Employing the LDAP authentication

Overview

When you use the LDAP server for user management, you can restrict users of this machine by authentication using LDAP.

Employing the user authentication enables security- and cost-conscious advanced operations such as restricting users from accessing this machine, restricting users from using the functions by user, and managing the use status of this machine.

When employing the LDAP authentication function, follow the below procedure to configure the settings.

  1. Configure settings for connecting to the network such as setting of the IP address of this machine

    supplementary explanationFor details on configuring the setting, refer to [Configuring network environment settings] .

  2. Configure basic settings for the LDAP authentication

    supplementary explanationFor details on configuring the setting, refer to [Configuring basic settings for the LDAP authentication] .

  3. Set the following options according to your environment

    Purpose

    Reference

    Communicate with the LDAP server using SSL

    [Using SSL communication]

    Send original data scanned by this machine easily to the login user's own address using E-mail (Scan to Me)

    [Sending to your address (Scan to Me)]

    Notify the login user's own address of the URL of the original data scanned by this machine by E-mail (Scan to URL)

    [Sending the download URL to your address (Scan to URL)]

    Construct a single sign-on environment for the SMB transmission

    [Constructing a single sign-on environment for the SMB transmission]

    Restrict available functions by user

    [Restricting available functions by user or account]

    Restrict the access to destinations by user

    [Methods to limit access to destinations]

    Change function keys displayed in the Touch Panel by user

    [Changing the function key display pattern by user or account]

    Specify the operations of the ID & Print function

    [Specifying the operations of the ID & Print function]

    Specify the operations of this machine when you log out

    [Configuring common settings when using the authentication function]

    Restrict print jobs without authentication information

    [Restricting print jobs without authentication information]

    Print data from the printer driver without using the password

    [Printing without password (Quick authentication)]

Configuring basic settings for the LDAP authentication

Register your authentication server on this machine. In addition, change the authentication method of this machine so that authentication is performed using the registered authentication server.

  1. In the administrator mode, select [User Auth/Account Track] - [External Server Settings] - [Edit], then configure the following settings.

    Settings

    Description

    [External Server Name]

    Enter the name of your LDAP server (using up to 32 characters).

    Assign an easy-to-understand name to the LDAP server to be registered.

    [External Server Type]

    Select [LDAP].

    [Server Address]

    Enter your LDAP server address.

    Use one of the following formats.

    • Example of host name entry: "host.example.com"

    • Example of IP address (IPv4) entry: "192.168.1.1"

    • Example of IP address (IPv6) entry: "fe80::220:6bff:fe10:2f16"

    [Port No.]

    If necessary, change the LDAP server port number.

    In normal circumstances, you can use the original port number.

    [389] is specified by default.

    [Search Base 1] to [Search Base 3]

    Specify the starting point and range to search for a user to be authenticated.

    • [Search Base]: Specify the starting point to search for a target (using up to 255 characters).
      Example of entry: "cn=users,dc=example,dc=com"

    • [Search Range]: Select a tree search range. [Full Tree] is specified by default.
      Selecting [Full Tree] makes a search, including the tree structure under the entered starting point. Selecting [Next hierarchy only] searches for only one level directly beneath the entered starting point. In this case, the level at the starting point is not included as a search target.

    [Timeout]

    If necessary, change the time-out time to limit a communication with the LDAP server.

    [60] sec. is specified by default.

    [General Settings]

    Select the authentication method to log in to the LDAP server.

    Select one appropriate for the authentication method used for your LDAP server.

    [Simple] is specified by default.

    [Search Attribute]

    Enter the search attribute to be used for search of user account (using up to 64 characters, including a symbol mark -).

    The attribute must start with an alphabet character.

    [uid] is specified by default.

    [Search Attributes Authentication]

    Select this check box to enable the attribute-base authentication when [Simple] is selected for [General Settings].

    If this check box is selected, the user does not need to enter all of the DN (Distinguished Name) when performing authentication via the LDAP server.

    On this screen, enter authentication information to be used when you log in to the LDAP server to search for the user ID ([Login Name] and [Password]).

    [OFF] (not selected) is specified by default.

  2. In the administrator mode, select [User Auth/Account Track] - [General Settings], then configure the following settings.

    Settings

    Description

    [User Authentication]

    When performing authentication using an external authentication server, select [ON (External Server)] or [ON (MFP + External Server)].

    If you want to configure setting so that you can log in to this machine using its authentication function in consideration of an occurrence of some sort of problem on the external authentication server, select [ON (MFP + External Server)].

    [Overwrite User Info]

    When the external server authentication is used, authenticated user information is also managed on this machine. If the number of users who have executed the external server authentication reaches the maximum number of users this machine can manage, authentication of any new users will not be permitted. Select whether to allow the user to overwrite registered user information for that case.

    If you select [Allow], the oldest authenticated user information is erased and the new user is registered.

    [Restrict] is specified by default.

    [Default Authentication Method]

    If you have selected [ON (MFP + External Server)] at [User Authentication], select the authentication method you use normally.

    [ON (External Server)] is specified by default.

    [When Number of Jobs Reach Maximum]

    Sets the maximum number of sheets that each user can print. Here, select an operation if the number of sheets exceeds the maximum number of sheets that can be printed.

    • [Skip Job]: Stops the job currently running, and starts printing the next job.

    • [Stop Job]: Stops all jobs.

    • [Delete Job]: Deletes the active job.

    [Skip Job] is specified by default.

    [Temporarily Save Authentication Information]

    To temporarily save authentication information in the main unit against a case where an external authentication server shuts down, select [Enable].

    [Disable] is specified by default.

    [Reconnection Settings]

    If necessary, change the time to reconnect to the authentication server.

    • [Reconnect for every login]: Connects to the authentication server at the time authentication is carried out on this machine. If the authentication server is in the shutdown state at the time authentication is carried out on this machine, first confirm that the authentication server is down, and use the temporarily saved authentication information to log in to this machine.

    • [Set Reconnect Interval]: Connect to the authentication server at the time specified in [Reconnection Time], and check the status of the authentication server. If the authentication server is in the shutdown state, use the authentication information temporarily saved in the main unit to log in.

    [Set Reconnect Interval] is specified by default.

    [Expiration Date Settings]

    Select [Enable] to set the expiration date to the temporarily saved authentication information. If [Enable] is selected, enter the expiration date.

    [Disable] is specified by default.

Using SSL communication

Communication between this machine and the LDAP server is encrypted with SSL.

Configure the setting if your environment requires SSL encryption communication with the LDAP server.

In the administrator mode, select [User Auth/Account Track] - [External Server Settings] - [Edit], then configure the following settings.

Settings

Description

[Enable SSL]

Select this check box to use SSL communication.

[OFF] (not selected) is specified by default.

[Port No.(SSL)]

If necessary, change the SSL communication port number.

In normal circumstances, you can use the original port number.

[636] is specified by default.