Communicating between RICOH ProcessDirector and the LDAP server

When you set up communications between RICOH ProcessDirector and your LDAP server, you might have to modify your LDAP server settings for these binds and search requests.

This table maps the Database property names to the corresponding names in the user interface. Use this table as a reference to help understand what properties are passed and returned by the searches and binds performed by RICOH ProcessDirector.

Database and User Interface property names

Database Property Name User Interface Property Name
WorkflowSystem.AdLdap.GroupMap Product to LDAP group mapping
WorkflowSystem.AdLdap.GroupSearchBase Group search base
WorkflowSystem.AdLdap.GroupSearchFilter Group search filter
WorkflowSystem.AdLdap.GroupSearchMember Group search member
WorkflowSystem.AdLdap.ManagerDN Manager distinguished name
WorkflowSystem.AdLdap.ManagerPassword Manager distinguished name password
WorkflowSystem.AdLdap.rootDN Root distinguished name
WorkflowSystem.AdLdap.Server LDAP server
WorkflowSystem.AdLdap.UserSearchBase User search base
WorkflowSystem.AdLdap.UserSearchFilter User search filter
User.ID User name
User.Password User password

RICOH ProcessDirector creates these binds whenever a user logs in:

  • bind ${WorkflowSystem.AdLdap.Server} using ${WorkflowSystem.AdLdap.ManagerDN} and ${WorkflowSystem.AdLdap.ManagerPassword}

    When the Manager distinguished name system property (WorkflowSystem.AdLdap.ManagerDN) does not have a value, an Anonymous bind is created.

  • bind to ${WorkflowSystem.AdLdap.Server} using ${User.ID} and ${User.Password}
      Note:
    • The password for User.Password must be set when making changes for LDAP. If the password is not set, the bind fails.

RICOH ProcessDirector does these search requests whenever a user logs in:

  • For all RICOH ProcessDirector LDAP groups:searchRequest "${WorkflowSystem.AdLdap.GroupSearchBase},${WorkflowSystem.AdLdap.rootDN}" wholeSubtree Filter: (${WorkflowSystem.AdLdap.GroupSearchFilter}${WorkflowSystem.AdLdap.GroupMap})

    The results must include the Group search member. The value of the Group search member is used as the RICOH ProcessDirector user name.

  • When a user name is set to the value returned on the Group search member argument:searchRequest "${WorkflowSystem.AdLdap.UserSearchBase},${WorkflowSystem.AdLdap.rootDN}" wholeSubtree Filter: (${WorkflowSystem.AdLdap.UserSearchFilter}=${User.ID})

Verify communications between RICOH ProcessDirector and your LDAP server are working correctly by testing the Group search base and User search base:

  • Use Microsoft’s LDP.exe tool to verify communications between RICOH ProcessDirector and your LDAP server. You input your LDAP server name, port, user name, and password into the tool. The tool reports back the Active Directory structure which you use to verify the Group search base and User search base information.