Server Authentication (Ldap Authentication); Server Authentication And Local Device Authentication - Canon imageRUNNER ADVANCE C350 series Service Manual

2
Technical Explanation > MEAP > Enhanced System Application Management > Server authentication and local device authentication

■ Server Authentication (LDAP Authentication)

It is one of the user authentication methods using SSO-H. User authentication is performed
with the device linked with the LDAP Server on the network in an LDAP environment.
Device
Local user
LDAP server authentication can be used for devices that support MEAP User Preference
Service (MEAP Specification Ver.56) and MEAP Application Setting Information Management
(MEAP Specification Ver.57).
As for models that do not support MEAP User Preference Service and MEAP Application
Setting Information Management , [LDAP Server] cannot be selected as the type of the
authentication server on the SSO-H Configuration page. Moreover, it is not possible to access
the LDAP Server Management screen and the Add Server screen.
Simple bind (a method where the password is not encrypted) is used as the bind
(authentication) between SSO-H and LDAP server. It is therefore strongly recommended to
always use SSL connection from a security standpoint.
As for the version of LDAP, only Ver.3 is supported.
ON/OFF of SSL connection can be changed on the LDAP Server Management page.
The time-out value of connection is 60 seconds.
In the case of using LDAP server authentication, the characters entered as the user name are
not case-sensitive, but the characters entered as the password are case-sensitive.
In the case of SSO-H, authentication is not allowed when the user name includes "* (asterisk)".
If authentication is performed with "* (asterisk)" used in the user name, an authentication error
occurs.
CAUTION:
Since department ID and password are not assigned to domain users, distributing
setting information where the department ID is enabled to a device where the server
authentication is enabled may make the device unable to be logged in. If the device has
become unable to be logged in, follow "Remedy to Be Performed When the Device Has
Become Unable to Be Logged in" in this manual.
2 Technical Explanation > MEAP > Enhanced System Application Management > Server authentication and local device authentication
LDAP Server
Remote user
F-2-244

■ Server authentication and local device authentication

It is a user authentication method provided with both the "server authentication" function and
the "local device authentication" function.
It is possible to use server authentication to authenticate the users registered on the
authentication server under normal conditions and use local device authentication when a
user who cannot be added to the authentication server needs to be temporarily authenticated.
If a trouble occurs in the authentication server, local device authentication can be used as an
emergency measure until recovery from the trouble.
Local user
Remote user
2-160
Server authentication
Local device authentication
ローカルデバイス認証
F-2-245
2-160