Communicating between RICOH ProcessDirector and the LDAP server
This table maps the Database property names to the corresponding names in the user interface. Use this table as a reference to help understand what properties are passed and returned by the searches and binds performed by RICOH ProcessDirector.
Database and User Interface property names
Database Property Name | User Interface Property Name |
---|---|
WorkflowSystem.AdLdap.GroupMap | Product to LDAP group mapping |
WorkflowSystem.AdLdap.GroupSearchBase | Group search base |
WorkflowSystem.AdLdap.GroupSearchFilter | Group search filter |
WorkflowSystem.AdLdap.GroupSearchMember | Group search member |
WorkflowSystem.AdLdap.ManagerDN | Manager distinguished name |
WorkflowSystem.AdLdap.ManagerPassword | Manager distinguished name password |
WorkflowSystem.AdLdap.rootDN | Root distinguished name |
WorkflowSystem.AdLdap.Server | LDAP server |
WorkflowSystem.AdLdap.UserSearchBase | User search base |
WorkflowSystem.AdLdap.UserSearchFilter | User search filter |
User.ID | User name |
User.Password | User password |
RICOH ProcessDirector creates these binds whenever a user logs in:
- bind ${WorkflowSystem.AdLdap.Server} using ${WorkflowSystem.AdLdap.ManagerDN} and
${WorkflowSystem.AdLdap.ManagerPassword}
When the Manager distinguished name system property (WorkflowSystem.AdLdap.ManagerDN) does not have a value, an Anonymous bind is created.
- bind to ${WorkflowSystem.AdLdap.Server} using ${User.ID} and ${User.Password}
- Note:
- The password for User.Password must be set when making changes for LDAP. If the password is not set, the bind fails.
RICOH ProcessDirector does these search requests whenever a user logs in:
- For all RICOH ProcessDirector LDAP groups:searchRequest "${WorkflowSystem.AdLdap.GroupSearchBase},${WorkflowSystem.AdLdap.rootDN}"
wholeSubtree Filter: (${WorkflowSystem.AdLdap.GroupSearchFilter}${WorkflowSystem.AdLdap.GroupMap})
The results must include the Group search member. The value of the Group search member is used as the RICOH ProcessDirector user name.
- When a user name is set to the value returned on the Group search member argument:searchRequest "${WorkflowSystem.AdLdap.UserSearchBase},${WorkflowSystem.AdLdap.rootDN}" wholeSubtree Filter: (${WorkflowSystem.AdLdap.UserSearchFilter}=${User.ID})
Verify communications between RICOH ProcessDirector and your LDAP server are working correctly by testing the Group search base and User search base:
- Use Microsoft’s LDP.exe tool to verify communications between RICOH ProcessDirector and your LDAP server. You input your LDAP server name, port, user name, and password into the tool. The tool reports back the Active Directory structure which you use to verify the Group search base and User search base information.