Configuring LDAP/AD server profiles

LDAP/AD server profiles are configured on the LDAP/AD Profile Details page.

📘 Instructions

LDAP/AD Profile settings:

• Configuring LDAP/AD server profiles | Active

• Configuring LDAP/AD server profiles | Name

• Configuring LDAP/AD server profiles | Mode-(Advanced-view-only)

• Configuring LDAP/AD server profiles | LDAP/AD-Server-URI

• Configuring LDAP/AD server profiles | Enable-SSL

• Configuring LDAP/AD server profiles | Search-DN(s)

• Configuring LDAP/AD server profiles | Administrator-Bind-DN-(AdvancedModeOnly)

• Configuring LDAP/AD server profiles | Administrator-Password-(Advanced-Mode-Only)

• Configuring LDAP/AD server profiles | Domain-Name-to-Append-to-User-ID-(Basic-Mode-Only)

• Configuring LDAP/AD server profiles | Bind-Users-(Advanced-view-only)

• Configuring LDAP/AD server profiles | Prepend-Windows-Domain-Name-to-User-UD

• Configuring LDAP/AD server profiles | Follow-LDAP-Referrals-(Advanced-view-only)

• Configuring LDAP/AD server profiles | E-mail-Address-Wildcard-Search-(Advanced-view-only)

• Configuring LDAP/AD server profiles | Prepend-“SMTP:”-to-E-Mail-Address-Searching-(Advanced-view-only)

• Configuring LDAP/AD server profiles | Enable-Configuration-Manager-Access-(Advanced-view-only)

• Configuring LDAP/AD server profiles | User-ID-Attribute

• Configuring LDAP/AD server profiles | User-Email-Attribute

• Configuring LDAP/AD server profiles | User-Display-Name-Attribute-(Advanced-view-only)

• Configuring LDAP/AD server profiles | User-First-Name-Attribute-(Advanced-view-only)

• Configuring LDAP/AD server profiles | User-Surname-Attribute-(Advanced-view-only)

• Configuring LDAP/AD server profiles | User-Phone-Number-Attribute(s)-(Advanced-view-only)

Active

When checked, enable the profile.

Name

A unique name for the configuration profile.

Mode (Advanced view only)

The mode of LDAP authentication. The mode can be one of:

• Advanced: Validates the user's login and password against your LDAP server. This authentication method also allows the PrinterOn Server to look up other user attributes such as a user’s email address, network login, or even a custom attribute field. The supplied Bind DN and Bind Password information is used to locate and authenticate users.

• Basic: Validates that the user credentials exist and are valid against a given LDAP server. Instead of retrieving the user's email address from the LDAP server, it is composed using their login ID and a specified domain name.

This authentication method binds the user to the LDAP server using simple authentication and assumes that your LDAP server uses (or extends) the standard schema. If you have a custom LDAP deployment, this authentication may not work without further modification.

Note: With Basic Authentication, User Lookup integration for email printing is not possible.

LDAP/AD Server URI

The IP address or DNS name of the LDAP/AD server to be used for authentication.

Enable SSL

When checked, the LDAP/AD server uses SSL. Enable this option if your LDAP server requires SSL connections.

Note: If you check Enable SSL, you must also make sure that LDAP/AD Server URI specifies the ldaps:// protocol and SSL port (typically 636).

Search DN(s)

The distinguished names (DN) represent the branch from which the search for the users occurs. If you selected Advanced LDAP mode, searches look for users in this branch and below of the LDAP tree.

This field supports multiple Search DNs. Separate multiple DNs with a semi-colon (for example, ou=OrganizationalUnit;dc=domain).

Administrator Bind DN (AdvancedModeOnly)

The distinguished name (DN) represents the login used to bind the LDAP server for searches. This option is used to search for users and user information in the LDAP/AD server. It can be represented in two ways:

• server\username

• cn=display name,ou=OrganizationalUnit,dc=domain

Administrator Password (Advanced Mode Only)

The password for the log in is given in Administrator Bind DN above.

Domain Name to Append to User ID (Basic Mode Only)

The domain name is used in conjunction with the user’s ID to create their email address. The domain name is appended to the user's ID to make a valid email address. For example, if the user ID is jsmith and you set the domain name to http://myorganization.com, then the email address is:

jsmith@myorganization.com

Bind Users (Advanced view only)

When checked, users are authenticated and bound to the LDAP Server. Any requests received are not trusted and require full authentication.

Note: There is a limitation when disabling this setting. If you have multiple LDAP instances configured, when using Web Print, the PrinterOn server only reads the configuration of the first LDAP instance. If you disable this setting on the first LDAP instance, that setting will be applied to all instances. Conversely, if you disable this setting on an instance other than the first instance, the setting will be ignored and the default setting (enabled) is applied to all instances.

Prepend Windows Domain Name to User UD

When checked, a domain name or other qualifier is prepended to the user ID when submitted with the print job. This user ID is transmitted throughout the workflow and communicated with any third-party print management systems to assist in reporting and user tracking.

Follow LDAP Referrals (Advanced view only)

When checked, LDAP referrals are followed when searching for users on an LDAP/AD server.

This option should generally be checked unless your LDAP/AD server specifically requires that referrals be ignored.

E-mail Address Wildcard Search (Advanced view only)

When checked, wild cards can be used in searching.

Prepend “SMTP:” to E-Mail Address Searching (Advanced view only)

When checked, SMTP: is prepended to email addresses. Some LDAP/ AD environments contain multiple user IDs for each user. When performing a user lookup using a supplied email address, prepending SMTP: to the user ID assists in differentiating between users.

This setting should be enabled when using user email in an AD environment.

Enable Configuration Manager Access (Advanced view only)

When checked, the LDAP/AD profile is used as a PrinterOn Administrator profile, allowing you to designate a set of users who can administer the PrinterOn Server. These users can log into Configuration Manager using their standard credentials, rather than logging in through the built-in Root user account.

If you want to use LDAP/AD for authentication when logging into Configuration Manager, you must enable this setting.

For more information about how to configure the Configuration Manager to authenticate against an LDAP/AD server, see Modifying the Configuration Manager Authentication mode.

User ID Attribute

The LDAP/AD server attribute field contains the user login IDs. This attribute is appended to the Base DN in order to do user lookup in the Directory.

For example, given a User ID Attribute of cn, the PrinterOn Server attempts to validate users via the following path: cn=LoginName,ou=People,dc=ldapdomain.

User Email Attribute

The LDAP/AD server attribute field contains the user's email address. This attribute is appended to the Base DN in order to fetch the user's email address once they are validated against the Directory.

For example, given a User Email Attribute of mail, the PrinterOn Server attempts to look up the user's email addresses in the directory via the following path:

mail,ou=People,dc=ldapdomain

User Display Name Attribute (Advanced view only)

The LDAP/AD server attribute filed contains the full display name.

User First Name Attribute (Advanced view only)

The LDAP/AD server attribute field contains the user’s first name.

User Surname Attribute (Advanced view only)

The LDAP/AD server attribute field contains the user’s surname or last name.

User Phone Number Attribute(s) (Advanced view only)

The LDAP/AD server attribute field contains the user’s phone number.

📋 Related articles