Configuring LDAP-enabled Mac OS X Command Line Client settings
For the LDAP-enabled Mac OS X Command Line Client to submit authenticated jobs to InfoPrint Manager properly, you must configure your LDAP-enabled Mac OS X Command Line Client settings. The LDAP settings window lets you configure the credentials, connection, authentication, and search settings. From the LDAP login window, click Settings to open the LDAP settings window. The Settings button is enabled only if you use the root account to log in.
- The login information can be an e-mail address, an employee number, a badge serial number, a common name, a Lotus Notes canonical name, a user ID, a uid, or other data information. It is used to search the LDAP directories for the specific globally unique DN anonymously. The search on the LDAP directories is always done using the DN Search Options settings. The search is performed only for the Simple authentication method.
- The login information can be sent to the destination accounting log by adding the authenticated-login attribute to the list of values used by the additional-accounting-log-attributes attribute.
- Enter your password.
- Upper/Lower case
- Specifies the letter case of the login attribute. You can select one of these values: Case Sensitive, Convert to Lower Case, or Convert to Upper Case. The default value is Case Sensitive.
- Disable Save Credentials
- Does not allow users to save credentials. The login and password from the LDAP Settings
Window are not stored.
Note: The credentials, if available, are copied from/to the InfoPrint Select LDAP login window.
- Enter the host name or IP address of the LDAP server.
- Enter the port number that is used for communication. The default port number is 389. The default SSL port number is 636.
- Select the method of authentication: Simple or Digest.
- SASL Realm
- Enter the name of the SASL Realm. This option is available when you use the Digest method.
- Enter an encryption method for the LDAP Server. To use the TLS or the SSL protocols, select the Use Start TLS Extension or the Use SSL Encryption option.
DN Search Options
The Distinguished Name (DN) Search Options is only used for the Simple authentication method.
- Search Base
- The search base entry is the location in a directory from which the LDAP search begins.
- Search Attribute
The search attribute is used for the search of the DN. The DN is used for logging on to the InfoPrint Select LDAP server.
- If you want to identify the DN using the intranet e-mail address(for example: firstname.lastname@example.org)
as DAP Login, the search attribute must be mail. The DN Search Options are configurable as needed and used only for simple authentication
- If you enter your login as your common name (for example: “John Smith”), the search attribute must be set to cn.
- Other various attributes for the DN search, like: e-mail address, employee number, badge serial number, common name, Lotus Notes canonical name, user ID, uid, and DN.
Depending on the custom configuration, the specific login attribute is used for the DN search. This attribute becomes the value of the authenticated-login job attribute in the accounting log.
Click Test Authentication if you want to test the connection to the LDAP server. If the connection is successful, a confirmation message is displayed: Successfully connected to the LDAP server.
If one of the LDAP settings is not properly configured, you receive one error message for each case:
- “Invalid user login credentials. Check your login credentials.” You see this message when the authentication bind fails because the credentials are incorrect.
- “Incorrect LDAP host, port, or SSL/TLS settings. Check your host, port, and SSL/TLS settings.” You see this message when the authentication bind fails because InfoPrint Select LDAP client cannot contact the LDAP server.
- “Invalid authentication method. Contact your system administrator.” You see this message when the LDAP server does not recognize the authentication method that the InfoPrint Select LDAP client used.
- “LDAP loging not found on server. Check your credentials or search options.” You see this message when InfoPrint Select LDAP does not find the user in the search directory.
You do not see an error message when the LDAP server does not allow anonymous authentication. In this case, the initial bind fails because no anonymous binding is allowed and InfoPrint Select LDAP client authenticates directly with the login credentials that you entered.
- If you want to identify the DN using the intranet e-mail address(for example: email@example.com) as DAP Login, the search attribute must be mail. The DN Search Options are configurable as needed and used only for simple authentication method.
- Anonymous Login
Enable/ Disable anonymous login to the LDAP server.
- Bind DN
Enter the Distinguished Name(DN) of the account if the LDAP server does not allow anonymous queries.
The password for the Bind DN account.