View Full Version : LADP Server, Active Directory, email addresses

Custom Search

10-05-2007, 03:15 AM
Can anyone explain this down to me? I have been a mechanic for many years, but this network crap leaves me befuddled. I can manage to load drivers, but not much further.

This foreign accented customer who I can barely understand when he speaks English starts using words like 'LDAP Server', 'Active Directory', and 'email addresses'. Those were the only words that I could make out, and not understand.

I have no clue what this was about. If it helps this was on a Copystar CS-C4035E MFP.

10-05-2007, 04:59 AM
He was talking about management of the network. Active Directory uses a Lightweight Directory Access Protocol (LDAP) which keeps track of the names of objects and organizational units within a network. Active Directory is the working Scheme of a network to put it in simple terms. Objects, rights and permissions can be controlled and manipulated centrally across a vast LAN or WAN (NETWORK) using Active Directory. The Printer is an object on the network, so it is subject to the "Laws" that are written for that particular Network. We, as techs, have to understand this a little in order to determine if the Printer is the problem or the Network is the problem. You get problems where 1 person can't print, but everyone else can and it can be a pretty complex problem, or a simple one. Knowing a little about this stuff helps you to communicate with the Administrators better to solve these kinds of problems. We know the printers and they know the Network. They have no clue in most cases how to set these printers up, until we show them. We have to know a little in order to consult them to that end.

I hope that helped and I didn't just sound like I was rambling.:D

Happy Hunting


Email Addresses on these machines are used to Push Scans through, rather than Pull them through.
Push is when you take your documents to the scanner and send them to your computer.
Pull is when you have to put your documents in the scanner, then go to your computer and use an application to activate the scanning function of the printer. When done, you have to go back to the scanner to retrieve your documents. The first is a lot more convenient. Using SMB is another form of Pushing.

10-05-2007, 12:31 PM
Thanks Copier Guy. That sounds a lot more like English.

Can the copier extract information back from this LDAP Server or somewhere else to load its own addresses? I think that is what they want.

10-05-2007, 01:02 PM
The LDAP Server, for the point of setting up the machine, is really not used by the printer system. For loading Addressing information to the machine, you could set the machine initially for DHCP (Dynamic Host Configuration Protocol) so the printer can capture all the relevant addressing information from the Network. After that, you would need to set the printer back to "Static IP" so it keeps 1 IP Address that the Administrator would have to assign to it.

It sounds like you're asking me if the machine can be set to "Inherit" the setup information from the LDAP Server, or something of that nature.

Tell the Administrator that the machine does not do higher level Network Functions. Tell him it needs a static IP address or everytime it boots it may have a new IP address and you will need to change the setup of every host computer on the network that is mapped to that printer.

That means everytime the IP address changes, the users won't be able to print until you reload the drivers with the new address.

10-05-2007, 04:42 PM
I trust you, Copier Guy, but I hope you're wrong. My sales people insist that this can be done, and I found some help.

I anticipate getting a good ass chewing today, for no good reason. Wish me luck!

10-05-2007, 04:49 PM
I know this is a Copystar, but I work on Ricoh/Savins and deal with this a decent amount. So I was wondering if the machine can search the LDAP server? That's how ours are set.

The user walks up and presses the scanner key. Then they press a search key on the display, which takes them to a search screen where they can input characters to search for a e-mail address. Once the address is found, they highlight it to choose it and bammo!

I am currently taking a few days off, but when I get back I will be working with a customer to set up Novell groups for scanning. There will be a group for scan to folder and another for e-mail. Then use the Scan to NCP feature on the machine to perform the scanning.

One thing I would like to add here, since we are talking about LDAP and such. The only reason you would really want to use this is if your customers email list is larger than what the machines address book can store. That or your network admin is too lazy to input the info in the machine.:cool:

10-05-2007, 09:17 PM
I am currently taking a few days off, but when I get back I will be working with a customer to set up Novell groups for scanning. There will be a group for scan to folder and another for e-mail. Then use the Scan to NCP feature on the machine to perform the scanning.

I hope you dont come up against Novell Cluster Services as we have. Ricoh say the kit works with it but we found it falls over.
Although I am not personally involved with this one I would love to know how you get on if you are.

10-05-2007, 11:08 PM
If that can be done, please share the procedure. I would definately like to know. I haven't worked on a machine yet that has that feature, or maybe I was just never asked to set one up. Who knows and life is great, especially when you can learn something new everyday.

