Microsoft®, Windows®, and Windows NT®, are U.S. registered trademarks of
Microsoft Corporation.
All other products mentioned herein might be trademarks of their respective
companies.
The only warranties for HP products and services are set forth in the express
warranty statements accompanying such products and services. Nothing herein
should be construed as constituting an additional warranty. HP shall not be liable
for technical or editorial errors or omissions contained herein.
This is an HP copyrighted work that may not be reproduced without the
permission of HP.
Step 4: Configure the Authentication Manager......................................12
Step 5: Use the MFP control panel.......................................................13
Overview
Configuring embedded LDAP authentication is a technical process that involves
configuring the MFP to communicate with the LDAP database. This document
provides step-by-step instructions on configuring this functionality.
Required tool
It is necessaryto use Microsoft LDP to configure the MFP for embedded LDAP
authentication. Microsoft LDP is a support tool that ships with the Windows
Support Tools contained on the Windows OS media. It allows you to connect,
bind, and query an LDAP database.
Microsoft LDP can be installed and configured by following these instructions:
a.Browse to the root of the OS media, and open the Support folder.
b.Open the Tools folder.
configure - 1
c.Double click the SUPTOOLS.MSI file.
d.Select Next at the Welcome to the Windows Support Tools Setup
Wizard.
2 - configure
e.After reading the licensing agreement, select the I Agree radial button
and click Next.
f.Enter your name and organization; then click Next.
configure - 3
g.Select Complete for the installation t ype; then click Next.
h.Select Install Now to begin the installation.
4 - configure
i.Click Finish to complete the installation.
Step 1: Discovering the LDAP server
There are two key methods to discover an availa ble LDAP server on the network.
Method 1
a.Open a command window by clicking on Start → Run and typing
cmd.exe in the dialog box. Then press Enter or click OK.
configure - 5
b.To determine which Windows Active Directory logon server you are
logged onto, type the fo llowing: echo %logonserver%. This server
can be used as the LDAP server.
Method 2
The following command can be used to provide a list of DNS servers.
nnslookup “name of your domain” (i.e. nslookup
AMERICAS.HPQCORP.NET). In a Windows Active Directory
environment, a DNS server is typically running Active Directory which
contains the LDAP database.
6 - configure
Step 2: Setting up LDP
a.Open LDP by clicking on Start → Run, and typing ldp.exe; then press
Enter or click OK.
b.From the Ldp menu, select Connection → Connect.
c.In the Connect window, input the IP address or hostname of the LDAP
server in the Server box; then input 389 or 3268 as the Port number.
Click OK.
wPort 389 is the standard LDAP port. However, it may be necessary
to use port 3268 when communicating with a Windows Global
Catalog Active DirectoryServer.
configure - 7
d.From the LDP menu, select Connection → Bind.
e.In the Bind window, input username, password, and domain name; then
click OK.
f.On the LDP screen, find and copy the Base DN.
wThe Base DN is normally listed within “defaultNamingContext.”
8 - configure
g.From the LDP menu, select Browse → Search.
h.In the Search window, paste the Base DN into the Base Dn box. Input
the LDP Filter into the Filter box.
wUse (&(objectclass=person)(displayname=”customer last name,
first name letter”*)) as the LDP Filter. For example,
(&(objectclass=person)(displayname=mcdonald, j*))
wSelect Subtree for the Scope.
wClick Options.
wIn the Search Options window, remove all entries in Attributes;
then click OK.
wBack in the Search window, click Run; then click Close.
i.On the LDP screen, locate the user DN from the returned results. Copy
it for use in the Embedded Web Server (EWS).
wThe Search Prefix begins after the individualuser CN.
configure - 9
Hint
Notice how the username is set up on the LDP screen. The
username format is defined within the device user DN. This can
be viewed in the LDP trace. The format is often in email address
format, but can be defined in many different combinations.
Step 3: Configure LDAP
a.Open the EWS in a web browser.
b.Select the Settings tab, and then LDAP Authentication.
c.On the LDAP Authentication screen, paste the copied Search Prefix into
the Bind and search Root box.
d.Input cn into the Bind Prefix box.
e.Input 389 or 3268 in the Port box.
f.Input the LDAP server IP address or server name into the LDAP Server
box.
Hint
Using the command echo %logonserver% earlier, IDBGCAM03 was
the server name discovered.
g.Leave the LDAP Server Bind Method at Simple unless configuring
SSL.
10 - configure
h.Input cn into the “Match the name entered with the LDAP attribute of”
field.
i.Find the device user email address in the LDP trace. Copy the attribute
defining the email address.
wPaste the attribute into the “Retrieve the device user’s email
address using attribute of” box.
j.Find the device user display name in the LDP trace. Copy the attribute
defining the display name.
wThis is usually set as displayName.
wPaste the attribute into the “Retrieve the device and name using the
attribute of” box.
k.Click Test.
l.The Test LDAP Authentication screen appears. Input your username
and password; then click OK.
configure - 11
Hint
Remember how the username was set up on the LDP screen. The
username is defined within the device user DN value in the LDP
trace and is not in standard Windows domain account format. The
format is often your entire email address, including the @xx.xx.