Managing LDAP security for InfoPrint Manager for AIX

InfoPrint Manager provides an extension to the FST security that allows you to use an LDAP/Active Directory server for user authentication and access rights. When enabling LDAP security, the FST security continues to work as before. Use the AIX SMIT utility to configure, enable, or disable the LDAP security of your print system. Open the SMIT interface, and go to InfoPrint Printing SystemSecurityLDAP Security.

Enable/Disable LDAP Security
To enable the LDAP security:
  1. Click the Enable/Disable LDAP option.
  2. Choose the Enable LDAP Security option.
To disable the LDAP security:
  1. Click the Enable/Disable LDAP option.
  2. Choose the Disable LDAP Security option.
Add/Change LDAP Connection
To add an LDAP connection:
  1. Click the LDAP Connections option.
  2. Choose the Add LDAP Connection option.
  3. Fill in these fields with the required information:

    Connection Name
    Enter the connection name of the LDAP server.
    IP Address or Host Name
    Enter the host name or IP address of the LDAP server.
    Port
    Enter the port number that is used for communication.
    Encryption Method
    Enter an encryption method for the LDAP Server. Select the Use Start TLS Extension or the Use SSL Encryption option if you want to use the Start TLS or the SSL protocols.
    Description
    Enter an optional description.
    Test Connection
    If the information you enter is valid, you receive a confirmation message. If you enter incorrect settings, you receive an error message.

To edit an LDAP connection:
  1. Click the LDAP Connections option.
  2. Choose the Edit LDAP Connection option.
  3. Select the LDAP connection and make the necessary changes.
To delete an LDAP connection:
  1. Click the LDAP Connections option.
  2. Choose the Delete LDAP Connection option.
  3. Select the LDAP connection that you want to delete.
LDAP Authentication
Specify how InfoPrint Manager authenticates to the Lightweight Directory Access Protocol Server (LDAP). This information is used as authentication data for all existing LDAP connections. InfoPrint Manager uses the information to authenticate to the LDAP Server to retrieve specific data (for example, group membership and login attributes) about the entries.

To change the LDAP authentication:

  1. Click the LDAP Authentication option.
  2. Fill in these fields with the required information:

    Test Authentication against LDAP Connection
    Select one of the available LDAP connections to validates settings. If you enter incorrect settings, you receive an error message.
    Important: If you have multiple LDAP servers defined, the server information is common for all.
    Authentication Method
    Select the method of authentication: No Authentication, Simple, or Digest.
    Bind DN or User
    Enter the distinguished name (DN) of the account.
    Bind Password
    Enter your password.
    Note: When you use the Anonymous login, it is not necessary to specify a value for: Bind DN/ user or Bind Password.
    SASL Realm
    Enter the name of the SASL Realm. This option is available when you use the Digest method.

LDAP Search options
Specify the settings used by InfoPrint Manager when searching for LDAP users. This information is used as search options for all existing LDAP connections.

To change the LDAP search options:

  1. Click the LDAP Search Options.
  2. Fill in these fields with the required information:
    Validate Search Options against LDAP Connection
    Select one of the available LDAP connections to validates settings. If you enter incorrect settings, you receive an error message.
    Important: If you have multiple LDAP servers defined, the search information is common for all.
    Users:
    User Search Base
    Specifies the distinguished name (DN) of the branch in the LDAP directory tree where the users are located.
    Login Login Attributes
    Specifies the user attributes for the login in the LDAP server.
    User Filter Type
    Specifies one or more object classes to filter when InfoPrint Manager searches for users.