You are on page 1of 8

X7500 Series, X4500 Scanner Series MFPs: LDAP Address Book and Authentication Configuration and Basic Troubleshooting

Tips

Lexmark International

Prerequisite Inform ation

In order to configure a Lexmark MFP for LDAP Authentication and/or Address Book Lookups, youll need the following information:

1. 2.

The DNS name or IP address of the system thats acting as the Directory Server. The port number that the Directory Server monitors for LDAP traffic. This is normally port 389.

3.

Unless the Directory Server allows anonymous access, the MFP will need a set of credentials (DN, and password) that correspond to a user account. Often, this account will be a dedicated service account, and it would typically be shared among multiple MFPs. Note that you will need the fully-qualified Distinguished Name (DN) for this account, which will look something like cn=MFP Account,ou=Equipment,dc=<domain name > ,dc=com.

4.

The Search Base for the directory needs to be known. This can usually be the root of the directory (such as dc=company,dc=com, although in a large directory there will be performance benefits if this reflects a subset of the directory under which all of the user accounts reside.

5.

The attribute against which users login information is to be compared. For an Active Directory environment this is typically the sAMAccountName attribute. For other environments, it can be one of the other attributes (uid, userid, etc.)

Lexmark International

Configuration Instr uctions

Part I of II Basic LDAP Configuration To configure the MFP so that it searches the directory for addresses and/or fax numbers, perform the following steps: 1. Point your browser to the MFPs IP address, and check the MFP Software version number:

Figure 1.0 The MFPs software level should be 906.xxx or higher.

Lexmark International

2. Starting at the MFPs home page, select the Configuration link, then the Manage Function Access and LDAP Setup links.

Figure 2.0 The MFPs LDAP settings are specified on the LDAP Setup page: Configuration->Manage Function Access->LDAP Setup

3. On this page, fill in the Server Address, Port, MFPs Distinguished Name, MFPs Password, and Search Base fields. All of these fields are required. Note that the Userid Attribute field is not required for LDAP Queries, although it will be required for the MFP to authenticate users via LDAP. For now, it can be filled in or left blank. 4. The remaining fields and values should be left in their default state. 5. Scroll down and click on Submit.

At this point, the MFP should be able to perform LDAP queries to look up addresses or phone numbers in the directory serviced by the specified Directory Server.

Lexmark International

To test this, touch the E-mail icon on the MFPs panel. On the screen that appears (see Figure 3.0), type in part or all of a persons name and select Search Address Book. The MFP will use LDAP to query the directory for anyone whose name or email address matches the information entered, and will provide you a list of possible matches from which to choose.

Figure 3.0 The MFP can use LDAP to look up the phone numbers or email addresses of recipients during fax or scan-to-email jobs

Figure 3.1 The MFP has searched the directory, and found five users whose first name, last name, or email start with ma

If this operation fails and there are no results found for users that are known to be in the directory, refer to the Setup Troubleshooting section, below. Lexmark International 5

Part II of II Using LDAP for Authentication Once the Basic LDAP Configuration as described above has been successfully applied and tested, the MFP can easily be configured to authenticate users via LDAP.

1. Starting at the MFPs default web page (i.e. http://<MFPs IP address>), select the Configuration and Manage Function Access links. 2. Set the Authentication Method to LDAP. 3. Users can be required to authenticate prior to performing Copy, Fax, or E-mail jobs, and before they can select predefined Profiles or Forms. To protect each sort of access, select ID and Password in the controls that correspond to each operation. 4. Click on Submit. When the MFPs web page refreshes, select Configuration>Manage Function Access->LDAP Setup, and make sure that the Userid Attribute field is set to reflect the attribute against which the user ID thats provided during authentication will be compared. If this value is modified, select Submit at the bottom of the page. At this point the MFP will require users to authenticate before proceeding with the specified functions. To test this, select one of the icons on the MFP panel that corresponds to a function that was protected with authentication in step #3, above. The MFP should prompt for the users ID and password, as shown below.

Figure 3.1 The MFP will prompt for the User ID and Password during authentication

If the authentication fails for user ID/password combinations that are known to be valid, refer to the Setup Troubleshooting section, below.

Lexmark International

S e t u p Tr o u b l e s h o ot i n g

Check the MFPs basic IP settings, via the links Configuration->Setup and Configuration->TCP/IP. In particular, make sure the MFPs DNS Server Address field is filled in, and correct. Check the value of the Server Address on the MFPs LDAP Setup page (Configuration>Manage Function Access->LDAP Setup).
o Confirm that the system indicated by the Server Address is responding to pings,

and confirm that it is a Directory Server. o If the Server Address is specified as a DNS name, make sure the name is spelled correctly. Make sure you can ping it as a DNS name, and that the ping is successful.

Check the MFPs DN and password, to make sure they are valid o The ADSI Edit tool is an excellent tool for confirming the DN in a Windows Active Directory environment. This tool is a standard part of the Support Tools, which can be installed from the \support\tools folder on the Windows Server CD. The Active Directory Users and Computers tool is a standard component on domain controllers in an Active Directory environment. This is also a good tool for verifying the DN thats been provided to the MFP. And, this is the default path for changing/verifying the password associated with the MFPs account. A method for confirming the Server Address, Port, and the MFPs credentials for any LDAP server platform is to use an LDAP browser tool such as the Softerra LDAP browser, available at www.softerra.com/products/ldapbrowser.php This browser can be configured to query the directory in a way that reflects the MFPs use of directory queries. If the Softerra browser can successfully query a given server, then the MFP can be configured to use the same server address, port number, DN, password, and search base. o Similarly, the LDP tool thats included as part of the Support Tools (which can be installed from the \support\tools folder on the Windows Server CD) is a good tool for browsing the directory.

Check the Search Base thats specified on the MFPs LDAP Setup page. The Search Base will usually indicate the root of the directorysomething like dc=production,dc=acme,dc=com 7

Lexmark International

If authentication is failing but Address Book lookups are working, the problem may be related to the Userid Attribute value on the MFPs LDAP Setup page. This value is used during authentication, but not used during Address Book lookups. Make sure that the attribute specified corresponds to a valid attribute in the directory, and that this attribute reflects the login information that the user provides on the first login screen, during authentication. Note that the Softerra LDAP browser is a good tool for validating this information by browsing the directory. For the X7500/5500/X4500 : Use the MFPs UI log and/or a sniff trace of the network traffic between the MFP and the Directory Server to get insight into the root cause of the failure. For the X644e/X646e/X85xe : Use the MFPs History log and/or a sniff trace of the network traffic between the MFP and the Directory Server .

Lexmark International

You might also like