HP MFP Sending Software 4.0 to 4.20 Software features, Other authentication configuration issues

To determine LDAP attributes using the Microsoft Management Console with ADSIEDIT.MSC

The ADSIEdit (Active Directory Service Interface Edit) Microsoft Management Console tool can be used to view the user LDAP attribute names and attribute values that are contained in the directory.

1.Run ADSIEDIT.MSC (Click Start, click Run, and then type ADSIEDIT.MSC).

2.Browse the tree structure to find the container that contains user objects. In many environments, users are contained in the Users container. The search root in this case is typically CN=USERS, DC=<Domain>,DC=<Domain Suffix> (for example, CN=USERS,DC=HP,DC=COM).

3.Right-click a specific user object and view the LDAP properties that are associated with this user. The possible view options are required attributes, optional attributes, and all attributes. Select all attributes and then find the attributes that HP DSS is configured to query. For example, for authentication, select Binary SID, CN, and Mail, and look to see whether or not each of these attributes is populated with data.

Three other issues might arise during attempts to configure access to the LDAP database.

First name, last name out of order

The CN field in ADS typically takes the form “firstname lastname.” Because the LDAP query that the device performs always uses a “begins with” search, users must start to type the first name of the person whose e-mail address they need at the device control panel. Microsoft has published two support notes (Q250455 and Q277717) that describe how to change the full name field (LDAP property CN) from the “firstname lastname” format to the “lastname,firstname” format.

LDAP performance with dynamic LDAP addressing

Occasionally, when working with a very large directory, Active Directory might take more than 5 seconds to return the results of the query. Often, users will assume that addressing is not functioning correctly and type the entire SMTP address. In some cases, performance can be improved by changing the search root to search a smaller container in the LDAP directory. If the search root that is used by HP DSS points to the root of the tree (DC=DSTEST,DC=COM), the search might be restricted to a directory subtree. For example, if users are contained in organizational units that are based on geography, a more restrictive search root can be set to search only a specific OU (OU=NORTHEAST,OU=AMERICAS,CN=USERS,DC=DSTEST,DC=COM).

Only one name appears in the Address Book

If only one name appears in the device Address Book, the Database is Alphabetized option is probably selected in the Advanced dialog box of the Addressing tab under Configure MFPs. See Advanced addressing settings. Because Active Directory returns data that is not alphabetized, this option should not be selected.

Software features