning to an email address. Displayed Name : Select the LDAP attribute that you want to show on the address book. Max Search Results : Type the maximum search results shown on the address book. Use User Credentials : Use the logged-in user credentials to connect to the LDAP server. Search Attributes : Select LDAP attributes used as search filters. Custom Attributes : Type LDAP custom attributes used as search filters. Displayed Name : Select the LDAP attribute that you want to show on the address book. Max Search Results : Type the maximum search results shown on the address book. Use User Credentials : Use the logged-in user credentials to connect to the LDAP server. Search Attributes : Select LDAP attributes used as search filters. Custom Attributes : Type LDAP custom attributes used as search filters. Click Save and Verify . From the Embedded Web Server, click Settings > Security > Login Methods . In the Network Accounts section, click the LDAP or LDAP+GSSAPI login method. Do one of the following: To edit the login method, update the LDAP or LDAP+GSSAPI settings, then click Save and Verify . To delete the login method, click Delete LDAP . To edit the login method, update the LDAP or LDAP+GSSAPI settings, then click Save and Verify . To delete the login method, click Delete LDAP .