Server LDAP: Server2003 - Nashuatec

I have no exact answer for this, but here is an explaination of LDAP and how it works, maybe you could read yourself to the solution?
Lightweight Directory Access Protocol - Wikipedia, the free encyclopedia

Look closer at the 'Directory Structure' section.

LDAP

Here are some recommendations: The full domain name in the search base shouldn't be in one arguement. If you are accessing example.domain.com each individual component of the full domain name needs it's own "dc=" string, from the bottom up like this:

Search Base: dc=example, dc=domain, dc=com

If you are just searching on Organizational Unit in the domain, you would use ou= in front like this:

Search Base: ou=sales, dc=example, dc=domain, dc=com

Also, since the LDAP server is usually static, I usually just use the IP address, since this bypasses DNS.

Secondly, depending on security settings, and whether or not the machine logs into the domain, you may need to put the domain suffix onto the user name, such as: admin@domain.com, or domain.com\admin

Usually, the username field can also accept LDAP strings, so a user name can be set up like this:

User Name: cn=admin, dc=domain, dc=com

This will reference the admin user in the domain.com container


Sometimes it takes some playing around with connection problems, I spent an hour trying to figure one out one time only to find out the IT guy was putting in the wrong password.


Good Luck!

The connection between the MPC3300 and the LDAP server successfully. But how to download the users that are created on the LDAP server (with all their information) to the MPC3300? And how can users be in the scanner function?

Thank you

It doesn't work like that, you don't download the user list to the machine, the machine connects directly to the LDAP database and displays the user list in real-time in the display.

Simply start scanning, click 'search dest', then click on your LDAP name, enter a search criteria and hit 'search'. Depending on your search criteria you'll get matches in the LDAP database displayed for you to choose from.

LDAP

Hi, Looks like you have the answer to your query, I would suggest that you get hold of an LDAP browser and install it, you can point this at the customers server and it will tell you where the users are, providing the search base is correct.

Download one free at Softerra LDAP Administrator & Browser: Directory Management Tool Download

Download the browser not administrator.

Hope this helps

Great tool Jagster. I just tried it out on our Windows 2003 AD and it works great. Only issue could be the credentials you need from the customer in order to successfully connect to the LDAP server, they don't seem to be any of the usual I have on my system, I'll post when I know more.


Edit: I've got to admit, even though this should definitely be my area of expertise, LDAP connections has always been somewhat difficult to understand. I haven't really had the time or the energy to study it either. But thanks to you Jagster I used this tool and immediatly understood exactly how it works. It's not at all difficult once the coin drops down, so to speak

I've taken a screendump on my settings, which actually worked at first try: http://www.linford.se/serviceimages/LDAP_settings.JPG
(Of course it's in swedish but I'm sure you can cross-reference with your screen and figure it out).

The idea is:
Identification name - Only a name
Servername - IP or name of the LDAP server
Searchbase - The most difficult part to get right, I'll explain it further down
Port number - Default LDAP is 389, the default LDAPS port is 636, and the default Active Directory Global Catalog port is 3268
SSL - Secure Sockets Layer, i.e. secure connection needed to the server?
Authentication - What type of auth have they got? If they have anything else than uncrypted auth they would probably know about it.
Username - An admin account, doesn't matter which as long as they're admin. Active Directory always needs DOMAIN\username, and it's the netbios name of the domain which usually is the first part of the full domain name, in my case the full domain is linford.se and the netbios name of the domain is LINFORD (heads up, always use CAPITOL LETTERS)
Password - The password of the above account

The rest is OK as it is, just leave it.

The searchbase in my example is from my Active Directory domain which looks like this:This is a normal layout of an AD domain. You'll recognise it on just about all Windows-servers you look at. Sometimes admins create their own OU's (like I did) just for easy access and group policy applications, and sometimes the users will be in the default OU. So far, the address to my users are linford.se - Linford. Now, I have another OU beneath the 'Linford' one, to separate groups, limited users and so on. It looks like this:
I want to reach the 'Users' OU, so now my address extends to linford.se - Linford - Users. And just because LDAP is LDAP, the OU's are read first, from bottom to top in the AD tree, plus we've got to tell LDAP what kind of object each name is. Therefore the LDAP searchbase will look like this:

OU=Users,OU=Linford,DC=linford,DC=se

If you'd have a local domain called 'mydomain.local' and the users would be in the default OU the searchbase would be:

OU=Users,DC=mydomain,DC=local

Well, that's it. These settings worked for me right away. And it's a great way of always keep the users list updated, because the copier won't copy the list, it will simply connect to the LDAP server and get the list in real-time, and that way the list is always up-to-date, you won't spell anything wrong (becuase you didn't enter the user info in the first place) and it doesn't matter if the company has 5000 employees, it'll be just as fast and you won't have to prepare the address book in the machine.

Good luck, hope that was easy enough