Configuring LDAP-enabled InfoPrint Select client settings on Windows
For the InfoPrint LDAP Select client to submit authenticated jobs to InfoPrint Manager properly, you must configure your InfoPrint Select LDAP settings. Use the InfoPrint Select LDAP GUI as described in this procedure to configure the InfoPrint Select LDAP settings correctly:
- Click Start -> Programs -> InfoPrint Select.
- Select InfoPrint Select LDAP Login.
- Enter the user name and password.
Optional: Select Save Credentials.
- The login and password are saved only if the authentication to the LDAP server was successful. After saving the credentials, the login and password are available in the InfoPrint Select LDAP login window the next time you log in. If the option Disable Save Credentials from the LDAP settings panel is selected, the option Save credentials is no longer available.
From the InfoPrint Select LDAP login dialog box, click Settings. This option lets you configure the credentials, connection, authentication, and search settings from the LDAP Settings window.
- If the User Account Control (UAC) on your Windows machine is active and you want to change the InfoPrint Select LDAP settings, start the InfoPrint Select Login application using the “Run as administrator” option. To do this, right-click on the application icon and select "Run as Administrator".
- These settings, except for the credentials, can also be set at installation time in attended or silent mode.
- The login information can be an e-mail address, an employee number, a badge serial number, a common name, a Lotus Notes canonical name, a user ID, a uid, or other data information.
- The login information can be sent to the destination accounting log by adding the authenticated-login attribute to the list of values used by the additional-accounting-log-attributes attribute.
- Enter your password.
- Upper/Lower case
- Specifies the letter case of the login attribute. You can select one of these values: Case Sensitive, Convert to Lower Case, or Convert to Upper Case. The default value is Case Sensitive.
- Disable Save Credentials
- Does not allow users to save credentials. The password from the LDAP settings window
is not stored.
Note: The credentials, if available, are copied from/to the InfoPrint Select LDAP login window.
- Enter the host name or IP address of the LDAP server.
- Enter the port number that is used for communication. The default port number is 389. The default SSL port number is 636.
- Select the method of authentication: Simple or Digest.
- SASL Realm
- Enter the name of the SASL Realm. This option is available when you use the Digest method.
- Enter an encryption method for the LDAP Server. To use the TLS or the SSL protocols, select the Use Start TLS Extension or the Use SSL Encryption option.
DN Search Options
The Distinguished Name (DN) Search Options is only used for the Simple authentication method.
- Search Base
- The search base entry is the location in a directory from which the LDAP search begins.
- Search Attribute
The search attribute is used for the search of the DN. The DN is used for logging on to the InfoPrint Select LDAP server.
- If you want to identify the DN using the intranet e-mail address (for example: firstname.lastname@example.org)
as DAP Login, the search attribute must be mail. The DN Search Options are configurable as needed and used only for simple authentication
- If you enter your login as your common name (for example: “John Smith”), the search attribute must be set to cn.
- Other various attributes for the DN search, like: e-mail address, employee number, badge serial number, common name, Lotus Notes canonical name, user ID, uid, and DN.
Depending on the custom configuration, the specific login attribute is used for the DN search. This attribute becomes the value of the authenticated-login job attribute in the accounting log.
Click Test Authentication if you want to test the connection to the LDAP server. If the connection is successful, a confirmation message is displayed: Successfully connected to the LDAP server.
If one of the LDAP settings is not properly configured, you receive one error message for each case:
- “Invalid user login credentials. Check your login credentials.” You see this message when the authentication bind fails because the credentials are incorrect.
- “Incorrect LDAP host, port, or SSL/TLS settings. Check your host, port, and SSL/TLS settings.” You see this message when the authentication bind fails because InfoPrint Select LDAP client cannot contact the LDAP server.
- “Invalid authentication method. Contact your system administrator.” You see this message when the LDAP server does not recognize the authentication method that the InfoPrint Select LDAP client used.
- “LDAP login not found on server. Check your credentials or search options.” You see this message when InfoPrint Select LDAP does not find the user in the search directory.
You do not see an error message when the LDAP server does not allow anonymous authentication. In this case, the initial bind fails because no anonymous binding is allowed, and InfoPrint Select LDAP client authenticates directly with the login credentials that you entered.
- If you want to identify the DN using the intranet e-mail address (for example: email@example.com) as DAP Login, the search attribute must be mail. The DN Search Options are configurable as needed and used only for simple authentication method.
- Anonymous Login
Enable/Disable anonymous login to the LDAP server.
- Bind DN
Enter the Distinguished Name (DN) of the account if the LDAP server does not allow anonymous queries.
The password for the Bind DN account.Note: The Bind DN login and password information are stored in the registry. The password is stored in encrypted form. By default, the search of the DN is done by the anonymous binding to the LDAP server and it is based on the Search Base, and the Search Attribute values. The DN that results from the search is used for the authentication together with the specified password. If Anonymous Search is not enabled on your InfoPrint Select LDAP server, InfoPrint select attempts to log in with the Bind DN and password and searches for the specified Login. If the authentication fails, an error occurs. If the search succeeds, InfoPrint Select attempts to log in with the DN associated with the Login. If the search fails, InfoPrint Select attempts to log in with the Login and password.