Troubleshooting Authentication; Determining The Ldap Server Hostname Or Tcp/Ip Address - HP T1936AA - Digital Sending Software Technical Reference

Troubleshooting authentication

If Find Settings does not return any information, or if a user-credential error occurs during Find
Settings or Test, one of the following three criteria for a successful LDAP query probably has not
been met:
●
HP DSS must be configured with the correct search root. The search root is a string that
represents the location in the Active Directory database where the search begins. This is
sometimes called the "search base." The "base DN" (distinguished name) is the search root that
describes the root of the Active Directory database. The base DN can be used as the search
root when the LDAP client is configured to search the entire directory.
●
The account used in HP DSS must have read access to the data in Active Directory. The client
account that is used to configure the LDAP lookup for authentication and addressing must have
read access in the LDAP directory container that is indicated by the search root. In addition, if
information about users and recipients is located in any part of the subtree indicated by the
search root, the client account that is used must also have access to the subtree.
●
HP DSS must be configured to search the correct LDAP attributes. The LDAP client must be
configured to search an existing LDAP attribute for information. LDAP attribute names vary
somewhat between implementations.

Determining the LDAP server hostname or TCP/IP address

NOTE
All domain controllers in a given domain contain a copy of the Active Directory database. Typically,
all domain controllers run the LDAP service and are listening for LDAP queries on port 389. In some
multi-domain environments, however, HP DSS should use the domain's Global Catalog Server. The
Global Catalog Server contains information about other domains in the domain forest and listens for
LDAP queries on port 3268.
To determine which domain controller a specific Windows 2000 or XP client used to log onto the
domain, look at the system variable "LOGONSERVER" by typing the following command at the
command prompt:
C:\echo %LOGONSERVER%
NOTE
server or workstation on which HP DSS is installed.
The LOGONSERVER environment variable contains the hostname of the domain controller. To
obtain the TCP/IP address for any hostname, use the "nslookup" command. For example, to find the
TCP/IP address for a server that has the hostname DC1, type the following command at the
command prompt:
C:\nslookup DC1
In some cases, nslookup might not work, but the "ping" command also returns the TCP/IP address
for a specific hostname.
One way to determine whether or not a specific domain controller is listening for LDAP queries is to
telnet to the TCP/IP address of the domain controller and specify either port 389 or port 3268. To do
this, type the following command at the command prompt : "telnet <TCP/IP address of the
domain controller> <Port (389 or 3268)>". For example:
ENWW
This method applies to the Windows environment only.
All of the commands that are listed in this section should be performed from the
Using authentication 59