10-06-2007, 04:30 PM
There is very little documentation available for setting up scan to NCP, so I am primarily going to be using the user manuals with the machine. I have downloaded them already and plan on looking over them sometime today. As far as the machines that support it... If I'm not mistaken, just about all the newer machines support scan to NCP. I know pretty much all the Savin 80 series do. That would be all the MP series in the Ricoh's.

But basically, what we are going to do is set-up groups in Novell that will point to a particular location on the server. Primarily folder groups. Then, store the locations as buttons on the scan to ncp menu. Just like fax and other scanner features.

That's the plan anyway... LOL! But we all know how that goes! :eek:

And yes, there were/are some issue's, if I remember correctly, when scanning to NCP. But there are some firmware updates that might address those. This account uses @Remote, which is Ricoh's remote monitoring system, so I am going to use it to make a print out of all the firmware levels of all the machines and double check that against the latest levels. Then, use it to update the machines that need to be updated before we begin. I will also have the firmware on SD card as a back up, just in case.

And of course I will let you guys know how it turns out. :cool:

10-06-2007, 10:27 PM
The customer is international, and I heard mention of some 400 addresses. This fits with your description. This little circus has grown to a party of 4, and is now put off until Monday. I happened to notice that on the Advanced tab of the web page some mention of LDAP Server and the IP address of it, but I don't know the purpose.

10-07-2007, 12:03 AM
Hey blackcat just out of curiosity did you go and download the LDAP converter setuip procedures and the print scan setup they show you with pictures and step by step instructions on start to beginning if you cant find it I'll be happy to email to you. Also btw Kyocera tech support does not require that you be trained on that product in order tho receive help all you need is you dealer number.

10-07-2007, 03:34 AM
Just went onto kmaconnect. I see it. It helps to know what its called. This gives me some reading material. Thanks, knightfall.
I've been hung up on by tech support enough times this week.

10-08-2007, 02:31 AM
Can anyone post a Network Site Survey form? I'm don't know what the right questions are to ask. If I can get these filled out, I think I'll save myself some headaches.

10-08-2007, 10:36 AM
well LDAP will more than likely be running on your domain controller of the network. what server and system are they running? if its a windows server 2000 or 2003 and active directory is running(which it will be more than likely) then LDAP protocol will be running. now u can use active directory to issue the copier an IP address as long as the MAC address of the NIC of the copier is registered with the particular IP address it has recieved. its called reserving an IP address with the Active Directory. this way it wont get a different IP address everytime it boots on the network:0
LDAP address will usually be the same as the domain controller IP address of the network. bear in mind that if the network is big it'll have more than 1 domain controller. setting up LDAP will more than likely need some form of Authentication. easiest way to set this up is too create an account for the copier on your domain controller with user anme and password. bear in mind the password must be set to never expires.
now once this is all done u should be able to poll the LDAP address to pull live addresses from the mail server.

10-09-2007, 01:46 AM
Forgive me if I mangle the explanation, but here goes:

LDAP Converter is a utility that runs in the background on a slave to the domain server. When the search function is executed on the MFP control panel, the utility matches your search query, say 'John', and pulls all the matches from the LDAP Server.

The 3 1/2 hour problem was that the slave was an 'Exchange 55' server which is in periodic (but not continuous) contact with the LDAP Server. The effect on the application was that the search was inconsistent. First search 'John' =10 results, 2nd search 'John' =7 results, 3rd search 'John' =15 results. Some names never showed up that should have been there.

Fortunately, The customer is in the process of changing over to a 2003 Server which is in continuous contact with the LDAP Server. It is not fully set up, but reliably pulled email addresses. So the utility is directed to pull addresses from the 2003 Server, runs the utility on the Exchange 55 server, and sends the emails on the SMTP Server.

And yes there are several LDAP Servers, and thousands of addresses (it kept exceeding the limit of 65,656 addresses) so it had to be run in proxy mode with a limit of 100 addresses at a time.

I hope that made sense. Please correct me on the mistakes.

10-10-2007, 03:07 AM
And yes there are several LDAP Servers, and thousands of addresses (it kept exceeding the limit of 65,656 addresses) so it had to be run in proxy mode with a limit of 100 addresses at a time.

Holy crap! Over 65,000 e-mail addresses!? :eek: I have to let that sink in for a bit.... :confused: Dang it! There's no smiley that shows a head shaking back and for in an insane fashion.

10-10-2007, 07:39 AM
That is some account with that many addresses. Must be a Multi-National account.

