* Enter the name of the utility key. You can search descriptions of utility keys.

LDAP-IC Card Authentication Setting

To display: [Utility][Administrator Settings][User Authentication/Account Track][General Settings][LDAP-IC Card Authentication Setting]

Configure settings for authentication by the LDAP server using the card ID registered on authentication cards in an environment with IC card-based user authentication implemented by connecting an Authentication Unit (IC card type).

You can set this option by selecting [External Server Authentication] or [Main + External Server] in [Administrator Settings] - [User Authentication/Account Track] - [General Settings] - [User Authentication] - [Authentication Method].

Settings

Description

[ON]/[OFF]

Specify whether to enable authentication by the LDAP server using the card ID registered on authentication cards.

[OFF] is specified by default.

[Setting Up LDAP]

Register the LDAP server to be used for authenticating the user ID of the IC card.

For details on settings, refer to the settings of [Setting Up LDAP] shown below.

[LDAP Server Connection Settings]

Select the name of the external server to be used as authentication information saved on this machine.

The authentication information is saved on this machine when the LDAP-IC card authentication is successfully completed. This authentication information includes the user name and the external server name. As authentication information to be saved on this machine, the name of external server registered on this machine can be registered.

[Secondary Auth. server setting]

Configure settings to connect to the secondary authentication server when you cannot connect to the primary authentication server while the LDAP server authentication is installed.

For details on settings, refer to the settings of [Secondary Auth. server setting] shown below.

[Card Information Registration Settings]

When authentication is performed on the machine using an IC card not registered in the LDAP server, select whether to register the IC card in the LDAP server.

If [ON] is selected, enter the attribute such as "uid" to be searched as the user name in [User Name Attribute]. In this case, [User Name Acquisition] of [Setting Up LDAP] is set to [Acquiring]. Also, the same attribute as that specified here is set to [User Name Attribute] of [Setting Up LDAP].

[OFF] is specified by default.

Settings of [Setting Up LDAP]

Settings

Description

[Setting Up LDAP]

Register the LDAP server to be used for authenticating the user ID of the IC card.

Tap [Check Connection] to try connecting to the LDAP server using the entered information and check if the iformation registered is correct.

Tap [Reset All Settings] to reset all the information entered.

[User Name Acquisition]

Select how to obtain the user name when logging in to this machine.

  • [Use Card ID]: Select this option when only IC card information is registered on the server. Uses the card ID in the IC card as the user name.

  • [Acquiring]: Select this option when user information other than IC card information is registered on the server. Uses the user name obtained from the server. Enter the attribute to be searched as the user name ("uid") at [User Name Attribute].

[Use Card ID] is specified by default.

[Timeout]

If necessary, change the time-out time to limit a communication with the LDAP server.

[60 sec.] is specified by default.

[Search Attribute]

Enter attributes for the place in which you have entered IC card information (using up to 64 characters).

The attribute must start with an alphabet character.

[uid] is specified by default.

[Server Address]

Enter the LDAP server address.

Use one of the following formats.

  • Example of host name entry: "host.example.com"

  • Example of IP address (IPv4) entry: "192.168.1.1"

  • Example of IP address (IPv6) entry: "fe80::220:6bff:fe10:2f16"

[Search Base 1] to [Search Base 3]

Specify the starting point to search for a user to be authenticated.

  • [Search Base]: Specify the starting point to search for a target (using up to 255 characters).
    Example of entry: "cn=users,dc=example,dc=com"

  • [Search Range]: Select a tree search range. [Full Tree] is specified by default.
    Selecting [Full Tree] makes a search, including the tree structure under the entered starting point. Selecting [Next hierarchy only] searches for only one level directly beneath the entered starting point. In this case, the level at the starting point is not included as a search target.

[SSL Setting]

Specify whether or not to use SSL for communication with the LDAP server.

[OFF] is specified by default.

[Port Number]

If necessary, change the LDAP server port number.

In normal circumstances, you can use the original port number.

[389] is specified by default.

[Port Number (SSL)]

If necessary, change the SSL communication port number.

In normal circumstances, you can use the original port number.

[636] is specified by default.

[Certificate Verification Level Settings]

To validate the certificate during SSL communication, select items to be verified.

  • [Expiration Date]: Confirm whether the certificate is within the validity period. [Confirm] is specified by default.

  • [Key Usage]: Confirm whether the certificate is used according to the intended purpose approved by the certificate issuer. [Do Not Confirm] is specified by default.

  • [Chain]: Confirm whether there is a problem in the certificate chain (certificate path). The chain is validated by referencing the external certificates managed on this machine. [Do Not Confirm] is specified by default.

  • [Expiration Date Confirmation]: Confirm whether the certificate has expired. [Do Not Confirm] is specified by default.

  • [CN]: Confirm whether CN (Common Name) of the certificate matches the server address. [Do Not Confirm] is specified by default.

[Authentication Type]

Select the authentication method to log in to the LDAP server.

Select one appropriate for the authentication method used for your LDAP server.

  • [Simple]

  • [Digest-MD5]

  • [GSS-SPNEGO]

  • [NTLM v1]

  • [NTLM v2]

[Simple] is specified by default.

[Referral Setting]

Select whether to use the referral function, if necessary.

Make an appropriate choice to fit the LDAP server environment.

[ON] is specified by default.

[Login Name]

Log in to the LDAP server, and enter the login name to search for a user (using up to 64 characters).

[Password]

Enter the password of the user name you entered into [Login Name] (using up to 64 characters).

[Domain Name]

Enter the domain name to log in to the LDAP server (using up to 64 characters).

If [GSS-SPNEGO] is selected for [Authentication Type], enter the domain name of Active Directory.

Settings of [Secondary Auth. server setting]

Settings

Description

[ON]/[OFF]

Select whether to use the secondary authentication server.

[OFF] is specified by default.

[Reconnection Settings]

Specify the timing at which to reconnect to the primary authentication server.

[Set Reconnect Interval] is specified by default.

  • [Reconnect for every login]: Connects to the primary authentication server each time authentication is carried out on this machine. If the primary authentication server is shutting down, this machine is connected to the secondary authentication server.

  • [Set Reconnect Interval]: Connects to the secondary authentication server when the primary authentication server is shutting down when machine authentication is occurring. After this, this machine is connected to the secondary authentication server when machine authentication is occurring until the time specified in [Reconnection Time] lapses. After the time specified in [Reconnection Time] has lapsed, this machine is reconnected to the primary authentication server when machine authentication is occurring.

[Secondary Authentication Server Registration]

Register the secondary authentication server.

For details on settings, refer to the settings of [Setting Up LDAP] shown above.