Configure LDAP security
You configure LDAP security in three steps. First, you give EPP the details necessary for communication with the LDAP database, then you map the specific information you need, and, finally, you turn on and schedule the LDAP agent that extracts the information.
To configure LDAP security, complete the following steps in EPP.
Result: LDAP users can now log in to EPP.
Configure LDAP settings
By default, EPP provides standard security for managing user IDs, names, and passwords. If user profiles are populated and managed via an LDAP database, configure LDAP security instead.
Important: If you set up users and roles with LDAP security mode enabled and then switch to Standard or AAD mode, all current users except Admin will be deleted. Determine how your organization manages software users before selecting a security mode in EPP.
If software users at your organization are not already members of a distinct LDAP group that can be given access to EPP, consider creating a new group for EPP users.To configure LDAP security settings, complete the following steps in EPP. You can also refer to LDAP configuration settings.
-
Go to Admin > System Configuration > Security.
-
Select the LDAP Settings tab.
-
For Server Type, select the server from which LDAP requests user information.
-
Enter the Host IP/Name of the server.
-
Enter the Port used to access the server.
-
Enter any User ID with global admin privileges from the account defined on the LDAP server.
-
Enter the Password that corresponds with the user ID.
-
Enter the Base DN.
-
Enter the EPP Group DN of the group eligible for importing into the EPP user list.
-
Optional. Enable a Secure Connection to the LDAP database server.
-
Select Verify Settings.
-
Select Save and then Close.
Postrequisites:
Configure LDAP mappings
You configure LDAP mappings to determine which fields from the external LDAP database are populated within EPP's user profiles.
Prerequisite: Configure LDAP settings
To configure LDAP mappings, complete the following steps in EPP. You can also refer to LDAP configuration settings.
-
Go to Admin > System Configuration > Security.
-
Select the LDAP Mappings tab.
-
Enter the attribute associated with the User ID. In LDAP, this is the uid attribute.
-
Enter the attribute associated with the First Name of the selected user. In LDAP, this is the givenName attribute, which is the name string that is the part of the user or contact name that is not the surname.
-
Enter the attribute associated with the Last Name of the selected user. In LDAP, this is the sn attribute, which is the user's surname.
-
Enter the attribute associated with a Language ID. In LDAP, this is the preferredLanguage attribute.
-
Enter the attribute associated with an Email address for the user indicated. In LDAP, this is the mail attribute.
-
Select Verify Mappings.
-
Select Save, and then Close.
Postrequisite: Configure LDAP Extraction Agent
Configure LDAP Extraction Agent
After you configure LDAP settings and mappings, schedule an agent that extracts user information from the LDAP server. This ensures that LDAP user information remains current in EPP.
Prerequisites:
To configure LDAP Extraction Agent settings, complete the following steps in EPP. You can also refer to LDAP configuration settings.
-
Go to Admin > System Configuration > Security. Select the LDAP Extraction Agent tab.
-
Select the Startup Type. Select one of the following types.
-
Automatic: The agent starts when EPP starts.
-
Manual: The agent is only started by selecting Start Agent.
-
Disabled: LDAP Extractor Agent functionality is turned off until the Startup Type is reset to Automatic or Manual, or Start Agent is selected.
-
-
Select the Schedule Type.
-
If Basic, schedule the Frequency and Days to Run.
-
If Advanced, write a Cron Expression.
-
-
Select Start Agent.Step InformationNote:You can select the Extract Now button to immediately pull extract information from the LDAP database, but this action does not impact the schedule you have defined.
-
Select Save, and then Close.Expected ResultResult: LDAP users can now log in to EPP.
LDAP configuration settings
The following lists provide setting information for configuring LDAP security in Enterprise Printing Platform ™.
Important:If you set up users and roles with LDAP security mode enabled and then switch to Standard or AAD mode, all current users except Admin will be deleted. Determine how your organization manages software users before selecting a security mode in EPP.
LDAP Settings
Server Type
The server from which LDAP requests user information.
Host IP/Name
The host IP/name of the server containing the user information database that is accessed with LDAP.
Port
The port used to access the server.
The default setting is 389.
User ID
Any user ID with global admin privileges from the account defined on the LDAP server.
Password
The password that corresponds with the user ID.
Base DN
The Base Distinguished Name.
EPP Group DN
The group eligible for importing into the EPP user list. Only records containing the specified Group DN are imported into the EPP user list.
EPP assumes the Group DN is in relation to the Base DN. Therefore, the Base DN does not need to be repeated when populating this field.
Secure Connection
The connection to the LDAP database server is secure (utilizing an HTTPS port). This functionality cannot be enabled unless a certificate for accessing the secure LDAP server has been loaded into EPP via the Certificate Management window.
LDAP Mappings
User ID
The attribute associated with user IDs. In LDAP, this is the uid attribute. The value of this attribute must be unique for all users under the Base DN.
First Name
The attribute associated with the first name of the selected user. In LDAP, this is the givenName attribute, which is the name string that is the part of the user or contact name that is not the surname. The attribute value populates the First Name field in the EPP user profile.
Last Name
The attribute associated with the last name of the selected user. In LDAP, this is the sn attribute, which is the user's surname. The attribute value will populate the Last Name field in the EPP user profile.
Language ID
The attribute associated with a language preference (should one exist). In LDAP, this is the preferredLanguage attribute. The attribute value populates the language field in the EPP user profile. The language field in a user profile dictates the language used to display the user interface text for versions of EPP that support multiple languages (simplified Chinese, French, Japanese, and Spanish).
E-Mail
The attribute associated with an Email address for the user indicated. In LDAP, this is the mail attribute. The attribute value will populate the Email address field in the EPP user profile.
LDAP Extraction Agent
Startup Type
The extraction agent startup behavior.
Default: Manual.
-
Automatic: The agent starts when EPP starts.
-
Manual: The agent is only started by selecting Start Agent.
-
Disabled: LDAP Extractor Agent functionality is turned off until the Startup Type is reset to Automatic or Manual, or Start Agent is selected.
Schedule Type
The manner in which the schedule is created.
Default: Basic.
-
Basic: Schedule based on calendar days and a 24 hour clock.
-
Frequency: Daily frequency, time interval in minutes, and start and stop times for basic scheduling.
-
Days to Run: One or multiple days of the week on which to schedule the agent.
-
-
Advanced (Cron): Schedule based on Cron expressions.
-
Cron Expression: Write the expression.
-
Loading...
There was a problem loading this topic