Ldap Authentication - Ricoh Pro C9100 Operating Instructions Manual

LDAP Authentication

Specify this authentication method when using the LDAP server to authenticate users who have their
accounts on the LDAP server. Users cannot be authenticated if they do not have their accounts on the
LDAP server. The Address Book stored in the LDAP server can be registered to the machine, enabling
user authentication without first using the machine to register individual settings in the Address Book.
When using LDAP authentication, to prevent the password information from being sent over the network
unencrypted, it is recommended to encrypt communication between the machine and LDAP server by
using SSL. You can specify on the LDAP server whether or not to enable SSL. To do this, you must create
a server certificate for the LDAP server. For details about creating a server certificate, see page 38
"Creating the Server Certificate". SSL settings can be specified in the LDAP server setting.
Using Web Image Monitor, you can enable a function to check that the SSL server is trusted. For details
about specifying LDAP authentication using Web Image Monitor, see Web Image Monitor Help.
When you select Cleartext authentication, LDAP Simplified authentication is enabled. Simplified
authentication can be performed with a user attribute (such as cn, or uid), instead of the DN.
To enable Kerberos for LDAP authentication, a realm must be registered in advance. A realm must be
configured in capital letters. For details about registering a realm, see "Programming the Realm",
Connecting the Machine/ System Settings.
• If you use LDAP authentication, user information registered in the LDAP server is automatically
registered in the machine's address book. Even if the user information automatically registered in
the machine's address book is edited on the machine, it is overwritten by the information from the
LDAP server when authentication is performed.
• Under LDAP authentication, you cannot specify access limits for groups registered in the directory
server.
• Do not use double-byte Japanese, Traditional Chinese, Simplified Chinese, or Hangul characters
when entering the login user name or password. If you use double-byte characters, you cannot
authenticate using Web Image Monitor.
• If Active Directory in LDAP authentication is used when Kerberos authentication and SSL are set at
the same time, user informations cannot be obtained.
• Under LDAP authentication, if "Anonymous Authentication" in the LDAP server's settings is not set to
Prohibit, users who do not have an LDAP server account might be able to access the server.
• If the LDAP server is configured using Windows Active Directory, "Anonymous Authentication"
might be available. If Windows authentication is available, we recommend you use it.
Operational requirements for LDAP authentication
To specify LDAP authentication, the following requirements must be met:
• Configure the network so that the machine can detect the LDAP server.
• When SSL is being used, TLSv1 or SSLv3 can run on the LDAP server.
LDAP Authentication
39