LDAP tab

Enter the LDAP attributes on this tab.

Option Description
LDAP Server Specifies the LDAP server to use to authenticate users.
Root Directory Enter the root search directory you want to begin searching against. If this field is left blank, the search starts at the LDAP default directory. Click Find Root to locate the default root of the LDAP server.

The Ricoh ESA has been integrated with ADSI (Active Directory Service Interface). With ADSI, Microsoft is able to offer a COM-component for access to various directory services. ADSI is a component of Windows 2000.

The structure of a directory service is hierarchic and it can be seen as a directory tree: there is a root where you can start from to other entries. The root can contain containers (knots) and leaves. Containers themselves can contain other entries while leaves mark the end of a branch in a directory tree. Every entry in this directory describes an object and has specific attributes. Conceptually the root is the topmost entry in a LDAP hierarchy. This can be illustrated with the Windows file system: the hard disk C: is the root, the directories/folders are the containers and the files are the leaves.

The LDAP standard requires that all LDAP directories maintain a special entry, called the Root DS Entry, or Root DSE. This entry provides a set of standard operational attributes that the user can read to find out fundamental characteristics of the directory and the server. The Root DSE can also provide any number of vendor-specific attributes.

One of the standard operational attributes is defaultNamingContext. This attribute contains the distinguished name (DN) of the root of the directory. In Windows 2000, this is the DN of the Domain container at the root of the current tree. By reading the defaultNamingContext attribute from the Root DSE, you can discover what domain you are logged in to at run time. When you press the Test button, the domain you are logged into is displayed.

Note: When the root is left blank, and you press the Test button, the results may differ from when you actually run the server with Ricoh ESA component (equipped with Authentication). A blank root uses the default value, which is retrieved from the account that you are logged into the machine as. However, when you run the server, you are logged in as LocalSystem (or whichever user name you specify on the Service tab), possibly yielding different results. For this reason, it is highly recommended that you either supply the root or login to the service with a user name/password different than LocalSystem.
Credentials

Enter the LDAP credentials to gain access to LDAP server to lookup user entries.

  • Anonymous — Select this check box if you want to log in to LDAP server as anonymous user without providing user name and password.
  • Username/password — Enter the username/password to access the LDAP server.
Searching the Database

Select from the following options to search the entries in the address book directory services database:

  • Active Directory — With Windows Active Directory authentication method, the user name is matched against "samAccountName" field, the Get Email From is matched against "mail" field, and the Get Display Name From is matched against "displayName" field.
  • eDirectory — With Netware authentication method use the eDirectory search to match the Username against "uID" field, Get Email From matched against "mail" field, and Get Display Name matched against "cn" field.
  • Custom — Use the custom option when you have multiple types of Authentication. To customize the search, use this option to create matches against values that you can define for the following:
    • Match Username Against
    • Get Email From
    • Get Display Name From

    Click Reset to blank out the above field values.

Test

To test the settings, click the Test button and enter a user name as it will be entered on the MFP. This verifies that an email address and display name can be found for the user on the LDAP server.