Configuring LDAP-enabled InfoPrint Select client settings on macOS

For the LDAP-enabled InfoPrint macOS client to submit authenticated jobs to InfoPrint Manager properly, you must configure your LDAP-enabled InfoPrint Select client settings. The LDAP settings window lets you configure the credentials, connection, authentication, and search settings. From the LDAP login window, click Settings to open the LDAP settings window. The Settings button is enabled only if you use the root account to log in.

Credentials

Login
The login information can be an e-mail address, an employee number, a badge serial number, a common name, a Lotus Notes canonical name, a user ID, a uid, or other data information. It is used to search the LDAP directories for the specific globally unique DN anonymously. The search on the LDAP directories is always done using the DN Search Options settings. The search is performed only for the Simple authentication method.
The login information can be sent to the destination accounting log by adding the authenticated-login attribute to the list of values used by the additional-accounting-log-attributes attribute.
Password
Enter your password.
Upper/Lower case
Specifies the letter case of the login attribute. You can select one of these values: Case Sensitive, Convert to Lower Case, or Convert to Upper Case. The default value is Case Sensitive.
Disable Save Credentials
Does not allow users to save credentials. The login and password from the LDAP settings window are not stored.
Note: The credentials, if available, are copied from/to the InfoPrint Select LDAP login window.

LDAP Server

Host
Enter the host name or IP address of the LDAP server.
Port
Enter the port number that is used for communication. The default port number is 389. The default SSL port number is 636.

Authentication

Method
Select the method of authentication: Simple or Digest.
SASL Realm
Enter the name of the SASL Realm. This option is available when you use the Digest method.
Encryption
Enter an encryption method for the LDAP Server. To use the TLS or the SSL protocols, select the Use Start TLS Extension or the Use SSL Encryption option.

DN Search Options

The Distinguished Name (DN) Search Options is only used for the Simple authentication method.

Search Base
The search base entry is the location in a directory from which the LDAP search begins.
Search Attribute

The search attribute is used for the search of the DN. The DN is used for logging on to the InfoPrint Select LDAP server.

Example:

  • If you want to identify the DN using the intranet e-mail address (for example: john_smith@example.com) as the LDAP login, the search attribute must be mail. The DN Search Options are configurable as needed and used only for simple authentication method.
    • If you enter you login as your common name (for example: “John Smith”), the search attribute must be set to cn.
    • Other various attributes for the DN search, like: e-mail address, employee number, badge serial number, common name, Lotus Notes canonical name, user ID, uid, and DN.

Depending on the custom configuration, the specific login attribute is used for the DN search. This attribute becomes the value of the authenticated-login job attribute in the accounting log.

Click Test Authentication if you want to test the connection to the LDAP server. If the connection is successful, a confirmation message is displayed: Successfully connected to the LDAP server.

If one of the LDAP settings is not properly configured, you receive one error message for each case:

  • “Invalid user login credentials. Check your login credentials.” You see this message when the authentication bind fails because the credentials are incorrect.
  • “Incorrect LDAP host, port, or SSL/TLS settings. Check your host, port, and SSL/TLS settings.” You see this message when the authentication bind fails because InfoPrint Select LDAP client cannot contact the LDAP server.
  • “Invalid authentication method. Contact your system administrator.” You see this message when the LDAP server does not recognize the authentication method that the InfoPrint Select LDAP client used.
  • “LDAP login not found on server. Check your credentials or search options.” You see this message when InfoPrint Select LDAP does not find the user in the search directory.

You do not see an error message when the LDAP server does not allow anonymous authentication. In this case, the initial bind fails because no anonymous binding is allowed, and InfoPrint Select LDAP client authenticates directly with the login credentials that you entered.

Anonymous Login

Enable/ Disable anonymous login to the LDAP server.

Bind DN

If the LDAP server does not allow anonymous queries, enter the Distinguished Name (DN) of the account.

Password

The password for the Bind DN account.

Note: The Bind DN login and password information are stored in the registry. The password is stored in encrypted form. By default, the search of the DN is done by the anonymous binding to the LDAP server and it is based on the Search Base, and the Search Attribute values. The DN that results from the search is used for the authentication together with the specified password. If Anonymous Search is not enabled on your InfoPrint Select LDAP server, InfoPrint select attempts to log in with the Bind DN and password and searches for the specified Login. If the authentication fails, an error occurs. If the search succeeds, InfoPrint Select attempts to log in with the DN associated with the Login. If the search fails, InfoPrint Select attempts to log in with the Login and password.
Parent topic: Using LDAP Job Authentication with InfoPrint Select for macOS