How do authenticate/connect to an LDAP server?

Don't you usually have to specify domains etc. to query against? i.e. all the cn=,dc= stuff? (rather than the actual IP of the server). could be talking out of my arse here but worth a google

one assumes the printer has some configurable input fields to tell it where to go to get the data - what are the names of these inputs?

Sorry chaps.

Its a HP 4730 MFP, and in the configuration I can get it to do either an anonymous or simple query against a server.

It doesn't say whether to put IP or FQDN in or not, I've tried both and niether works.

Something I did learn was that although LDAP is usually done over port 389, MS in their wisdom use port 3289 (!?) so I've tied all possible permiatations to no avail.

To be perfectly honest, my SBS2k box is very broke and not much works on it these days - I'm desparate to retire it - "DNS, whats DNS, I can't even register my own network adapter in DNS, so everyone else can sod off..."

Needless to say, I've given up.

I'll import them via a CSV file and be done with being clever

Hi

Why is the printer querying LDAP directly? Does the MFD part of the printer require LDAP/AD? Normally a printer would hang off a windows (or *IX) server, via jetdirect, and the server would take care of user perms/AD/LDAP.

HTH

Yeah, I was thinking the same. I find lots of places use AD for printing, hanging off a server. For the MFD side of the system though they often use it stand alone, not tied into AD at all. I'd sooner tie everything into LDAP/AD; you have to watch those pesky users ;-)

Chumpers



>> Edited by Chumpers on Friday 30th December 17:58

_deejay_ said:

aldi said: I think the ldap style fqdn would be something like cn=users,dn=mydomain,dn=local for users in an OU called users in an AD called mydomain.local if that helps. I think we need to know what options are configurable on the printer. Also: 1) Microsoft AD uses port 389 for unsecured LDAP traffic (the other port you quote is for Global Catalog lookups) 2) The FQDN you mention is actually the 'distinguished name' of an object. Usually you need to specify: 1) The distinguished name of the container to use when looking up object 2) An LDAP server (IP or FQDN, depending on whether you have functioning DNS) 3) User credentials (depending on how your AD domain is configured, anonymous access may be allowed though it may not be) D

As suggested previously, this article http://forums1.itrc.hp.com/service/forums/questionan seems to indicate you need to specify the correct search root for it to work correctly. i.e. you need to tell it where your users are in your directory for LDAP searches to work.

The chances are you either:

a) Stick all of your users in the Users container in AD
or
b) Have an OU hierarchy (hopefully with a convenient root)

Assuming (a) and that you have a two level domain name called pistonheads.com, the search path for the users container would be cn=users,dc=pistonheads,dc=com.

Assuming (b), a top level OU called MyUsers and a two level domain name called pistonheads.com, the search path would be ou=MyUsers,dc=pistonheads,dc=com

D




>> Edited by _deejay_ on Saturday 31st December 17:34