When you use the LDAP server for user management, you can restrict users of this machine by authentication using LDAP.
Employing the user authentication enables security- and cost-conscious advanced operations such as restricting users from accessing this machine, restricting users from using the functions by user, and managing the usage status of this machine.
When employing the LDAP authentication function, follow the below procedure to configure the settings.
Register your authentication server on this machine. In addition, change the authentication method of this machine so that authentication is performed using the registered authentication server.
Select [User Auth/Account Track] - [External Server Settings] - [External Server Settings] - [Edit] in administrator mode of Web Connection (or in [Utility] - [Administrator] of this machine).
Click [Edit] of [1st Server], and configure the following settings.
Setting | Description |
---|---|
[External Server Name] | Enter the name of the authentication server (using up to 32 characters). |
[External Server Type] | Select [LDAP]. |
[LDAP] | Register server information when LDAP is used as the authentication server.
|
[Search Directory Service] | If you select [Active Directory], you can limit a search target for authentication to users (default: [Other]). However, when a search target for authentication is limited to users, search target identification processing occurs on the server side, so the authentication time may be delayed. This function is available when the authentication server is set to Active Directory (Windows Server 2008 or later). |
Click [Edit] of [2nd Server] as needed, and configure the following settings.
Setting | Description |
---|---|
[2nd Server Setting] | When using the secondary server, set this option to ON (default: OFF). |
[Round Robin function] | When using the round-robin function, set this option to ON (default: OFF). If you select round-robin function, you can alternately connect the primary and secondary servers to distribute the server load. |
[Reconnection Settings] | Configure a setting to connect to the secondary server when the machine cannot be connected to the primary server (default: [Set Reconnect Interval]). When the round-robin function is enabled, this setting can also be used to connect to the primary server when the machine cannot be connected to the secondary server.
|
[External Server Type] | Select the type of the authentication server and set required information. For details, refer to the registration contents of the primary server. |
Select [User Auth/Account Track] - [General Settings] in administrator mode of Web Connection (or in [Utility] - [Administrator] of this machine), and configure the following settings.
Setting | Description |
---|---|
[User Authentication] | When performing authentication using an external authentication server, select [ON (External Server)] or [ON (MFP + External Server)]. If you want to configure setting so that you can log in to this machine using its authentication function in consideration of an occurrence of some sort of problem on the external authentication server, select [ON (MFP + External Server)]. |
[Default Authentication Method] | If [User Authentication] is set to [ON (MFP + External Server)], select the preferential authentication method (default: [ON (External Server)]). |
[Ticket Hold Time Setting (Active Directory)] | Change the retention time for a Kerberos authentication ticket if Active Directory is used as an authentication server (default: [5] min.). |
[When Number of Jobs Reach Maximum] | Sets the maximum number of sheets that each user can print. Here, select an operation if the number of sheets exceeds the maximum number of sheets that can be printed (default: [Skip Job]).
|
[External Authentication server setting] | Set server authentication operations.
|
[External Server DN Cache] | Select whether to save DN (Distinguished Name) information on the machine to speed up the LDAP server authentication (default: [OFF]). If [ON] is selected, information related to the user’s DN is saved on the machine when authentication succeeds in the LDAP server. At the next authentication, a user search is performed using the saved information. |
To check the status of the connection of the primary authentication server and the secondary authentication server, select [User Auth/Account Track] - [Authentication Server Connection status] - [External Server Authentication]. If [Connection Enabled] is displayed, you can connect to both the primary and secondary authentication servers.
If SSL is installed in your environment, enable SSL.
Select [User Auth/Account Track] - [External Server Settings] - [External Server Settings] - [Edit] in administrator mode of Web Connection (or in [Utility] - [Administrator] of this machine), and configure the following settings.
Setting | Description |
---|---|
[LDAP] | Configure settings to establish a communication via SSL.
|