PERFORM LDAP SERVER ACCESS CONTROL
Register the access control information for page count limits, authorities, and favorite operations can be registered on an LDAP server in advance. By using this LDAP server for network authentication, perform the user authentication based on the registered access control information.
Use this function when user authentication is performed by network authentication using an LDAP server or a directory service (Active Directory, etc.).
Before using this function, configure settings for authentication by LDAP server, obtain control numbers for the "Pages Limit Group", "Authority Group", "Favorite Operation Group", and "My Folder" (including base settings for each group), and associate these with the control numbers registered in the machine.
To use this function, add the properties associated with "Pages Limit Group", "Authority Group", "Favorite Operation Group", and "My Folder" to the directory information of the LDAP server used for user authentication.
The property information is indicated below. Settings previously stored in the machine cannot be changed.
Use this function when user authentication is performed by network authentication using an LDAP server or a directory service (Active Directory, etc.).
Before using this function, configure settings for authentication by LDAP server, obtain control numbers for the "Pages Limit Group", "Authority Group", "Favorite Operation Group", and "My Folder" (including base settings for each group), and associate these with the control numbers registered in the machine.
To use this function, add the properties associated with "Pages Limit Group", "Authority Group", "Favorite Operation Group", and "My Folder" to the directory information of the LDAP server used for user authentication.
The property information is indicated below. Settings previously stored in the machine cannot be changed.
| Property | Name of property in factory default state | Setting |
|---|---|---|
| Pages Limit Group | pagelimit | Registration number of Pages Limit Group registered in the machine, or a group name previously registered in the machine. Unlimited: unlimited |
| Authority Group | authority | Registration number of Authority Group registered in the machine, or a group name previously registered in the machine. Admin: admin User: user Guest: guest |
| Favorite Operation Group | favorite | Registration number of Favorite Operation Group registered in the machine, or a group name previously registered in the machine. Following the System Settings: systemsettings |
| My Folder | myfolder | Folder name of user folder stored in the machine. Do not enter if the default folder is specified. |
Rename the properties that the machine obtains from the LDAP server as follows. In "Setting mode", select [Network Settings] → [LDAP Settings]. From the Global Address Book setting screen that is displayed, select [Linkage with User Control Function] and then select [Pages Limit Group], [Authority Group], [Favorite Operation Group] and [My Folder].
The [Pages Limit Group], [Authority Group], and [Favorite Operation Group] information that is registered in each machine determines the authority and settings that the user is actually granted. To use this function to ensure that users are granted the same authority and settings on any machine, register the [Pages Limit Group], [Authority Group], and [Favorite Operation Group] information with the same authority so that they will be registered in each machine using the same registration numbers.
For [My Folder], register the folder having the same name in [Custom Folder] in each machine.
The directory information of the LDAP server that is used cannot be changed from the machine. Consult the administrator of the LDAP server.
The [Pages Limit Group], [Authority Group], and [Favorite Operation Group] information that is registered in each machine determines the authority and settings that the user is actually granted. To use this function to ensure that users are granted the same authority and settings on any machine, register the [Pages Limit Group], [Authority Group], and [Favorite Operation Group] information with the same authority so that they will be registered in each machine using the same registration numbers.
For [My Folder], register the folder having the same name in [Custom Folder] in each machine.
The directory information of the LDAP server that is used cannot be changed from the machine. Consult the administrator of the LDAP server.
Users auto-registered
When access control is enabled and login is performed by network authentication, the user information in the LDAP server is automatically registered in the machine.
The information stored is as follows:
The information stored is as follows:
| Item | Description |
|---|---|
| User Name | Information is acquired from the LDAP server.* |
| Initial | 1 |
| Index | User1 |
| Password | - |
| Authentication Settings | - |
| Authentication Server | Network Authentication |
| E-mail Address | Information is acquired from the LDAP server. |
| My Folder | |
| Pages Limit Group | |
| Authority Group | |
| Favorite Operation Group |
- *
- If the user name cannot be acquired, the first 16 characters of the text string entered as the user name for network authentication is used.
If the login name is different but the user name received from the LDAP server is the same, or if the user name is already registered in the machine, "Cannot login because the user name entered has been previously registered" will appear and login will not be possible. In this case, the user name stored on the LDAP server or the user name stored on the machine must be changed. Consult the administrator of the machine.
If automatic registration by LDAP authentication is attempted when 1000 users are already registered, the following message will appear and login will not be possible: "Maximum entries for User Name is 1000. Old or unused user names will be deleted." Consult the administrator of the machine.
If access control information cannot be obtained from the LDAP server used for authentication, user authentication cannot take place.
- If a user that is registered in the machine is authenticated by network authentication, the user registration settings in the machine will be given priority for the page count limit group, authority group, favorite operations group, and my folder.
- If the access control obtained from the LDAP server is not registered in the machine, the factory default user authority will be applied.
- When this function is not enabled and a user is authenticated by network authentication as a non-registered user, the factory default user authority will be applied.