Configuring Settings to Search for a Destination via the LDAP Server

Setting flow

If the LDAP server or the Active Directory of Windows Server is used for user management, you can search for (LDAP Search) destination information registered in the server and specify the desired destination.

When using the LDAP search function, follow the below procedure to configure the settings.

preconditionTo use the LDAP function of the Active Directory server, you must register the DNS server that synchronizes the Active Directory on this machine before starting the procedure. For details on how to register the DNS server, refer to [Registering the DNS server] .

preconditionTo use the LDAP function of the Active Directory server, you must match the date and time of this machine and Active Directory. For details on how to set the date and time of this machine, refer to [Setting the date and time for the machine] .

  1. Configuring network settings of this machine ( [Network Settings] )

  2. Configuring basic settings for LDAP search ( [Configure basic settings for the LDAP search] )

  3. Configuring settings to suit your environment

    supplementary explanationEstablishing SSL communication ( [Using SSL communication] )

Configure basic settings for the LDAP search

Configure settings to search for destination information registered in the LDAP server.

  1. Select [Network] - [LDAP Setting] - [LDAP Setting] in administrator mode of Web Connection (or in [Utility] - [Administrator] of this machine), and configure the following settings.

    Setting

    Description

    [Enabling LDAP]

    To perform LDAP search, select [ON] (default: [OFF]).

    [Default Search Result Display Setting]

    Select whether an E-mail address, fax number, or Internet fax number is given priority to be displayed as the destination search result when searching for destinations from the LDAP server (default: [E-mail]).

  2. Select [Network] - [LDAP Setting] - [Setting Up LDAP] - [Edit] in administrator mode of Web Connection (or in [Utility] - [Administrator] of this machine), and configure the following settings.

    Setting

    Description

    [LDAP Server Name]

    Enter the name of the LDAP server (using up to 32 characters).

    [Server Address]

    Enter the LDAP server address. Use one of the following formats.

    • Example to enter the host name: "host.example.com"

    • Example to enter the IP address (IPv4): "192.168.1.1"

    • Example to enter the IP address (IPv6): "fe80::220:6bff:fe10:2f16"

    [Port No.]

    If necessary, change the LDAP server port number (default: [389]).

    [Search Base]

    Specify the starting point to search for a destination (using up to 255 characters).

    The range from the entered origin point, including the following tree structure, is searched.

    Example of entry: "cn=users,dc=example,dc=com"

    [Timeout]

    If necessary, change the time-out time to limit a communication with the LDAP server (default: [60] sec.).

    [Max.Search Results]

    Change the maximum number of destinations to be displayed as search results, if necessary (default: [100]).

    [General Settings]

    Select the authentication method to log in to the LDAP server depending on your environment (default: [anonymous]).

    • [Login Name]: Enter the login name used for LDAP authentication (using up to 64 characters).

    • [Password]: Enter the password for LDAP authentication (using up to 64 characters).

    • [Domain Name]: If [GSS-SPNEGO] is selected for [General Settings], enter the domain name of Active Directory (using up to 64 characters).

    [Select Server Authentication Method]

    Select whether to synchronize the LDAP authentication with the user authentication of this machine (default: [Set Value]).

    • [Set Value]: Uses values entered in [Login Name] and [Password].

    • [User Authentication]: Uses the registered user's user authentication of this machine as authentication information for LDAP authentication.

    • [Dynamic Authentication]: The system prompts you to enter the user name and password at LDAP searching.

    [Use Referral]

    If necessary, select whether to use the referral function (default: [ON]).

    [Search Condition Attributes]

    Select attributes to be specified when performing the LDAP search (default: [Name]). The setting can be switched between [Name] (cn) and [Nickname] (displayName).

    [Search]

    Select whether to display candidate destinations when entering a part of the name to perform LDAP search (default: [OFF]).

    [Initial Setting for Search Details]

    Specify the default LDAP search conditions for each item (default: [OR]).

    • [Search Attributes Authentication]: When enabling Search Attributes Authentication, set this option to ON (default: OFF). Configure this setting when [General Settings] is set to [Simple] and [Select Server Authentication Method] to [Dynamic Authentication]. If enabled, the user does not need to enter all of the DN (Distinguished Name) when performing authentication via the LDAP server.
      [Search Attribute]: Enter the search attribute to be automatically added before the user name (using up to 64 characters). The attribute must start with an alphabet character (default: [uid]). In normal circumstances, specify "uid" before the user name, however, depending on your environment, you need to specify other attribute such as "cn".

Tips
  • Selecting [Check Connection] in [LDAP Server List] enables you to confirm whether you can connect to the LDAP server according to the registered contents.

Using SSL communication

If SSL is installed in your environment, enable SSL.

Select [Network] - [LDAP Setting] - [Setting Up LDAP] - [Edit] in administrator mode of Web Connection (or in [Utility] - [Administrator] of this machine), and configure the following settings.

Setting

Description

[Enable SSL]

When using SSL communications, set this option to ON (default: OFF).

  • [Port No.(SSL)]: If necessary, change the port number for SSL communication (default: [636]).

[Certificate Verification Level Settings]

To validate the certificate during SSL communication, select items to be verified.

  • [Expiration Date]: Confirm whether the certificate is within the validity period (default: ON).

  • [CN]: Confirm whether CN (Common Name) of the certificate matches the server address (default: OFF).

  • [Key Usage]: Confirm whether the certificate is used according to the intended purpose approved by the certificate issuer (default: OFF).

  • [Chain]: Confirm whether there is a problem in the certificate chain (certificate path) (default: OFF). The chain is validated by referencing the external certificates managed on this machine.

  • [Expiration Date Confirmation]: Confirm whether the certificate has expired (default: OFF). The expiration date confirmation is performed in the order of OCSP (Online Certificate Status Protocol) service, and CRL (Certificate Revocation List).

Reference