Table of Contents
Advertisement
LDAP Authentication
Specify this authentication method when using the LDAP server to authenticate users who have their
accounts on the LDAP server. Users cannot be authenticated if they do not have their accounts on the
LDAP server. The Address Book stored in the LDAP server can be registered to the machine, enabling
user authentication without first using the machine to register individual settings in the Address Book.
When using LDAP authentication, to prevent the password information being sent over the network
unencrypted, it is recommended that communication between the machine and LDAP server be
encrypted using SSL. You can specify on the LDAP server whether or not to enable SSL. To do this, you
must create a server certificate for the LDAP server. For details about creating a server certificate, see
page 51 "Creating the Server Certificate". The setting for using SSL can be specified in the LDAP server
setting.
Using Web Image Monitor, you can enable a function that checks whether the SSL server is trustworthy
when you connect to the server. For details about specifying LDAP authentication using Web Image
Monitor, see Web Image Monitor Help.
When you select Cleartext authentication, LDAP Simplified authentication is enabled. Simplified
authentication can be performed with a user attribute (such as cn, or uid), instead of the DN.
To enable Kerberos for LDAP authentication, a realm must be registered beforehand. The realm must be
programmed in capital letters. For details about registering a realm, see "Programming the Realm",
Connecting the Machine/ System Settings.
• During LDAP authentication, the data registered in the LDAP server, such as the user's e-mail
address, is automatically registered in the machine. If user information on the server is changed,
information registered in the machine may be overwritten when authentication is performed.
• Under LDAP authentication, you cannot specify access limits for groups registered in the directory
server.
• Do not use double-byte Japanese, Traditional Chinese, Simplified Chinese, or Hangul characters
when entering the login user name or password. If you use double-byte characters, you cannot
authenticate using Web Image Monitor.
• If using Active Directory in LDAP authentication when Kerberos authentication and SSL are set at
the same time, e-mail addresses cannot be obtained.
• Under LDAP authentication, if "Anonymous Authentication" in the LDAP server's settings is not set to
Prohibit, users who do not have an LDAP server account might still be able to gain access.
• If the LDAP server is configured using Windows Active Directory, "Anonymous Authentication"
might be available. If Windows authentication is available, we recommend you use it.
Operational requirements for LDAP authentication
To specify LDAP authentication, the following requirements must be met:
• The network configuration must allow the machine to detect the presence of the LDAP server.
LDAP Authentication
53
Advertisement
Chapters
Table of Contents
Troubleshooting
