HP MFP Sending Software 4.9X manual Search root, How to

Table 3-12Authentication bind methods (continued)

Search root

The search root is the distinguished name (DN) of the entry in the LDAP directory where the search is to begin. A DN is made up of 'attribute=value' pairs separated by commas.

In Windows Active Directory Services, the search root normally takes the form: CN=Users,DC=domain_name,DC=domain_suffix. To limit the address search even more, for example, to a single organizational unit (OU), add components to the search root. For example, to search for users in the "accounting" OU, add "OU=accounting" to the search root (OU=accounting,CN=Users,DC=domain_name,DC=domain_suffix). By using these methods to configure the search root that is used in authentication, access to Digital Sending features can be limited to a subset of users in an organization. Several methods can be used to determine the search root.

NOTE: On some LDAP servers, the search root can remain blank. In this case, the root node is assumed to be the starting place.

How to

Use the Configuration Utility Authentication tab to control how users are authenticated when using the Digital Sending features.

Authentication consists of two interdependent parts. First, the device verifies the user's credentials by using the selected authentication method. Then, the device attempts to find the user's e-mail address in the database of an LDAP server by using settings that are specific to the LDAP server. If either step fails, the user is denied access to the Digital Sending features. These two steps utilize two distinct technologies (an authentication server and an LDAP server), except in the case of the LDAP server method, where both steps are accomplished by using the LDAP server. To enable