Searching for a destination using the LDAP server
Overview
When a directory server such as the LDAP server or Active Directory is used for user management, you can search for a destination (E-mail address or fax number) from the server.
Use SSL to encrypt a communication with the server; you can make communications more securely.
When using the LDAP server to search for a destination, follow the below procedure to configure the settings.
To use the LDAP function of the Active Directory server, you must register the DNS server that synchronizes the Active Directory on this machine before starting the procedure. For details on how to register the DNS server, refer to [Registering the DNS server used by this machine] .
To use the LDAP function of the Active Directory server, you must match the date and time of this machine and Active Directory. For details on how to set the date and time of this machine, refer to [Setting the date and time for the machine] .
Configure settings for connecting to the network such as setting of the IP address of this machine
For details on configuring the setting, refer to [Configuring network environment settings] .
Configure basic settings for the LDAP search
For details on configuring the setting, refer to [Configuring basic settings for the LDAP search] .
Set the following options according to your environment
Purpose
Reference
Communicate with the LDAP server using SSL
Configuring basic settings for the LDAP search
Configure settings so that you can search for a destination from the LDAP server. In addition, register your LDAP server, configure settings for connecting to the LDAP and search method.
In the administrator mode, select [Network] - [LDAP Setting] - [LDAP Setting], then configure the following settings.
Settings
Description
[Enabling LDAP]
Select [ON] to use the LDAP search.
[OFF] is specified by default.
[Default Search Result Display Setting]
Select whether an E-mail address, fax number, or Internet fax number is given priority to be displayed as the destination search result when searching for destinations from the LDAP server.
To use this function, install the optional Fax Kit in this machine or enable the Internet Fax function.
[E-mail] is specified by default.
In the administrator mode, select [Network] - [LDAP Setting] - [Setting Up LDAP] - [Edit], then configure the following settings.
Settings
Description
[LDAP Server Name]
Enter the registered name of the LDAP server (using up to 32 characters).
Use a name that helps you easily identify the server.
[Server Address]
Enter your LDAP server address.
Use one of the following formats.
Example of host name entry: "host.example.com"
Example of IP address (IPv4) entry: "192.168.1.1"
Example of IP address (IPv6) entry: "fe80::220:6bff:fe10:2f16"
[Port Number]
If necessary, change the LDAP server port number.
In normal circumstances, you can use the original port number.
[389] is specified by default.
[Search Base]
Specify the starting point to search for a destination (using up to 255 characters).
The range from the entered origin point, including the following tree structure, is searched.
Example of entry: "cn=users,dc=example,dc=com"
[Timeout]
If necessary, change the time-out time to limit a communication with the LDAP server.
[60] sec. is specified by default.
[Max.Search Results]
Change the maximum number of destinations to be displayed as search results, if necessary.
[100] is specified by default.
[Authentication Method]
Select the authentication method to log in to the LDAP server.
Select one appropriate for the authentication method used for your LDAP server.
[anonymous]: [Login Name], [Password], and [Domain Name] can be omitted.
[GSS-SPNEGO]: Log in to the server using the Kerberos authentication method. Select this to use the Active Directory.
[anonymous] is specified by default.
[Login Name]
Log in to the LDAP server, and enter the user name to search for a user (using up to 64 characters).
[Password]
Enter the password of the user you entered into [Login Name] (using up to 64 characters, excluding ").
To enter (change) the password, select the [Password is changed.] check box, then enter a new password.
[Domain Name]
Enter the domain name to log in to the LDAP server (using up to 64 characters).
If [GSS-SPNEGO] is selected for [Authentication Method], enter the domain name of Active Directory.
[Select Server Authentication Method]
Select the LDAP server authentication method.
[Set Value]: Use the settings of [Login Name], [Password], and [Domain Name].
[User Authentication]: Synchronizes with the user authentication of this machine. Uses the user name and password of the registered user of this machine as [Login Name] and [Password].
[Dynamic Authentication]: The system prompts you to enter the user name and password at LDAP searching.
[Set Value] is specified by default.
[Use Referral]
Select whether to use the referral function, if necessary.
Make an appropriate choice to fit the LDAP server environment.
[ON] is specified by default.
[Search Condition Attributes]
Select attributes to be specified when performing the LDAP search.
The setting can be switched between [Name] (cn) and [Nickname] (displayName).
[Name] is specified by default.
[Search]
Select [ON] to display candidate destinations when entering a part of the name to search for a destination via the LDAP server.
[OFF] is specified by default.
[Initial Setting for Search Details]
Specify LDAP search conditions.
[Search Attributes Authentication]
Select this check box to enable the attribute-based authentication when [Authentication Method] is set to [Simple] and [Select Server Authentication Method] to [Dynamic Authentication].
If this check box is selected, the user does not need to enter all of the DN (Distinguished Name) when performing authentication via the LDAP server.
At [Search Attribute], enter the search attribute to be automatically added before the user name. In normal circumstances, specify "uid" before the user name, however, depending on your environment, you need to specify other attribute such as "cn".
[uid] is specified by default.
Clicking [Check Connection] at [LDAP Server List] enables you to confirm whether you can connect to the LDAP server according to the registered contents.
Using SSL communication
Communication between this machine and the LDAP server is encrypted with SSL.
Configure the setting if your environment requires SSL encryption communication with the LDAP server.
To make SSL communications, enable SSL. In addition, specify how to verify the certificate.
In the administrator mode, select [Network] - [LDAP Setting] - [Setting Up LDAP] - [Edit], then configure the following settings.
Settings | Description | |
---|---|---|
[Enable SSL] | Select this check box to use SSL communication. [OFF] (not selected) is specified by default. | |
[Port Number (SSL)] | If necessary, change the SSL communication port number. In normal circumstances, you can use the original port number. [636] is specified by default. | |
[Certificate Verification Level Settings] | To verify the certificate, select items to be verified. If you select [Confirm] at each item, the certificate is verified for each item. | |
[Validity Period] | Confirm whether the certificate is still valid. [Confirm] is specified by default. | |
[CN] | Confirm whether CN (Common Name) of the certificate matches the server address. [Do Not Confirm] is specified by default. | |
[Key Usage] | Confirm whether the certificate is used according to the intended purpose approved by the certificate issuer. [Do Not Confirm] is specified by default. | |
[Chain] | Confirm whether there is a problem in the certificate chain (certificate path). The chain is validated by referencing the external certificates managed on this machine. [Do Not Confirm] is specified by default. | |
[Expiration Date Confirmation] | Confirm whether the certificate has expired. Confirm for expiration of the certificate in the following order.
[Do Not Confirm] is specified by default. |
In the administrator mode, select [Security] - [Certificate Verification Settings], then configure whether to verify the certificate. The certificate is verified by default. For details, refer to [Verifying a certificate for peer] .