Configuring an AD/LDAP Server

On the "AD/LDAP Authentication Settings" screen, configure a server to be used for user authentication.

Authentication Server Settings
Setting	Description
Domain Name	Enter the domain name. (This is required.) Number of characters that can be entered: 1–255 Available characters: Single-byte alphanumeric characters, and single-byte symbols, i.e. " # $% & '( ) * + , - . / ; < = > ? @ \ ] ^ _ ` \| } ~
Domain Controller Name	Enter a domain controller name. (This is required.) Number of characters that can be entered: 1-255 Available characters: Single-byte alphanumeric characters, - . _
Communication Protocol	Choose from the following communication protocols. (This is optional.) LDAP LDAPS To use LDAPS, the certification store needs to be imported.
Port Number	Enter a port number. (This is required.) Available range: 1–65,535 Depending on the communication protocol settings, one of the values below is automatically populated. A different value can be entered. LDAP: 389 LDAPS: 636
Search Start Position	Enter a search start position. (This is required.) Number of characters that can be entered: 1-512 Available characters: Single-byte alphanumeric characters, and single-byte symbols, i.e. " # $% & '( ) * + , - . / ; < = > ? @ \ ] ^ _ ` \| } ~ When using a distinguished name (DN), any of the following characters need to be entered by escaping with ¥". ¥ " , = + < > # ; Depending on the LDAP client, the value may be pre-escaped and displayed. If so, specify the value as displayed on the LDAP client.
Proxy User Name	Enter a proxy user name. (This is required.) Number of characters that can be entered: 1-128 Available characters: Single-byte alphanumeric characters, and single-byte symbols, i.e. " # $% & '( ) * + , - . / ; < = > ? @ \ ] ^ _ ` \| } ~ Typically, an UPN is specified (the domain is omissible), but if the name contains any of the following characters, the sAMAccountName needs to be specified. / \ [ ] ; : + * ? < > @ " For registration, permission to view is required.
Proxy User Password	Enter a password for the proxy user. This is required for registration of authentication server information. If this setting is left blank in editing after registration, the pre-defined value is used. Number of characters that can be entered: 1-128 Available characters: Single-byte alphanumeric characters, and single-byte symbols, i.e. " # $% & '( ) * + , - . / ; < = > ? @ \ ] ^ _ ` \| } ~
Folder Access User Name	Enter a folder access user name. (This is optional.) If a folder access user password is specified, this is required. This is also required to use the "Scan to my folder" function. Number of characters that can be entered: 0-64 Available characters: Single-byte alphanumeric characters, and single-byte symbols, i.e. " # $% & '( ) * + , - . / ; < = > ? @ \ ] ^ _ ` \| } ~
Folder Access User Password	Enter a folder access user password. (This is optional.). This is required to use the "Scan to my folder" function. Number of characters that can be entered: 0-64 Available characters: Single-byte alphanumeric characters, and single-byte symbols, i.e. " # $% & '( ) * + , - . / ; < = > ? @ \ ] ^ _ ` \| } ~

Authentication Method Setting
Setting	Description
Authentication Method	Choose from the following authentication methods: Simple Authentication Kerberos Authentication

Attribute Name Setting
Setting	Description
Login User Name	This name is fixed to "sAMAccountName". This cannot be changed.
Card ID	Enter the attribute name for "Card ID". (This is required.) Number of characters that can be entered: 1-128 Available characters: Single-byte alphanumeric characters, - . _ Initial value: sAMAccountName
Email Address	Enter the attribute name for "Email Address". (This is optional.) Number of characters that can be entered: 0-128 Available characters: Single-byte alphanumeric characters, and single-byte symbols, i.e. " # $% & '( ) * + , - . / ; < = > ? @ \ ] ^ _ ` \| } ~ Initial value: mail
Fax Destination	Enter the attribute name for "Fax Destination". (This is optional.) Number of characters that can be entered: 0-128 Available characters: Single-byte alphanumeric characters, and single-byte symbols, i.e. " # $% & '( ) * + , - . / ; < = > ? @ \ ] ^ _ ` \| } ~ Initial value: facsimileaTelephoneNumber
Key Display Name	Enter the attribute name for "Key Display Name". (This is optional.) Number of characters that can be entered: 0-128 Available characters: Single-byte alphanumeric characters, and single-byte symbols, i.e. " # $% & '( ) * + , - . / ; < = > ? @ \ ] ^ _ ` \| } ~ Initial value: displayName
Name	Enter the attribute name for "Name". (This is optional.) Number of characters that can be entered: 0-128 Available characters: Single-byte alphanumeric characters, and single-byte symbols, i.e. " # $% & '( ) * + , - . / ; < = > ? @ \ ] ^ _ ` \| } ~ Initial value: name
Folder Path	Enter the attribute name for "Folder Path". (This is optional.) Number of characters that can be entered: 0-128 Available characters: Single-byte alphanumeric characters, and single-byte symbols, i.e. " # $% & '( ) * + , - . / ; < = > ? @ \ ] ^ _ ` \| } ~
Permissions	Enter the attribute name for "Permission". (This is optional.) Number of characters that can be entered: 0-128 Available characters: Single-byte alphanumeric characters, and single-byte symbols, i.e. " # $% & '( ) * + , - . / ; < = > ? @ \ ] ^ _ ` \| } ~