10-11-2007, 01:41 PM
well if u wanna narrow down your search, ull need to go to search criteria or something like that under the ldap settings.
go to the command prompt on any computer on the network, type in gpresult...this should bring up loads of info on your screen. what u wanna look for is where it says DC=(domain name), DC=com or DC=(whatever the domain ends with). u can put this kinda stuff in your search criteria to narrow down which domain to look on for the ldap addresses etc. every network is different so kinda hard to say exactly what comes up but hopefully that makes a little sense.
example my company domain name is londongraphics.co.uk....
so in search criteria i put in DC=londongraphics, DC=co, DC=uk, my company isnt very big so i dont use search criteria but in your case its the only way of limiting where it searches for stuff:)

10-11-2007, 01:59 PM
go to the command prompt on any computer on the network, type in gpresult...

I didn't know this one! This is one that I will be using... and playing around with. Thanks!! :cool:

01-17-2008, 07:05 PM
Anyone know of any multifunctional that can automatically populate 'scan to email' destinations directly from LDAP and sort them in A-Z lists?

You know like using LDAP as the main address book source instead of just a search tool.

01-18-2008, 01:56 AM
Great question DAZ! And timing... I just had this conversation today with a customer while doing some training on a MPC 3000. Of course it wouldn't work for all accounts, but would be a nice feature none the less. Bear in mind that most of Ricohs newer machines are limited to 2000 E-Mail address on the HDD.

Another way that someone might want to look into this would be updating the address book of the MFP with CSV files. You could export the names you want in the MFP from the LDAP server list into a CSV file. Then, import that file to the machine through the web interface of the MFP. Only thing is... Can LDAP servers export their databases into CSV files? If not, what about converting the database file to a CSV, then edit it?

This has me thinking about as much as reading Brian Greene's "Fabric of the Comos" ;)

01-18-2008, 09:38 AM
Admins don't want to spend time updating each MFD they simply want destinations updated automatically from a central point (active directory).

So you would simply bang in the LDAP server details and have the MFD display A-Z lists directly from LDAP on demand.

Maybe have MFD cache the results temporary for 1-60 mins.

01-18-2008, 01:59 PM
Yeah, I see what your saying DAZ. I total agree with you also. Sometimes though, I tend to take an idea and instead of building on it or whatever I run with it. This normally leads to my ramblings above.

I did find that my idea was already done so... "The Network Configuration and Address Book Editor allows administrators to copy address books from other devices or lists stored within Excel or other data file formats directly to the device from remote terminals." - Panasonic DP-C354

But, after several Google searches, I was unable to find a MFP that automatically populated a MFP's address book through a LDAP server or Active Directory.

01-18-2008, 02:31 PM
Hmmm I couldn't find anything on google about it either.
Just that LDAP is used as a search tool or for user authentication.

But a customer told me his Xerox definely uses LDAP to auto populate scan destinations.
And everytime he adds or deletes a user on Win2k3 AD the MFD is automatically updated.


01-19-2008, 03:02 AM
The job accounting codes can be easily imported or exported via CSV file on Copystar/Kyocera using KM-Net for Accounting. If this were a Copystar/Kyocera I think it would depend on the model, if email addresses could be imported/exported. For example, on the Falcon III series machines the send/fax functions are fully accessible via the web interface, and likely could be populated easily. I'm not so sure about the Voyager E series machines. There is limited access to the fax/send functions.

Another possibility is backing up email addresses to a compact flash card, moving the card to another like machine, then exporting.

02-06-2008, 06:12 PM
Many MFPs do not directly pull from LDAP since it depends on many things:

-Type of LDAP (Active Directory, eDirectory, OpenLDAP)
-LDAP connection protocol
-Does the customer have a customized LDAP configuration?
-Values in a non-standard location of LDAP

I'm sure some one some where has written a script to pull AD names and populate them into the WIM of a device.

02-11-2008, 09:50 PM
Sales is correct, LDAP can be used for that copier to import addresses to the op panel. It requires the LDAP converter, and the PDF instructions for installation. Falcon 3 does not require the converter but you need the same instructions to get an idea how it works. Also, if you can't get that to work, you can try importing a .csv 'comma delimited" file, but it requires the database editor.

02-11-2008, 11:12 PM
I was at the customer in question today and he showed me how LDAP works on his Xerox.
It is only used as search tool the same as our Ricoh machines so I configured his MPC4500 to do the same.
The LDAP search results can be imported to the local address book with a few button presses, so they seemed happy with that.

Custom Search