features Software

10.Click Apply.

11.Click OK to close the Properties dialog boxes.

12.Right-click the root of the directory and select Refresh.

Determining the correct LDAP attributes

Use the Microsoft LDAP Client or the Microsoft Management Console tool ADSIEDIT to determine which LDAP attributes are present for individual user objects in the Active Directory. The MMC tool ADSIEDIT is typically run at the domain controller console. The LDAP Client (LDP.EXE) can be run from any workstation on the network.

To determine LDAP attributes using LDP.EXE

1.Run LDP.EXE (Click Start, click Run, and then type LDP.EXE).

2.Create a new LDAP profile.

3.Click Connection and then click Bind. In the Bind dialog box, type the username and password used in HP DSS to gain access to the LDAP data in the Active Directory database.

4.If the message user <username> bind successful appears in the LDP message window, this user has access to the directory. This level of confirmation does not, however, guarantee that this user has read access to any part of the directory below the root.

5.Select Browse from the LDP menu and then select Search.

6.Type the search root that is used in the HP MFP DSS Configuration Utility in the Base Dn text box in the Search dialog box.

7.Type the following LDAP search filter in the Filter text box: (&(objectclass=person) (cn=a*)) This filter will return information for any user whose name starts with ‘a.’

8.Select Subtree as the scope.

9.Click Options, and delete all of the text in the Attributes text box in the Options dialog box. During the query, all of the user LDAP attributes appear.

10.Click Run. The LDAP attribute names and values will be returned for all users whose name starts with ‘a’ (up to the size limit configured in Options). From these results, the user should be able to determine whether or not specific LDAP attributes are populated in the Active Directory database for specific users. For example, each user container in the directory should contain CN, objectSID, and mail attributes.

NOTE If the message Result <0> Null appears in the LDP message window , either no users exist in the container that the search root specifies, or the user whose credentials were used in the Bind command does not have read access to the data in this container.

62 Chapter 3 Software features

ENWW