Table
Callout | Area on the screen | Information or capability that the area provides | |||||
|
|
|
|
|
|
|
|
6 | Credentials | The Credentials configuration section is used to | |||||
|
| determine which credentials will be used to bind | |||||
|
| (authenticate) to the LDAP server. | |||||
|
| ● When Use Device User's Credentials is selected, the | |||||
|
|
|
|
| device users credentials (entered at the control | ||
|
|
|
|
| panel of the device) will be used to access the LDAP | ||
|
|
|
|
| server. This method has the advantage of not having | ||
|
|
|
|
| to store a username and password, which may | ||
|
|
|
|
| expire, in the device. | ||
|
| ● When Use Public Credentials is selected and user | |||||
|
|
|
|
| credentials are not available, the Username and | ||
|
|
|
|
| Password entered will be used to access the LDAP | ||
|
|
|
|
| server. This method should be used if for some | ||
|
|
|
|
| reason device users do not have read access to the | ||
|
|
|
|
| LDAP data. | ||
|
|
|
|
|
|
|
|
7 | LDAP Server | The LDAP Server is typically the same as the Kerberos | |||||
|
| Server in the Windows Active Directory Environment. | |||||
|
|
|
|
|
|
|
|
8 | Port | The Port is the IP port used by the LDAP protocol to | |||||
|
| communicate with the LDAP server. This is typically port | |||||
|
| 389 or port 3268. | |||||
|
|
|
|
|
|
|
|
9 | Search Root | The Search Root is the Distinguished Name (DN) of the | |||||
|
| entry in the LDAP directory structure where address | |||||
|
| searching is to begin. A DN is made up of ' attribute=value | |||||
|
| ' pairs, separated by commas. | |||||
|
|
|
|
|
|
|
|
|
|
|
|
|
| NOTE On some LDAP Servers, the Search | |
|
|
|
|
| |||
|
|
|
|
|
| Root can be left blank (in which case its root node | |
|
|
|
|
| |||
|
|
|
|
|
| will be assumed). The search root is not case | |
|
|
|
|
|
| sensitive. | |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10 | Match the name entered with LDAP | When searching for the device user's information in the | |||||
| attribute of | LDAP database, the contents of the attribute specified in | |||||
|
| this field are compared to the username that was typed | |||||
|
| during authentication. In the Windows Active Directory | |||||
|
| environment, this attribute is typically sAMAccountName. | |||||
|
|
| |||||
11 | Retrieve the device user's email address | After the device user has been located in the LDAP | |||||
| using attribute of | database, the user's | |||||
|
| database by using the LDAP attribute specified in the | |||||
|
| Retrieve the device user's | |||||
|
| of field. In the Windows Active Directory environment, this | |||||
|
| attribute is typically mail. | |||||
|
|
| |||||
12 | and name using the attribute of | The user's display name is obtained from the LDAP | |||||
|
| attribute that is specified in the "and name using the | |||||
|
| attribute of" field. In the Windows Active Directory | |||||
|
| environment, this attribute is typically displayName. | |||||
|
|
|
|
|
|
|
|
Kerberos Authentication Tasks
Kerberos is a network authentication protocol. It is designed to provide secure authentication for client/ server applications by using secret keys delivered with session tickets.
Settings
ENWW | Kerberos Authentication 47 |