Remote Authentication Setup

9.In [Login Name], [Password], and [Retype Password], enter the machine’s login name and password (if required). Note that, quite often, to simply supply address information for e-mail, no login is required.

10.Enter your required number for [Maximum Number of Search Results].

11.Enter the required time to wait for [Search Time-Out]. Alternatively, you may select [Wait LDAP Server Limit].

12.Place a checkmark in the [LDAP Referrals] box if you would like the server to refer to additional LDAP servers, when user information is initially unavailable.

13.If you enabled [LDAP Referrals], enter the number of additional servers to check for user information, into [LDAP Referral Hop Limit].

14.For [Search Name Order], select the method that you would like LDAP to use to perform searches.

15.Click [Apply].

LDAP User Mappings

You can click the [LDAP User Mappings] link to specify the attributes to search for within the LDAP database. Make sure that any entries made in the [Imported Heading] boxes are in LDAP nomenclature. For example, you would enter sn (surname) to search for the user's last name, and givenName to search for the user’s first name. Enter cn (Common Name) to search for the most commonly used name (given name joined to surname) to identify specific users within the LDAP system.

LDAP Authentication

To set LDAP for authentication, click the [LDAP Authentication] link. For [Authentication Method], choose either [Direct Authentication] or [Authentication of User Attributes]. [Direct Authentication] sets authentication with the LDAP server with the user name and password entered by the user. [Authentication of User Attributes] sets authentication with the LDAP server to the attributes listed on this dialog, such as samAccountName. Unless you are very familiar with LDAP, do not add text strings to the User Name.

LDAP Group Access

LDAP server user groups can be used to control access to certain areas of the machine. For example, the LDAP server may contain a group of users called "Admin”. You can configure the "Admin" group on the machine so that the members of that group will have administrator access to the machine. When a user logs in to the machine with their network authentication account, the machine performs an LDAP lookup to determine if the user is a member of any groups. If the LDAP server confirms that the user is a member of the "Admin" group, the user will have administrator access. In the [System Administrator Access Group] box, enter the name of the group, defined at the LDAP server, that you want to provide with System Administrator access to the machine. Repeat the process for other LDAP group access boxes.

Custom Filters

For [E-mail Address Filter], in the box provided, type in the LDAP search string (filter) that you wish to apply. The filter defines a series of conditions that the LDAP search must fulfill in order to return the information you seek. The form of the typed search string (filter) is LDAP objects placed inside parenthesis. For example, to find all users that have an E-Mail attribute (mail enabled), type (objectClass=user) (mail=*). If you are not familiar with LDAP search strings, use a web browser search to find examples.

343

Page 342 Page 344
Page 343
Image 343
Xerox 5225A, 5230A manual Ldap User Mappings, Ldap Authentication, Ldap Group Access, Custom Filters
Page 342 Page 344
Top Page Image Contents