HP MFP Sending Software 4.0 to 4.20 Troubleshooting authentication, Software features, Determining the LDAP server hostname or TCP/IP address

Troubleshooting authentication

If Find Settings does not return any information, or if a user-credential error occurs during Find Settings or Test, one of the following three criteria for a successful LDAP query probably has not been met:

●HP DSS must be configured with the correct search root. The search root is a string that represents the location in the Active Directory database where the search begins. This is sometimes called the “search base.” The “base DN” (distinguished name) is the search root that describes the root of the Active Directory database. The base DN can be used as the search root when the LDAP client is configured to search the entire directory.

●The account used in HP DSS must have read access to the data in Active Directory. The client account that is used to configure the LDAP lookup for authentication and addressing must have read access in the LDAP directory container that is indicated by the search root. In addition, if information about users and recipients is located in any part of the subtree indicated by the search root, the client account that is used must also have access to the subtree.

●HP DSS must be configured to search the correct LDAP attributes. The LDAP client must be configured to search an existing LDAP attribute for information. LDAP attribute names vary somewhat between implementations.

Determining the LDAP server hostname or TCP/IP address

NOTE This method applies to the Windows environment only.

All domain controllers in a given domain contain a copy of the Active Directory database. Typically, all domain controllers run the LDAP service and are listening for LDAP queries on port 389. In some multi-domain environments, however, HP DSS should use the domain’s Global Catalog Server. The Global Catalog Server contains information about other domains in the domain forest and listens for LDAP queries on port 3268.

To determine which domain controller a specific Windows 2000 or XP client used to log onto the domain, look at the system variable “LOGONSERVER” by typing the following command at the command prompt:

C:\echo %LOGONSERVER%

NOTE All of the commands that are listed in this section should be performed from the server or workstation on which HP DSS is installed.

The LOGONSERVER environment variable contains the hostname of the domain controller. To obtain the TCP/IP address for any hostname, use the “nslookup” command. For example, to find the TCP/IP address for a server that has the hostname DC1, type the following command at the command prompt:

C:\nslookup DC1

In some cases, nslookup might not work, but the “ping” command also returns the TCP/IP address for a specific hostname.

One way to determine whether or not a specific domain controller is listening for LDAP queries is to telnet to the TCP/IP address of the domain controller and specify either port 389 or port 3268. To do this, type the following command at the command prompt : “telnet <TCP/IP address of the domain controller> <Port (389 or 3268)>”. For example:

Software features