Configuring LDAP/AD access control rules
Access control rules allow you to control which users can access and discover printers. On your LDAP/AD server, you can organize your users into Organizational Units (OUs) and Groups. You can then create rules that link those OUs or Groups to PrinterOn printer departments (logical groupings of PrinterOn Printers).
Note: For more information about creating and managing Printer Departments, see Managing printer departments.
For example, you could organize all members of your Marketing team into the Marketing OU, then create a printer department called Marketing, which contains all the marketing team’s printers. You can then create an access control rule that limits access to the Marketing printer department to those users who are part of the Marketing OU. Every user who is part of the Marketing OU can access and print to the printers in the associated department.
Access control rules also impact the discovery and search capabilities of the various workflows, including the Web Print and Mobile workflows. When searching for printers using the PrinterOn mobile app, or automatically discovering devices using PrinterOn Discovery, users are only presented with those printers to which they have been granted access.
Access control rules also apply when using technologies such as Apple AirPrint devices. Due to its implementation constraints, the PrinterOn Server cannot limit what printers are visible to iOS devices. However, it can restrict a user’s ability to print to only those printers to which they have access. Although users can see all the printers that have been enabled for iOS users, they can only submit print jobs after successfully authenticating.
📘 Configuring access control
To configure access control:
In the LDAP/AD Settings panel, from the User Rules and Printer Access dropdown, select either Organizational Unit or Group.
Note: Rules must be based on either Organizational Units (OUs) or Groups; there cannot be a mix of both.
Click Manage User Rules. The User Rule page appears.
In the User Rule To Manage panel, select the rule you want to modify or select Create New Rule to create a new one.
In the Rule Settings panel, define the Rule Name. You can modify the value to change the name of an existing rule.
If you are creating a rule for an Organizational Unit, configure the following settings:
Organization Unit (OU)
A list of the automatically located OUs in the currently active LDAP configuration. You can use an existing OU to quickly configure a rule, or you can manually enter a fully qualified OU.
Recursive
When checked, CPS traverses the OU tree to match users that may be in sub-units of the parent OU as well.
In the example below, if MainDept is configured, only User1 and User2 will be valid if Recursive is not checked. User3 and User4 will be valid if Recursive is enabled.
MainDept
User1
User2
SubDept
User3
User4
If you are creating a rule for a Group, configure the following settings.
Group
A list of the automatically located Groups in the currently active LDAP configuration. You can use an existing Group to quickly configure a rule, or you can manually enter a fully qualified Group/CN.
In the Linked Printer Departments panel, check the printer department(s) that you want to link to the rule.
Note:
You must select at least one check box. You will not be permitted to apply the settings if you haven’t selected a Linked Printer Department option.
If you select No Departments, users will only be able to access those printers that are not a member of any printer departments.
For more information about creating and adding printers to printer departments, see Managing printer departments.
Click Apply Settings.