Using custom LDAP job authentication with InfoPrint Select for Windows

The InfoPrint Select job submission client requires users to LDAP-authenticate before being allowed to submit jobs. LDAP authentication support allows only authenticated users to print, and to provide information about the users that printed a specific job. LDAP authentication allows InfoPrint Select to provide more accurate accounting information.

The LDAP-enabled InfoPrint Select client must be configured to use an LDAP server that has the GSS authentication option enabled. Only one version of the InfoPrint Select client can be installed at a time. If you install the LDAP version of InfoPrint Select and you want to switch back to the standard non-LDAP version, you can install it over the LDAP version. The installer allows you to install one version of InfoPrint Select over the other and automatically removes the old version. Subsequent updates apply to the current version that is installed.

When the UAC Windows system setting is active, you can change the LDAP configuration settings only when running as Administrator. To use this option, start the InfoPrint Select Login application by right clicking on the icon and selecting "Run as Administrator". The Local Security Policy settings could influence the permission to update the configuration settings. For more information consult the UAC and Local Security Policy Windows documentation.

If you cannot successfully log in to the LDAP server, the LDAP-enabled InfoPrint Select client does not allow you to submit jobs. If you are successfully logged in to the LDAP server, you are allowed to submit jobs to the InfoPrint Manager server. You must log in to the LDAP server the first time you submit a print job. The LDAP login session expires in any of these situations: when you log off, when you switch users, or when the session timeout set by the LDAP server administrator expires. That is, you do not have to log in again for each subsequent print job that you submit. The submitted jobs contain an authenticated-login attribute with the LDAP username that can be added to the server accounting logs by using the server or actual destination additional-accounting-log-attributes attribute.

The InfoPrint Select client is LDAP v3 compliant. It only supports an open directory LDAP model. This means that the LDAP server does not require the clients to establish connections over SSL and it does not ask clients to be authenticated when and if they connect to an LDAP server over SSL.

The SSL client mutual authentication is enabled when you do not want your directory system to be opened to the general public. It is a closed directory system where both the SSL and the client authentication are forced. The SSL client authentication means that the client must have a valid certificate verified by the server.

In this section:

  1. LDAP-enabled InfoPrint Select authentication methods
  2. Configuring LDAP-enabled InfoPrint Select client settings on Windows
  3. Logging on to an LDAP server
Parent topic: Using InfoPrint Select for Windows