* Enter the name of the utility key. You can search descriptions of utility keys.

Setting Up LDAP

To display: [Utility][Administrator][Network][LDAP Setting][Setting Up LDAP]

Register the LDAP server used to search for a destination.

Select [Edit] in the LDAP server list, and configure the following settings.

Setting

Description

[LDAP Server Name]

Enter the name of the LDAP server (using up to 32 characters).

[Server Address]

Enter the LDAP server address. Use one of the following formats.

  • Example to enter the host name: "host.example.com"

  • Example to enter the IP address (IPv4): "192.168.1.1"

  • Example to enter the IP address (IPv6): "fe80::220:6bff:fe10:2f16"

[Port No.]

If necessary, change the LDAP server port number (default: [389]).

[Enable SSL]

When using SSL communications, set this option to ON (default: OFF).

  • [Port No.(SSL)]: If necessary, change the port number for SSL communication (default: [636]).

[Certificate Verification Level Settings]

To validate the certificate during SSL communication, select items to be verified.

  • [Expiration Date]: Confirm whether the certificate is within the validity period (default: ON).

  • [CN]: Confirm whether CN (Common Name) of the certificate matches the server address (default: OFF).

  • [Key Usage]: Confirm whether the certificate is used according to the intended purpose approved by the certificate issuer (default: OFF).

  • [Chain]: Confirm whether there is a problem in the certificate chain (certificate path) (default: OFF). The chain is validated by referencing the external certificates managed on this machine.

  • [Expiration Date Confirmation]: Confirm whether the certificate has expired (default: OFF). The expiration date confirmation is performed in the order of OCSP (Online Certificate Status Protocol) service, and CRL (Certificate Revocation List).

[Search Base]

Specify the starting point to search for a destination (using up to 255 characters).

The range from the entered origin point, including the following tree structure, is searched.

Example of entry: "cn=users,dc=example,dc=com"

[Timeout]

If necessary, change the time-out time to limit a communication with the LDAP server (default: [60] sec.).

[Max.Search Results]

Change the maximum number of destinations to be displayed as search results, if necessary (default: [100] destinations).

[General Settings]

Select the authentication method to log in to the LDAP server depending on your environment (default: [anonymous]).

  • [Login Name]: Enter the login name used for LDAP authentication (using up to 64 characters).

  • [Password]: Enter the password for LDAP authentication (using up to 64 characters).

  • [Domain Name]: If [GSS-SPNEGO] is selected for [General Settings], enter the domain name of Active Directory (using up to 64 characters).

[Select Server Authentication Method]

Select whether to synchronize the LDAP authentication with the user authentication of this machine (default: [Set Value]).

  • [Set Value]: Uses values entered in [Login Name] and [Password].

  • [User Authentication]: Uses the registered user's user authentication of this machine as authentication information for LDAP authentication.

  • [Dynamic Authentication]: The system prompts you to enter the user name and password at LDAP searching.

[Use Referral]

Select whether to use the referral function (default: [ON]).

[Search Condition Attributes]

Select attributes to be specified when performing the LDAP search (default: [Name]). The setting can be switched between [Name] (cn) and [Nickname] (displayName).

[Search]

Select whether to display candidate destinations when entering a part of the name to perform LDAP search (default: [OFF]).

[Initial Setting for Search Details]

Specify the default LDAP search conditions for each item (default: [OR]).

  • [Search Attributes Authentication]: When enabling Search Attributes Authentication, set this option to ON (default: OFF). Configure this setting when [General Settings] is set to [Simple] and [Select Server Authentication Method] to [Dynamic Authentication]. If enabled, the user does not need to enter all of the DN (Distinguished Name) when performing authentication via the LDAP server.
    [Search Attribute]: Enter the search attribute to be automatically added before the user name (using up to 64 characters). The attribute must start with an alphabet character (default: [uid]). In normal circumstances, specify "uid" before the user name, however, depending on your environment, you need to specify other attribute such as "cn".

Tips
  • Selecting [Check Connection] in [LDAP Server List] enables you to confirm whether you can connect to the LDAP server according to the registered contents.