Setting Up LDAP & Authentication on Xerox^® AltaLink^® C8200 Series Printers

LDAP

Lightweight Directory Access Protocol (LDAP) is a protocol used to process queries and updates to an LDAP information directory on an external server. LDAP can also be used for network authentication and authorization. LDAP directories are heavily optimized for read performance. Use this page to define how the printer retrieves user information from an LDAP directory.

Adding LDAP Server Information

The LDAP Server page displays the current LDAP servers configured for your printer. You can configure a maximum of nine LDAP servers for your printer.

To add an LDAP server:

1. In the Embedded Web Server, click Properties > Connectivity > Setup.

2. In the Protocol area, for LDAP, click Edit.

3. Click Add New.

4. For Server Information, select the preferred address type.

5. For Friendly Name, type a name for the LDAP server.

6. Type the appropriately formatted address or host name of your server, then change the default port number as needed.

7. Type the appropriately formatted address or host name of your backup server, then change the default port number as needed.

8. For LDAP Server, select an LDAP server type:

   • Exchange: This option is for use with Microsoft® Exchange.

   • Domino: This option is for use with Domino.

   • ADS: This option is for use with Microsoft® Active Directory Service.

9. Click Apply.

Managing LDAP Servers in the Embedded Web Server

1. In the Embedded Web Server, click Properties > Connectivity > Setup.

2. In the Protocol area, for LDAP, click Edit.

   • To edit an LDAP server configuration, in the Actions column of the server to edit, click Edit.

   • To copy an LDAP server configuration, select the server to copy, then click Copy From.

   • To delete all LDAP servers configured to your printer, click Delete All.

   • To enable SASL binds, click LDAP Policies.

3. Click Close.

Configuring LDAP Server Optional Information

1. In the Embedded Web Server, click Properties > Connectivity > Setup.

2. In the Protocol area, for LDAP, click Edit.

3. Click Add New.

4. For Optional Information, in the Search Directory Root field, type the root path of the search directory in Base DN format.

   Note: For details on Base DN, refer to the RFC 2849 – LDAP Data Interchange Format Technical Specification on the Internet Engineering Task Force website.

5. Specify the login credentials required to access the LDAP directory.

   • None: This option instructs the printer to access the LDAP directory.

   • Logged-in User: This option instructs the printer to log in to the repository and provide the credentials of the logged-in user.

   • Device: This option instructs the printer to use specific credentials when the printer accesses the LDAP repository. If you select Device, type the credentials in the Login Name and Password fields. To update an existing password, select Select to save the new password.

6. To use LDAPS, for Secure LDAP Connection, select Enable Secure Connection (LDAPS).

   • To allow the printer to validate certificates, select Validate Repository SSL Certificate (trusted, not expired, correct FQDN).

   • To select a security certificate, for Trusted SSL Certificate, click the menu, then select an option.

   • To view the selected certificate details, or save the certificate to your computer, click View/Save.

7. To define the number of addresses returned in a search, for Maximum Number of Search Results, type a number from 5–100. The default number is 100. To use the maximum number of search results specified by the LDAP server, select Use LDAP Server Maximum.

8. To allow the printer to use the current settings for the LDAP server, for Search Timeout, select Use LDAP Server Timeout. To specify a time that the printer waits before it times out, select Wait, then type the number of seconds from 5–100. The default is 30 seconds.

   Note: If you experience trouble retrieving results from your LDAP server, use the Wait option.

9. If you connect your primary LDAP server to other servers, to include more LDAP servers in your searches, select LDAP Referrals.

10. For Perform Search on Mapped Fields, select an option:

    • Name: This option instructs the printer to query the configured name field.

    • Surname and Given Name: This option instructs the printer to query the configured surname and given name fields.

    • Display Name: This option instructs the printer to query the configured display name field.

    Note: If you want to sort your search results, for Sort Results by Mapped Field, select an option.

11. Click Apply.

Configuring a Secure LDAP Connection

1. In the Embedded Web Server, click Properties > Connectivity > Setup.

2. In the Protocol area, for LDAP, click Edit.

3. On the LDAP page, click Add New.

4. To enable a secure connection to the LDAP server, for Secure LDAP Connection, select Enable Secure Connection (LDAPS).

