•
Userid Attribute
—Type either
cn
(common name),
uid
,
userid
, or
user
‑
defined
.
•
Mail Attribute
—Type a maximum of 48 characters to identify e
‑
mail addresses. The default value is “mail.”
•
Full Name Attribute
—Type a maximum of 48 characters.
•
Search Base
—The node in the LDAP server where user accounts reside. You can enter multiple search bases,
separated by commas.
Note:
A Search Base consists of multiple attributes separated by commas, such as cn (common name), ou
(organizational unit), o (organization), c (country), and dc (domain).
•
Search Timeout
—Enter a value from 5 to 30 seconds.
•
Use Kerberos Service Ticket
—If this is selected, then a Kerberos ticket is presented to the LDAP server using
the GSSAPI protocol to obtain access.
Device Credentials
•
Use Active Directory Device Credentials
—Allow user credentials and group designations to be pulled from the
existing network comparable to other network services.
•
MFP Kerberos Username
—Type the distinguished name of the print server or servers.
•
MFP’s Password
—Type the Kerberos password for the print servers.
Search specific object classes
•
Person
—Allow the “person” object class to be searched.
•
Custom Object Class
—Allow the custom search object class to be searched. You can define up to three custom
search object classes.
LDAP Group Names
•
Configure Groups
—You can associate up to 32 named groups stored on the LDAP server by entering identifiers
for those groups under the Group Search Base list. Both the Short name for group and Group Identifier must
be provided.
•
When creating security templates, you can pick groups from this setup for controlling access to device functions.
4
Click
Submit
to save the changes, or
Cancel
to return to previous values.
Editing an LDAP+GSSAPI setup
1
From the Embedded Web Server, click
Settings
>
Security
>
Security Setup
.
2
Under Advanced Security Setup, click
LDAP+GSSAPI
.
3
Select a setup from the list.
4
Make any needed changes in the LDAP Configuration dialog.
5
Click
Modify
to save the changes, or
Cancel
to return to previous values.
Deleting an LDAP+GSSAPI setup
1
From the Embedded Web Server, click
Settings
>
Security
>
Security Setup
.
2
Under Advanced Security Setup, click
LDAP+GSSAPI
.
3
Select a setup from the list.
4
Click
Delete Entry
to remove the profile, or
Cancel
to return to previous values.
Managing authentication and authorization methods
18