Using Ldap - Lexmark MS610dn Administrator's Manual

Using security features in the Embedded Web Server
f
Change some of the building block settings depending on your environment, including the following:
•
Server Port‑‑The standard port for LDAP is 389. Another common port is 3268, but this is used only for
Global Catalog servers in Active Directory. When applicable, change the port to 3268 to speed up the
querying process.
•
Search Base‑‑This tells the device where, in the directory "tree", to start searching. Specified as a
Distinguished Name, it is recommended that you at least specify the root of the directory (e.g.
"dc=company,dc=com").
•
Use Kerberos Service Ticket‑‑This setting is an advanced setup otherwise known as SPNEGO. This uses the
session ticket that a user has when they are logged into their computer. It is recommended that you leave
this setting unchecked.
•
Use Active Directory Device Credentials‑‑This box should normally be checked because you want to use
the Service Account that was created in Active Directory. If you do not want to use this setting, because you
want to utilize an existing Service Account or you want to use user credentials (advanced setup), then simply
uncheck this box.
g
Using the scroll bar on the right side of the page, scroll down to the following fields when necessary:
• Group Search Base‑‑This field tells the device where in the directory tree to start searching for a particular
group. This field does not need to be filled out if user‑ or group‑based authorization is not required by the
environment.
• Short name for group‑‑This is a user‑defined field that allows the user to create a name for a group and
associate that name with a group identifier.
•
Group Identifier‑‑This field tells the device what container or organizational unit it needs to search and to
validate whether an authenticated user is a member of an authorized group.
h
If you have made any changes, using the scroll bar on the right side of the page, scroll down to the bottom of
the page, and then click Modify.

Using LDAP

Note: This is available only in select printer models.
Lightweight Directory Access Protocol (LDAP) is a standards‑based, cross‑platform, extensible protocol that runs directly
on top of the TCP/IP layer and is used to access information stored in a specially organized information directory. One
of the strengths of LDAP is that it can interact with many different kinds of databases without special integration, making
it more flexible than other authentication methods.
Notes:
•
Supported devices can store a maximum of five unique LDAP configurations. Each configuration must have a
unique name.
•
Administrators can create up to 32 user‑defined groups that apply to each unique LDAP configuration.
•
As with any form of authentication that relies on an external server, users will not be able to access protected
device functions if an outage prevents the printer from communicating with the authenticating server.
• To help prevent unauthorized access, users are encouraged to securely end each session by selecting Log out on
the printer control panel.
To add a new LDAP setup
1
From the Embedded Web Server, click Settings > Security > Security Setup.
2
Under Advanced Security Setup, click LDAP.
13