Lexmark T652DTN Embedded Web Server Administrator's Guide - Page 11

Using LDAP+GSSAPI, To validate an existing LDAP setup, To add a new LDAP+GSSAPI setup

Get Lexmark T652DTN - Taa/gov Compliant PDF manuals and user guides
UPC - 734646317368
View all Lexmark T652DTN manuals
Add to My Manuals
Save this manual to your list of manuals

Page 11 highlights

To validate an existing LDAP setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks, select LDAP. 3 Click Test LDAP Authentication Setup next to the setup you want to test. Using LDAP+GSSAPI Some administrators prefer authenticating to an LDAP server using Generic Security Services Application Programming Interface (GSSAPI) instead of simple LDAP authentication because the transmission is always secure. Instead of authenticating directly with the LDAP server, the user will first authenticate with a Kerberos server to obtain a Kerberos "ticket." This ticket is then presented to the LDAP server using the GSSAPI protocol for access. LDAP+GSSAPI is typically used for networks running Active Directory. Notes: • LDAP+GSSAPI requires that Kerberos 5 also be configured. • Supported devices can store a maximum of five unique LDAP + GSSAPI configurations. Each configuration must have a unique name. • As with any form of authentication that relies on an external server, users will not be able to access protected device functions in the event of an outage that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to securely end each session by selecting Log out on the printer control panel. To add a new LDAP+GSSAPI setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks, select LDAP+GSSAPI. 3 Click Add an LDAP+GSSAPI Setup. 4 The LDAP+GSSAPI Server Setup dialog is divided into four parts: General Information • Setup Name-This name will be used to identify each particular LDAP+GSSAPI Server Setup when creating security templates. • Server Address-Enter the IP Address or the Host Name of the LDAP server where the authentication will be performed. • Server Port-The port used by the Embedded Web Server to communicate with the LDAP server. The default LDAP port is 389. • Use SSL/TLS-From the drop-down menu select None, SSL/TLS (Secure Sockets Layer/Transport Layer Security), or TLS. • Userid Attribute-Enter either cn (common name), uid, userid, or user-defined. • Search Base-The Search Base is the node in the LDAP server where user accounts reside. Multiple search bases may be entered, separated by commas. Note: A Search Base consists of multiple attributes-such as cn (common name), ou (organizational unit), o (organization), c (country), or dc (domain)-separated by commas. Using security features in the Embedded Web Server 11

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
To validate an existing LDAP setup
1
From the Embedded Web Server Home screen, browse to
Settings
ª
Security
ª
Edit Security Setups
.
2
Under Edit Building Blocks, select
LDAP
.
3
Click
Test LDAP Authentication Setup
next to the setup you want to test.
Using LDAP+GSSAPI
Some administrators prefer authenticating to an LDAP server using
Generic Security Services Application Programming
Interface
(GSSAPI) instead of simple LDAP authentication because the transmission is always secure. Instead of
authenticating directly with the LDAP server, the user will first authenticate with a Kerberos server to obtain a Kerberos
“ticket.” This ticket is then presented to the LDAP server using the GSSAPI protocol for access. LDAP+GSSAPI is typically
used for networks running Active Directory.
Notes:
LDAP+GSSAPI requires that Kerberos 5 also be configured.
Supported devices can store a maximum of five unique LDAP + GSSAPI configurations. Each configuration must
have a unique name.
As with any form of authentication that relies on an external server, users will not be able to access protected
device functions in the event of an outage that prevents the printer from communicating with the authenticating
server.
To help prevent unauthorized access, users are encouraged to securely end each session by selecting
Log out
on the printer control panel.
To add a new LDAP+GSSAPI setup
1
From the Embedded Web Server Home screen, browse to
Settings
ª
Security
ª
Edit Security Setups
.
2
Under Edit Building Blocks, select
LDAP+GSSAPI
.
3
Click
Add an LDAP+GSSAPI Setup
.
4
The LDAP+GSSAPI Server Setup dialog is divided into four parts:
General Information
Setup Name
—This name will be used to identify each particular LDAP+GSSAPI Server Setup when creating
security templates.
Server Address
—Enter the IP Address or the Host Name of the LDAP server where the authentication will
be performed.
Server Port
—The port used by the Embedded Web Server to communicate with the LDAP server. The default
LDAP port is 389.
Use SSL/TLS
—From the drop-down menu select
None
,
SSL/TLS
(Secure Sockets Layer/Transport Layer
Security), or
TLS
.
Userid Attribute
—Enter either
cn
(common name),
uid
,
userid
, or
user-defined
.
Search Base
—The Search Base is the node in the LDAP server where user accounts reside. Multiple search
bases may be entered, separated by commas.
Note:
A Search Base consists of multiple attributes—such as cn (common name), ou (organizational unit),
o (organization), c (country), or dc (domain)—separated by commas.
Using security features in the Embedded Web Server
11