How do authenticate/connect to an LDAP server?
Discussion
Hi All,
Have a funky new printer which I can set up to allow LDAP queries in order to pick up our AD users email addresses etc.
Trouble is I'm having trouble with the settings need to authenicate with a server.
We've a SBS2000 box which I'd like to query, do I just plonk an IP in and relevant AD user logon and password (with relevant permissions)???
Neil
Have a funky new printer which I can set up to allow LDAP queries in order to pick up our AD users email addresses etc.
Trouble is I'm having trouble with the settings need to authenicate with a server.
We've a SBS2000 box which I'd like to query, do I just plonk an IP in and relevant AD user logon and password (with relevant permissions)???
Neil
aldi said:
Don't you usually have to specify domains etc. to query against? i.e. all the cn=,dc= stuff? (rather than the actual IP of the server). could be talking out of my arse here but worth a google
Thats the thing, I'm not sure...
Tried googling but it's a bit vague to say the least
Sorry chaps.
Its a HP 4730 MFP, and in the configuration I can get it to do either an anonymous or simple query against a server.
It doesn't say whether to put IP or FQDN in or not, I've tried both and niether works.
Something I did learn was that although LDAP is usually done over port 389, MS in their wisdom use port 3289 (!?) so I've tied all possible permiatations to no avail.
To be perfectly honest, my SBS2k box is very broke and not much works on it these days - I'm desparate to retire it - "DNS, whats DNS, I can't even register my own network adapter in DNS, so everyone else can sod off..."
Needless to say, I've given up.
I'll import them via a CSV file and be done with being clever
Its a HP 4730 MFP, and in the configuration I can get it to do either an anonymous or simple query against a server.
It doesn't say whether to put IP or FQDN in or not, I've tried both and niether works.
Something I did learn was that although LDAP is usually done over port 389, MS in their wisdom use port 3289 (!?) so I've tied all possible permiatations to no avail.
To be perfectly honest, my SBS2k box is very broke and not much works on it these days - I'm desparate to retire it - "DNS, whats DNS, I can't even register my own network adapter in DNS, so everyone else can sod off..."
Needless to say, I've given up.
I'll import them via a CSV file and be done with being clever
Yeah, I was thinking the same. I find lots of places use AD for printing, hanging off a server. For the MFD side of the system though they often use it stand alone, not tied into AD at all. I'd sooner tie everything into LDAP/AD; you have to watch those pesky users ;-)
Chumpers
>> Edited by Chumpers on Friday 30th December 17:58
Chumpers
>> Edited by Chumpers on Friday 30th December 17:58
aldi said:
I think the ldap style fqdn would be something like cn=users,dn=mydomain,dn=local for users in an OU called users in an AD called mydomain.local if that helps.
I think we need to know what options are configurable on the printer.
Also:
1) Microsoft AD uses port 389 for unsecured LDAP traffic (the other port you quote is for Global Catalogue lookups)
2) The FQDN you mention is actually the 'distinguished name' of an object.
Usually you need to specify:
1) The distinguished name of the container to use when looking up object
2) An LDAP server (IP or FQDN, depending on whether you have functioning DNS)
3) User credentials (depending on how your AD domain is configured, anonymous access may be allowed though it may not be)
D
_deejay_ said:
aldi said:
I think the ldap style fqdn would be something like cn=users,dn=mydomain,dn=local for users in an OU called users in an AD called mydomain.local if that helps.
I think we need to know what options are configurable on the printer.
Also:
1) Microsoft AD uses port 389 for unsecured LDAP traffic (the other port you quote is for Global Catalog lookups)
2) The FQDN you mention is actually the 'distinguished name' of an object.
Usually you need to specify:
1) The distinguished name of the container to use when looking up object
2) An LDAP server (IP or FQDN, depending on whether you have functioning DNS)
3) User credentials (depending on how your AD domain is configured, anonymous access may be allowed though it may not be)
D
As suggested previously, this article http://forums1.itrc.hp.com/service/forums/questionan seems to indicate you need to specify the correct search root for it to work correctly. i.e. you need to tell it where your users are in your directory for LDAP searches to work.
The chances are you either:
a) Stick all of your users in the Users container in AD
or
b) Have an OU hierarchy (hopefully with a convenient root)
Assuming (a) and that you have a two level domain name called pistonheads.com, the search path for the users container would be cn=users,dc=pistonheads,dc=com.
Assuming (b), a top level OU called MyUsers and a two level domain name called pistonheads.com, the search path would be ou=MyUsers,dc=pistonheads,dc=com
D
>> Edited by _deejay_ on Saturday 31st December 17:34
Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff