Lexmark MB2546 Embedded Web Server--Security Administrator s Guide - Page 17

Device Credentials, Advanced Options, Use Active Directory Device Credentials

Get Lexmark MB2546 PDF manuals and user guides View all Lexmark MB2546 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 17 highlights

Managing login methods 17 Device Credentials • Anonymous LDAP Bind-Bind the printer with the LDAP server anonymously. This option is applicable only if your LDAP server allows anonymous binding. Enabling this option does not require you to provide authentication credentials. This option is available only in the LDAP setup. • Use Active Directory Device Credentials-Use user credentials and group designations that are pulled from the existing network comparable to other network services. This option is available only in the LDAP +GSSAPI setup. • If Anonymous LDAP Bind or Use Active Directory Device Credentials is disabled, then provide the authentication credentials used to bind the printer with the LDAP server. - Device Username • For LDAP setup, type the fully qualified distinguished name (DN) of a user registered to the LDAP server. • For LDAP+GSSAPI setup, type the DN of a user registered to the Kerberos server. - Device Realm-The realm used for the Kerberos server. This setting is available only in the LDAP +GSSAPI setup. - Device Password-Type the password for the user. Advanced Options • Use SSL/TLS-If the LDAP server requires SSL, then select SSL/TLS. • Require Certificate-If the LDAP server requires a certificate, then select Yes. • Userid Attribute-Type the LDAP attribute to search for when authenticating users' credentials. The default value is sAMAccountName, which is common in a Windows operating system environment. For other directories, you can type uid, cn, or a user-defined attribute. For more information, contact your system administrator. • Mail Attribute-Type the LDAP attribute that contains the users' e-mail addresses. The default value is mail. • Fax number Attribute-Type the LDAP attribute that contains the users' fax number. The default value is facsimiletelephonenumber. • Full Name Attribute-Type the LDAP attribute that contains the users' full names. The default value is cn. • Home Directory Attribute-Type the LDAP attribute that contains the users' home directory. The default value is homeDirectory. • Group Membership Attribute-Type the LDAP attribute required for group search. The default value is memberOf. • Search Base-The node in the LDAP server where user accounts reside. You can type multiple search bases, separated by commas. Note: A search base consists of multiple attributes separated by commas, such as cn (common name), ou (organizational unit), o (organization), c (country), and dc (domain). • Search Timeout-Enter a value from 5 to 30 seconds or 5 to 300 seconds, depending on your printer model. • Follow LDAP Referrals-Search the different servers in the domain for the logged‑in user account.

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
Device Credentials
Anonymous LDAP Bind
—Bind the printer with the LDAP server anonymously. This option is applicable
only if your LDAP server allows anonymous binding. Enabling this option does not require you to provide
authentication credentials. This option is available only in the LDAP setup.
Use Active Directory Device Credentials
—Use user credentials and group designations that are pulled
from the existing network comparable to other network services. This option is available only in the LDAP
+GSSAPI setup.
If
Anonymous LDAP Bind
or
Use Active Directory Device Credentials
is disabled, then provide the
authentication credentials used to bind the printer with the LDAP server.
Device Username
For LDAP setup, type the fully qualified distinguished name (DN) of a user registered to the LDAP
server.
For LDAP+GSSAPI setup, type the DN of a user registered to the Kerberos server.
Device Realm
—The realm used for the Kerberos server. This setting is available only in the LDAP
+GSSAPI setup.
Device Password
—Type the password for the user.
Advanced Options
Use SSL/TLS
—If the LDAP server requires SSL, then select
SSL/TLS
.
Require Certificate
—If the LDAP server requires a certificate, then select
Yes
.
Userid Attribute
—Type the LDAP attribute to search for when authenticating users’ credentials. The
default value is
sAMAccountName
, which is common in a Windows operating system environment. For
other directories, you can type
uid
,
cn
, or a user-defined attribute. For more information, contact your
system administrator.
Mail Attribute
—Type the LDAP attribute that contains the users’ e-mail addresses. The default value is
mail
.
Fax number Attribute
—Type the LDAP attribute that contains the users’ fax number. The default value
is
facsimiletelephonenumber
.
Full Name Attribute
—Type the LDAP attribute that contains the users’ full names. The default value is
cn
.
Home Directory Attribute
—Type the LDAP attribute that contains the users’ home directory. The default
value is
homeDirectory
.
Group Membership Attribute
—Type the LDAP attribute required for group search. The default value is
memberOf
.
Search Base
—The node in the LDAP server where user accounts reside. You can type multiple search
bases, separated by commas.
Note:
A search base consists of multiple attributes separated by commas, such as cn (common name),
ou (organizational unit), o (organization), c (country), and dc (domain).
Search Timeout
—Enter a value from 5 to 30 seconds or 5 to 300 seconds, depending on your printer
model.
Follow LDAP Referrals
—Search the different servers in the domain for the logged
in user account.
Managing login methods
17