You can configure settings so that authentication is performed in the LDAP server using the card ID registered in the IC card when the LDAP server is used for user management (LDAP-IC Card Authentication).
Authentication is completed simply by placing the IC card. This enhances security without damaging users' ability to easily operate the machine.
To perform authentication using the IC card, follow the below procedure to configure the settings.
For details on settings, refer to the primary server settings (described after this procedure).
For details on settings, refer to the secondary server settings (described after this procedure).
Primary server settings
Setting | Description |
---|---|
[LDAP-IC Card Authentication Server Name] | Enter the name of the authentication server (using up to 32 single-byte characters). |
[External Authentication Server] | Select the external authentication server used to associate the LDAP-IC card authentication (default: [No Selection]). When authentication succeeds, user authentication information is registered on the machine to manage users on the machine. This authentication information includes the user name and external authentication server name. The external authentication server name selected here is registered on the machine together with the user name. |
[Card Information Registration Settings] | When authentication is performed on the machine using an IC card not registered in the LDAP server, select whether to register the card information in the LDAP server (default: [OFF]).
|
[Card Information Character Type During Search] | Select the search string conversion method to search for the card ID via the LDAP server (default: [Uppercase Letters/ Lowercase Letters]). When the target card attribute information on the server is unified into upper and lower case letters, in some cases, you can convert the character type of the search string and subsequently reduce the search speed.
|
[Server Address] | Enter the LDAP server address. Use one of the following formats.
|
[Port No.] | If necessary, change the LDAP server port number (default: [389]). |
[Search Base 1] to [Search Base 3] | Specify the starting point and range to search for a user to be authenticated.
|
[Timeout] | If necessary, change the time-out time to limit a communication with the LDAP server (default: [60] sec.). |
[Authentication Method] | Select the authentication method to log in to the LDAP server depending on your environment (default: [Simple]).
|
[Use Referral] | Select whether to use the referral function (default: ON). |
[Search Attribute] | Enter the name of the attribute of the IC card information registered in the LDAP server (using up to 64 single-byte characters). The attribute value must start with a single-byte alphabetical character (default: [uid]). |
[User Name] | Select how to obtain the user name when logging in to this machine (default: [Use Card ID]). If [ON] is selected in [Card Information Registration Settings], [Acquiring] is selected, and any change cannot be made.
|
[Search Directory Service] | If you select [Active Directory], you can limit a search target for authentication to users (default: [Other]). However, when a search target for authentication is limited to users, search target identification processing occurs on the server side, so the authentication time may be delayed. This function is available when the authentication server is set to Active Directory. |
Secondary server settings
Setting | Description |
---|---|
[2nd Server Setting] | When using the secondary server, set this option to ON (default: OFF). |
[Round Robin function] | When using the round-robin function, set this option to ON (default: OFF). If you select round-robin function, you can alternately connect the primary and secondary servers to distribute the server load. |
[Reconnection Settings] | Configure a setting to connect to the secondary server when the machine cannot be connected to the primary server (default: [Set Reconnect Interval]). When the round-robin function is enabled, this setting can also be used to connect to the primary server when the machine cannot be connected to the secondary server.
|
[Card Information Registration Settings] | When authentication is performed on the machine using an IC card not registered in the LDAP server, select whether to register the card information in the LDAP server.
|
Secondary Server Information | Register the secondary server. For details, refer to the registration contents of the primary server. To extract the primary server setting and configure the secondary server setting, click [Retrieve from 1st Server]. |
If SSL is installed in your environment, enable SSL.
Select [User Auth/Account Track] - [LDAP-IC Card Authentication Setting] - [Server Registration] - [Edit] in administrator mode of Web Connection (or in [Utility] - [Administrator] of this machine), and configure the following settings.
Setting | Description | |
---|---|---|
[Enable SSL] | When using SSL communications, set this option to ON (default: OFF).
| |
[Certificate Verification Level Settings] | To validate the certificate during SSL communication, select items to be verified.
|