Setting the sender's email Address
Setting	Description
Sender Email Address	Enter an email address to be used as the sender for the "Scan to E-mail" function. (This is optional. ) Number of characters that can be entered: 0-128 Available characters: Single-byte alphanumeric characters, and single-byte symbols, i.e. " # $% & '( ) * + , - . / ; < = > ? @ \ ] ^ _ ` \| } ~

Configuring an LDAP server

Click [Change] for "Set an AD/LDAP server as the authentication server of user information".

Select " LDAP Server ", and then click [Save].

Click [Registration of Authentication Server Information].

The settings are as follows:

Authentication Server Settings
Setting	Description
Server Name	Enter a server name. (This is required.) Number of characters that can be entered: 1-255 Available characters: Single-byte alphanumeric characters, - . _
Communication Protocol	Choose from the following communication protocols. (This is required.) LDAP LDAPS To use LDAPS, the certification store needs to be imported.
Port Number	Enter a port number. (This is required.) Available range: 1–65,535 Depending on the communication protocol settings, one of the values below is automatically populated. A different value can be entered. LDAP: 389 LDAPS: 636
Search Start Position	Enter a search start position. (This is required.) Number of characters that can be entered: 1-512 Available characters: Single-byte alphanumeric characters, and single-byte symbols, i.e. " # $% & '( ) * + , - . / ; < = > ? @ \ ] ^ _ ` \| } ~ When using a distinguished name (DN), any of the following characters need to be entered by escaping with ¥". \ " , = + < > # ; Depending on the LDAP client, the value may be pre-escaped and displayed. If so, specify the value as displayed on the LDAP client.
Search Query	Enter a search query. (This is required.) Number of characters that can be entered: 1-256 Available characters: Single-byte alphanumeric characters, and single-byte symbols, i.e. " # $% & '( ) * + , - . / ; < = > ? @ \ ] ^ _ ` \| } ~ Use a "Login User Name" attribute in the search query.
Proxy User Name	Enter a proxy user name. (This is required.) Number of characters that can be entered: 1-128 Available characters: Single-byte alphanumeric characters, and single-byte symbols, i.e., " # $% & '( ) * + , - . / ; < = > ? @ \ ] ^ _ ` \| } ~ When using a distinguished name (DN), any of the following characters need to be entered by escaping with ¥". \ " , = + < > # ; Depending on the LDAP client, the value may be pre-escaped and displayed. If so, specify the value as displayed on the LDAP client.
Proxy User Password	Enter a password for the proxy user. This is required for registration of authentication server information. If this setting is left blank in editing after registration, the pre-defined value is used. Number of characters that can be entered: 1-128 Available characters: Single-byte alphanumeric characters, and single-byte symbols, i.e. " # $% & '( ) * + , - . / ; < = > ? @ \ ] ^ _ ` \| } ~
Folder Access User Name	Enter a folder access user name. (This is optional.) If a folder access user password is specified, this is required. This is also required to use the "Scan to my folder" function. Number of characters that can be entered: 0-64 Available characters: Single-byte alphanumeric characters, and single-byte symbols, i.e., " # $% & '( ) * + , - . / ; < = > ? @ \ ] ^ _ ` \| } ~ A folder access user must belong to the domain and must have permission to write to the folder.
Folder Access User Password	Enter a folder access user password. (This is optional.). This is required to use the "Scan to my folder" function. Number of characters that can be entered: 0-64 Available characters: Single-byte alphanumeric characters, and single-byte symbols, i.e. " # $% & '( ) * + , - . / ; < = > ? @ \ ] ^ _ ` \| } ~

