When you use the LDAP server for user management, you can restrict users of this machine by authentication using LDAP.
Employing the user authentication enables security- and cost-conscious advanced operations such as restricting users from accessing this machine, restricting users from using the functions by user, and managing the use status of this machine.
When employing the LDAP authentication function, follow the below procedure to configure the settings.
Configure settings for connecting to the network such as setting of the IP address of this machine
For details on configuring the setting, refer to Here.
Configure basic settings for the LDAP authentication
For details on configuring the setting, refer to Here.
Set the following options according to your environment
Purpose | Reference |
---|---|
Communicate with the LDAP server using SSL | |
Send original data scanned by this machine easily to the login user's own address using E-mail (Scan to Me) | |
Notify the login user's own address of the URL of the original data scanned by this machine by E-mail (Scan to URL) | |
Construct a single sign-on environment for the SMB transmission | |
Restrict available functions by user | |
Restrict the access to destinations by user | |
Change function keys displayed in the Touch Panel by user | |
Specify the operations of the ID & Print function | |
Specify the operations of this machine when you log out | |
Restrict print jobs without authentication information | |
Print data from the printer driver without using the password |
Register your authentication server on this machine. In addition, change the authentication method of this machine so that authentication is performed using the registered authentication server.
In the administrator mode, select [User Auth/Account Track] - [External Server Settings] - [External Server Settings] - [Edit].
Click [Edit] in [1st Server], then configure the following settings.
Settings | Description |
---|---|
[External Server Name] | Enter the name of your LDAP server (using up to 32 characters). Assign an easy-to-understand name to the LDAP server to be registered. |
[External Server Type] | Select [LDAP]. |
[Server Address] | Enter your LDAP server address. Use one of the following formats.
|
[Port No.] | If necessary, change the LDAP server port number. In normal circumstances, you can use the original port number. [389] is specified by default. |
[Search Base 1] to [Search Base 3] | Specify the starting point and range to search for a user to be authenticated.
|
[Timeout] | If necessary, change the time-out time to limit a communication with the LDAP server. [60] sec. is specified by default. |
[General Settings] | Select the authentication method to log in to the LDAP server. Select one appropriate for the authentication method used for your LDAP server. [Simple] is specified by default. |
[Search Attribute] | Enter the search attribute to be used for search of user account (using up to 64 characters, including a symbol mark -). The attribute must start with an alphabet character. [uid] is specified by default. |
[Search Attributes Authentication] | Select this check box to enable the attribute-base authentication when [Simple] is selected for [General Settings]. If this check box is selected, the user does not need to enter all of the DN (Distinguished Name) when performing authentication via the LDAP server. On this screen, enter authentication information to be used when you log in to the LDAP server to search for the user ID ([Login Name] and [Password]). [OFF] (not selected) is specified by default. |
[Search Directory Service] | If you select [Active Directory], you can limit a search target for authentication to users. However, when a search target for authentication is limited to users, search target identification processing occurs on the server side, so the authentication time may be delayed. This function is available when the authentication server is set to Active Directory (Windows Server 2008 or later). [Other] is specified by default. |
Click [Edit] in [2nd Server] as needed, then configure the following settings.
Settings | Description |
---|---|
[2nd Server Setting] | Select whether to use the secondary server. If you group two servers, you can switch to another server to perform authentication when a server shuts down. [OFF] is specified by default. |
[Round Robin function] | Select whether to alternately connect to the primary and secondary servers. If you select [Enable], you can alternately connect the primary and secondary servers to distribute the server load. [Disable] is specified by default. |
[Reconnection Settings] | Configure a setting to connect to the secondary server when the machine cannot be connected to the primary server. When the round-robin function is enabled, this setting can also be used to connect to the primary server when the machine cannot be connected to the secondary server.
[Set Reconnect Interval] is specified by default. |
[External Server Type] | Select the type of the authentication server and set required information. For details on settings, refer to step 2. |
In the administrator mode, select [User Auth/Account Track] - [General Settings], then configure the following settings.
Settings | Description |
---|---|
[User Authentication] | When performing authentication using an external authentication server, select [ON (External Server)] or [ON (MFP + External Server)]. If you want to configure setting so that you can log in to this machine using its authentication function in consideration of an occurrence of some sort of problem on the external authentication server, select [ON (MFP + External Server)]. |
[Overwrite User Info] | When the external server authentication is used, authenticated user information is also managed on this machine. If the number of users who have executed the external server authentication reaches the maximum number of users this machine can manage, authentication of any new users will not be permitted. Select whether to allow the user to overwrite registered user information for that case. If you select [Allow], the oldest authenticated user information is erased and the new user is registered. [Restrict] is specified by default. |
[Default Authentication Method] | If you have selected [ON (MFP + External Server)] at [User Authentication], select the authentication method you use normally. [ON (External Server)] is specified by default. |
[When Number of Jobs Reach Maximum] | Sets the maximum number of sheets that each user can print. Here, select an operation if the number of sheets exceeds the maximum number of sheets that can be printed.
[Skip Job] is specified by default. |
[Temporarily Save Authentication Information] | To temporarily save authentication information in the main unit against a case where an external authentication server shuts down, select [Enable]. [Disable] is specified by default. |
[Reconnection Settings] | If necessary, change the time to reconnect to the authentication server.
[Set Reconnect Interval] is specified by default. |
[Expiration Date Settings] | Select [Enable] to set the expiration date to the temporarily saved authentication information. If [Enable] is selected, enter the expiration date. [Disable] is specified by default. |
[External Server DN Cache] | To save DN (Distinguished Name) information on the machine when authentication succeeds in the LDAP server, select [ON]. At the next authentication, you can use the saved information to search for a user, realizing high-speed authentication. [OFF] is specified by default. |
To check the status of the connection of the primary authentication server and the secondary authentication server, select [User Auth/Account Track] - [Authentication Server Connection status] - [External Server Authentication] in the administrator mode. If [Connection Enabled] is displayed, you can connect to both the primary and secondary authentication servers.
Communication between this machine and the LDAP server is encrypted with SSL.
Configure the setting if your environment requires SSL encryption communication with the LDAP server.
In the administrator mode, select [User Auth/Account Track] - [External Server Settings] - [Edit], then configure the following settings.
Settings | Description |
---|---|
[Enable SSL] | Select this check box to use SSL communication. [OFF] (not selected) is specified by default. |
[Port No.(SSL)] | If necessary, change the SSL communication port number. In normal circumstances, you can use the original port number. [636] is specified by default. |