5. To validate the SSL certificate used for HTTPS, select Validate Server Certificate (trusted, not expired, correct FQDN).

6. To view a list of external root or intermediate trusted SSL certificates, click View Root/Intermediate Trusted Certificates.

7. For Root/Intermediate Trusted Certificates, select a certificate.

8. To view the selected certificate details, or to save the certificate to your computer, click View/Save.

Note: If the LDAP Server has encryption enabled, ensure that a certificate issued from the LDAP server certificate authority is installed on the device.

LDAP Server Contexts

Contexts are defined starting points in an LDAP database from which the search function begins searching. Contexts are used with the Authentication feature. You can configure the printer to add an authentication context automatically to the Login Name provided by the user.

Note: Contexts are used only if you configure LDAP server settings and select NDS as the server type.

Configuring LDAP Contexts

1. In the Embedded Web Server, click Properties > Connectivity > Setup.

2. For Protocol, for LDAP, click Edit.

3. Click Add New.

4. Click the Contexts tab.

5. For Default Login Context, type details as needed.

6. Click Apply.

Configuring LDAP User Mappings

LDAP servers display different results depending on how they implement mappings. Use this page to map LDAP fields to fields on your printer. Editing current map settings allows you to fine-tune server search results.

Defining User Mappings

1. On the LDAP Server page, click User Mappings.

2. For Search, type a user name in the Enter Name field, then click Search.

3. For Imported Heading, for each field, make menu selections. Remap the headings as needed. The schema on the LDAP server defines the headings.

   Note: If the user mapping is incorrect, an LDAP search in the Embedded Web Server can work properly, but authentication at the printer control panel fails.

4. Click Apply.

LDAP Custom Filters

You can edit custom filters so that text strings typed at the control panel are changed to match the format that the LDAP server requires.

There are three types of filters that you can customize:

• LDAP Authentication Filter allows you to add text to the beginning or end of a User ID, or the Login Name configured as the System Login Name for the server. Typical filters are domain_name\USERID or USERID@domain_name.

• Email Address Book Filter allows you to customize the standard filter that is used when a user types a name to search in the Network Address Book.

• User ID Query Filter allows you to customize the standard filter that the printer uses when searching for the name of the logged-in user. For example, when remote authorization is configured, and a user logs in at the control panel, the printer searches the authorization server using this filter. The standard filter looks in the field mapped as the Login Name field. If you are using an ADS LDAP server, this field is typically sAMAccountName. If you want a search for a specific person to return an exact match, do not use wildcard characters.

Configuring Custom Filters

1. In the Embedded Web Server, click Properties > Connectivity > Setup.

2. For Protocol, for LDAP, click Edit.

3. Click the Custom Filters tab.

4. For LDAP Authentication, select Prepend Domain Name. This setting prepends the base Domain Name (DN) to a user Relative Distinguished Name (RDN) when authenticating the user. Use the Common Name (CN) attribute to specify USERID in the base DN.

Note:

• If an Authenticated User is selected for Login Credentials to Access the LDAP Server, some UNIX/Linux LDAP servers can require setting the Prepend Domain Name attribute.

• For details on Base DN formatting, refer to the RFC 2849 – LDAP Data Interchange Format (LDIF) Technical Specification on the IETF website.

5. For Email Address Book Filter, select Enable Custom Filter.

6. Type the LDAP search string or filter as needed, where LDAP represents the string provided for the query. The filter defines a series of conditions that the LDAP search must fulfill to return the desired information. For example, to find people only, type (ObjectClass=Person)&(cn=LDAP*).

7. For User ID Query Filter, select Enable Custom Filter.

8. Type the LDAP search string or filter where LDAP represents the string provided for the query. The filter defines a series of conditions that the LDAP search must fulfill to return the desired information. For example, to ensure that only user information is returned rather than equipment or conference rooms, type (objectClass=user) (sAMAccountName=LDAP).

Click Apply.

FAQs: