Using LDAP Job Authentication with InfoPrint Select for Linux
The LDAP-enabled InfoPrint Select client requires users to LDAP-authenticate when they first submit a job. LDAP authentication support allows only authenticated users to print and provides information about the users that printed a specific job. LDAP authentication allows InfoPrint Manager to provide more accurate accounting information.
The LDAP-enabled InfoPrint Select client must be configured to use an LDAP server that has the GSS authentication option enabled. Only one version of the InfoPrint Select client can be installed at a time, so if the non-LDAP version has been installed, it must be uninstalled before the LDAP version can be installed. Subsequent updates apply to the current version that is installed. There is a configuration file containing the LDAP authentication settings. You can edit the configuration settings only if you have root privileges. Multiple users are allowed to login and authenticate from the same box.
If you cannot successfully log in to the LDAP server, the LDAP-enabled InfoPrint Select client does not allow you to submit jobs. If you are successfully logged in to the LDAP server, you are allowed to submit jobs to the InfoPrint Manager server. You must log in to the LDAP server the first time you submit a print job. The LDAP login session expires in either of these situations: when you log off or when the session timeout set by the LDAP server administrator expires. You do not have to log in again for each subsequent print job that you submit. The submitted jobs contain an authenticated-login attribute with the LDAP username that can be added to the server accounting logs by using the server or actual destination additional-accounting-log-attributes attribute. You can modify the connection settings, and the application updates the configuration file.
The LDAP-enabled InfoPrint Select client is LDAP v3 compliant. It only supports an open directory LDAP model. This means that the LDAP server does not enforce the clients to establish connections over SSL, and it does not ask clients to be authenticated when and if they connect to an LDAP server over SSL.
The SSL client mutual authentication is enabled when you do not want your directory system to be opened to the general public. It is a closed directory system where both the SSL and the client authentication are forced. The SSL client authentication means that the client must have a valid certificate verified by the server.