Communicating between RICOH ProcessDirector and the LDAP server
This table maps the Database property names to the corresponding names in the user interface. Use this table as a reference to help understand what properties are passed and returned by the searches and binds performed by RICOH ProcessDirector.
Database and User Interface property names
Database Property Name | User Interface Property Name |
---|---|
WorkflowSystem.AdLdap.GroupMap | Product to LDAP group mapping |
WorkflowSystem.AdLdap.GroupSearchBase | Group search base |
WorkflowSystem.AdLdap.GroupSearchFilter | Group search filter |
WorkflowSystem.AdLdap.GroupSearchMember | Group search member |
WorkflowSystem.AdLdap.ManagerDN | Manager distinguished name |
WorkflowSystem.AdLdap.ManagerPassword | Manager distinguished name password |
WorkflowSystem.AdLdap.rootDN | Root distinguished name |
WorkflowSystem.AdLdap.Server | LDAP server |
WorkflowSystem.AdLdap.UserSearchBase | User search base |
WorkflowSystem.AdLdap.UserSearchFilter | User search filter |
User.ID | User name |
User.Password | User password |
RICOH ProcessDirector creates these binds whenever a user logs in:
- bind ${WorkflowSystem.AdLdap.Server} using ${WorkflowSystem.AdLdap.ManagerDN} and
${WorkflowSystem.AdLdap.ManagerPassword}
When the Manager distinguished name system property (WorkflowSystem.AdLdap.ManagerDN) does not have a value, an Anonymous bind is created.
- bind to ${WorkflowSystem.AdLdap.Server} using ${User.ID} and ${User.Password}
- Note:
- The password for User.Password must be set when making changes for LDAP. If the password is not set, the bind fails.
RICOH ProcessDirector does these search requests whenever a user logs in:
- For all RICOH ProcessDirector LDAP groups:searchRequest "${WorkflowSystem.AdLdap.GroupSearchBase},${WorkflowSystem.AdLdap.rootDN}"
wholeSubtree Filter: (${WorkflowSystem.AdLdap.GroupSearchFilter}${WorkflowSystem.AdLdap.GroupMap})
The results must include the Group search member. The value of the Group search member is used as the RICOH ProcessDirector user name.
- When a user name is set to the value returned on the Group search member argument:searchRequest "${WorkflowSystem.AdLdap.UserSearchBase},${WorkflowSystem.AdLdap.rootDN}" wholeSubtree Filter: (${WorkflowSystem.AdLdap.UserSearchFilter}=${User.ID})
Verify communications between RICOH ProcessDirector and your LDAP server are working correctly by testing the Group search base and User search base:
- Test the Group search base by entering this command at a command prompt:
ldapsearch -D "WorkflowSystem.AdLdap.ManagerDN" -x -W -b "WorkflowSystem.AdLdap.GroupSearchBase,WorkflowSystem.AdLdap.rootDN" -h "WorkflowSystem.AdLdap.Server" -s sub "(WorkflowSystem.AdLdap.GroupSearchFilter=GroupMap)"
If communications between RICOH ProcessDirector and your LDAP server are working correctly, data containing the group search is returned. The response contains information stored in your LDAP server:
UID=UserName, ou=GroupName, ou=OrganizationName, dc=ComputerName, dc=CompanyName
GroupName is returned by WorkflowSystem.AdLdap.GroupSearchBase. OrganizationName, ComputerName, and CompanyName are returned by WorkflowSystem.AdLdap.rootDN.
- Test the User search base by entering this command at a command prompt:
ldapsearch -D "WorkflowSystem.AdLdap.ManagerDN" -x -W -b "WorkflowSystem.AdLdap.UserSearchBase,WorkflowSystem.AdLdap.rootDN" -h "WorkflowSystem.AdLdap.Server" -s sub "(WorkflowSystem.AdLdap.UserSearchFilter=User.ID)"
Data containing the user search is returned if communications between RICOH ProcessDirector and your LDAP server are working correctly. The response contains information stored in your LDAP server:
UID=UserName, ou=OrganizationUsers, ou=OrganizationName, dc=ComputerName, dc=CompanyName
OrganizationUsers is returned by WorkflowSystem.AdLdap.UserSearchBase. OrganizationName, ComputerName, and CompanyName are returned by WorkflowSystem.AdLdap.rootDN.