Certification Store Import
Setting	Description
Certification Store	Specify this only when "LDAPS" is selected for "Communication Protocol". Click "Select File" to select a certification store. The file to be imported needs to meet the following requirements: File format: BKS File size: Less than 100 KB

Attribute Name Setting
Setting	Description
Login User Name	Enter the attribute name for "Login User Name ". (This is required.) Number of characters that can be entered: 1-128 Available characters: Single-byte alphanumeric characters, and single-byte symbols, i.e. " # $% & '( ) * + , - . / ; < = > ? @ \ ] ^ _ ` \| } ~ Initial value: cn
Card ID	Enter the attribute name for "Card ID". (This is required.) Number of characters that can be entered: 1-128 Available characters: Single-byte alphanumeric characters, - . _ Initial value: description
Email Address	Enter the attribute name for "Email Address". (This is optional.) Number of characters that can be entered: 0-128 Available characters: Single-byte alphanumeric characters, and single-byte symbols, i.e., " # $% & '( ) * + , - . / ; < = > ? @ \ ] ^ _ ` \| } ~ Initial value: mail
Fax Destination	Enter the attribute name for "Fax Destination". (This is optional.) Number of characters that can be entered: 0-128 Available characters: Single-byte alphanumeric characters, and single-byte symbols, i.e. " # $% & '( ) * + , - . / ; < = > ? @ \ ] ^ _ ` \| } ~ Initial value: facsimileaTelephoneNumber
Key Display Name	Enter the attribute name for "Key Display Name". (This is optional.) Number of characters that can be entered: 0-128 Available characters: Single-byte alphanumeric characters, and single-byte symbols, i.e., " # $% & '( ) * + , - . / ; < = > ? @ \ ] ^ _ ` \| } ~ Initial value: displayName
Name	Enter the attribute name for "Name". (This is optional.) Number of characters that can be entered: 0-128 Available characters: Single-byte alphanumeric characters, and single-byte symbols, i.e. " # $% & '( ) * + , - . / ; < = > ? @ \ ] ^ _ ` \| } ~ Initial value: name
Folder Path	Enter the attribute name for "Folder Path". (This is optional.) Number of characters that can be entered: 0-128 Available characters: Single-byte alphanumeric characters, and single-byte symbols, i.e. " # $% & '( ) * + , - . / ; < = > ? @ \ ] ^ _ ` \| } ~
Permissions	Enter the attribute name for "Permission". (This is optional.) Number of characters that can be entered: 0-128 Available characters: Single-byte alphanumeric characters, and single-byte symbols, i.e. " # $% & '( ) * + , - . / ; < = > ? @ \ ] ^ _ ` \| } ~

Setting the sender's email Address
Setting	Description
Sender Email Address	Enter an email address to be used as the sender for the "Scan to E-mail" function. (This is optional.) Number of characters that can be entered: 0-128 Available characters: Single-byte alphanumeric characters, and single-byte symbols, i.e. " # $% & '( ) * + , - . / ; < = > ? @ \ ] ^ _ ` \| } ~

Click [Save].

How to configure user-specific usage restrictions

To configure use-specific permissions when using the AD/LDAP authentication settings, a set of attribute values for user permissions need to be configured.

Specify an attribute value for each attribute name defined for "Permission" under "Attribute Name Setting". If no attribute value is specified for a user, the user is given the permissions corresponding to the initial value.

The set of attribute values must be a five-digit number. Each digit has the meanings listed below.

Digit position	Corresponding function	Values and permissions
1	Copier	1: Not permitted 2: Black and white 3: Single color 4. Dual color 5. Auto color 6: Full color
2	Printer	1: Not permitted 2: Black and white 3: Color
3	Document	1: Not permitted 2: Permitted
4	Fax	1: Not permitted 2: Permitted
5	Scanner	1: Not permitted 2: Permitted

Initial values for usage permissions: 63222
These values indicate permissions to use the following:
- Copy: Black and white, single color, dual color, auto color, full color
- Print: Black and white, color
- Document: Permitted
- Fax: Permitted
- Scanner: Permitted

Configuring an AD/LDAP Server

Configuring an AD server

Configuring an LDAP server