Configuring the MFP's LDAP Address Book for anonymous and simple binds

Overview

L
ightweight D
irectory A
ccess P
rotocol (LDAP)
, when combined with the proper configuration of the device, equips MFPs with the following abilities:

- Provides access to specific user information such as e-mail addresses, fax number lookups, and other information located in directories found on a directory server.

- Provides a platform for authenticated access to the MFP.

- Provides additional authorization
when combined with Lexmark's enhanced security templates to limit a large set of functions or access controls on the MFP.

- Provides anonymous
binds with a directory server, or binding with Active Directory which uses a simple bind
and
device credentials
.

- Provides the ability to bind to an Active Directory's global catalog server (GCS
) using port 3268
or independent domain controllers (DCs
) using port 389
.

Types of directory servers

Directory servers may include any of the following:

- The most common is currently Microsoft's™ Active Directory (AD).

- Netscape Directory Server

- Novell eDirectory

- Sun Java System Directory Server

- IBM Tivoli Directory Server, Domino Server

- Open LDAP for Linux

- Eudora LDAP Directory Server

Before you begin

If you require Anonymous
access to the LDAP server for address book access obtain the necessary settings described below and follow the instructions under Address Book Setup.

If you require LDAP
configuration using a
Simple Bind
required for Microsoft's™ Active Directory LDAP implementation, then follow the same Address Book Setup instructions as used for anonymous bind but include your MFP or Device Credentials.

If you require LDAP Authentication and Authorization
, then reference that outlines this procedure.

Needed Settings and Requirements

Requirement and Setting Function	Examples
Access to the directory serve A comprehensive understanding of your LDAP server's structure is necessary to configure the MFP.	A LDAP browser application (Microsoft™ LDP or Softerra™) may have the ability to obtain the following information: Your organization's structure. Your directory server's topology. Whether or not you are communicating with a parent or child domain. Other information about the design.
The DNS name* or IP address of the Domain Controller acting as the Directory Server . The address of the server hosting LDAP. Avoid IP addresses in a DHCP environment. Any IP change to the domain controller may cause a communication failure with all MFPs configured to use LDAP.	dc01.company.com . Often this value comprises the fully qualified domain name (FQDN).
Common server ports* are 389 and 3268 Port 389 will work in in an AD environment; however, multiple Domain Controllers (DCs) may cause performance issues.	Port 3268 for global catalog server in Active Directory (AD ) environments. Port 389 for all other LDAP environments
The mail attribute* This setting is required for the MFP to query for the e-mail addresses. Users’ login information will be compared to this attribute.	mail This setting is common in most Active Directory (AD ) environments.
The fax number attribute* This setting is required for the MFP to query for fax numbers.	facsimilietelephonenumber This setting is common in most Active Directory (AD ) environments.
Search Base* Start with the parent domain . Tells where in the directory "tree" to start looking and the parent domain is likely to contain ALL user account information. Subsets can be used if performance becomes an issue, but then all user accounts must reside within the child domain.	Company.com entered in DN format, e.g., DC=company,DC=com Distinguished name (DN) format should include DC (Domain Controller) capitalized, commas for dots and no spaces. All Active Directory (AD ) queries will fail this field is left blank.
Device Credentials* Distinguished Name (DN ) and password ) This may be called MFP Credentials . The DN path should point to a location on the directory server where all user "service accounts" reside. This setting identifies and describes an entry in a directory on an LDAP server. Simple binds require a "service account" name and password if sharing among multiple MFPs	Place a checkmark next to Anonymous Bind for most non-Active Directory LDAP servers. Example of a full distinguished name will look similar to: CN=Lexmark,OU=Service Accounts,DC=company,DC=com

* Lexmark is not responsible for identifying any of configuration settings referenced in this article. If you seek additional assistance, please consult your Domain or LDAP administrator.

Address Book Setup

Open the MFP web browser and navigate to Settings
> Network/Ports
> Address Book Setup.

Click on Configuration
or Settings
.

Click on Network/Ports
.

Click on Address Book Setup.

Enter the following values:

- Server Address

- Server Port

- Mail Attribute

- Fax Number Attribute

- Search Base –
Absolutely required for AD environments!

If uncertain of these values, contact your LDAP administrator, or you can attempt to utilize an LDAP browser such as Softerra™ LDAP browser
, ADSI edit
, or Microsoft LDP
among others, to obtain these settings.

Click on Device Credentials
. Select Anonymous LDAP Bind
for most non-Active Directory environments. Or, enter the Distinguished Name
(DN) and password
for AD
.

Click Submit
.

Click on Submit
again.

New confirmation feature
. Enter a value and click on Search Address Bookto confirm that you are able to bind or connect with the LDAP server.

LEGACY ID: HO3645