Showing results for 
Search instead for 
Do you mean 
Reply
Member
Posts: 11
Registered: ‎09-12-2016

LDAP (ADS) worries

We have been running a number of older Xerox WorkCentre and it has never been possible for me nor to Xerox consultatns to confiugre LDAP on this.

 

So after been buying brand new C8055 I hoped that it would be much easier, but ounfortunately no... it is the exact same.

 

Under Properties, Connectivity, LDAP edit, I have created an LDAP entry. Clicking edit here, I have 4 tabs:

 

Server, Context, User Mappings and Custom Filters

 

I guess Context is only for Novell servers?

 

Under Server, I have:

 

Hostname = two DC's

 

LDAP: ADS

 

Search directory root:

 

Here I tried more specific Searches, but even "top level root" does not seem to work.

 

Login Device: tried both username and domain\username

 

Anyware to look for a working guide for setting up LDAP to use for accounting and network address book on C8055?

 

Thanks in advance, Lars.

Moderator
Posts: 288
Registered: ‎07-19-2010

Re: LDAP (ADS) worries

Hello bonne.

Thank you for using the Customer Support Forum.

I have searched the product knowledge base and found a few articles that focus on LDAP. This one might help:

How to Configure Lightweight Directory Access Protocol (LDAP)

 

If you still require assistance please contact Support at 1-800-821-2797.

 

Thanks,
SandyP-Xerox
Moderator
Analyst Nation Moderator
Posts: 5,604
Registered: ‎11-25-2013

Re: LDAP (ADS) worries

Assuming your firmware is fully up to date (latest version is here)

 

Install Softerra LDAP browser and setup the AltaLink with the exact information that is found/verified in Softerra.

 

If it still fails, run the Network troubleshooting feature, go to the printer and do a lookup (not on the web interface) then go back, stop the session, download the file and open it up in Wireshark to figure out what the cause is.

 

EWS > Properties > Security > Logs > Network troubleshooting

 

1.JPG

 

 

Please be sure to select "Accept Solution" and or select the thumbs up icon to enter Kudos for posts that resolve your issues. Your feedback counts!

Joe.
Member
Posts: 11
Registered: ‎09-12-2016

Re: LDAP (ADS) worries

Thanks. But calling Xerox is not an option. We have a mandatory supplier and they are never able to solve problems. I need to be able to find out myself.

 

I think I managed to solve it at least part of it. It seems that there is a limitations on passwords used to bind to LDAP.

 

So now I can retrieve LDAP information (even though I sometimes get a login error) and I can logon at the printers UI

 

So next step is now to enable accounting. When I do so users will need to logon at the printer in order to copy. That is great. But when copying, the printer keeps asking me for an Account ID. I can't se where this ID comes from. I just want users to logon with their Microsoft AD credentials and copy. The copy usage should then be loged and somehow retreived.

 

Will I be able to hold print jobs as well - so that users when logging on can only release their own jobs?

 

Regards, Lars.

Highlighted
Member
Posts: 11
Registered: ‎09-12-2016

Re: LDAP (ADS) worries

Thanks - but I can't find this under Security... anyway, as I wrote in the other answer, part of it is now solved.

 

Regards, Lars.

Analyst Nation Moderator
Posts: 5,604
Registered: ‎11-25-2013

Re: LDAP (ADS) worries

Thanks - but I can't find this under Security...

Then you should update your firmware

 

So next step is now to enable accounting. When I do so users will need to logon at the printer in order to copy. That is great. But when copying, the printer keeps asking me for an Account ID. I can't se where this ID comes from. I just want users to logon with their Microsoft AD credentials and copy. The copy usage should then be loged and somehow retreived.

The prompts are handled here

1.JPG

And you can disable or rename  them

 

2.JPG

 

User Accounting Prompts

An accounting prompt is the text that prompts users to enter accounting information at the control panel. You can enable up to two prompts, as your validation server requires. For example, if your company uses a unique numeric identifier for each department, you can use that number as the accounting code. Then, you can customize the prompt text to ask users for a Department ID Code, rather than a User ID or Account ID.

 

To customize accounting prompts:

  1. To display prompt 1 or 2, for Display Prompt, select Yes. To hide prompts, select No.
  2. For Label and Default Value, type the text that you want to appear at the control panel.
  3. To hide text typed at the control panel, for Mask Entries, select Yes. Asterisks * replace any characters typed in the field.
  4. For Prompt Options, for Presets, select an option, or select Prompt, No Prompt, or Color Prompt Only for each app as needed.
  5. Click Save.

    Note: When prompts are turned off, jobs that do not contain an accounting ID are tracked with a generic code.

 

For help with the machine settings, you can simply go to the page you need help with and click the Help link at the bottom for descriptions of the entries

3.JPG

Please be sure to select "Accept Solution" and or select the thumbs up icon to enter Kudos for posts that resolve your issues. Your feedback counts!

Joe.
Member
Posts: 11
Registered: ‎09-12-2016

Re: LDAP (ADS) worries

Hi and thanks... Already running latest firmware.

 

I took a slightly other approach. I disabled everything for non-logged in user. Now you have to logon, and from there, you can select copy.

 

How do I get a log telling me each users individual usage?

 

Can I disable printing on the device - or at least enable accounting here as well?

 

How do I grant access to ressources on the device depending on LDAP group membership?

 

Regards, Lars.

Analyst Nation Moderator
Posts: 5,604
Registered: ‎11-25-2013

Re: LDAP (ADS) worries

How do I get a log telling me each users individual usage?

You can't, you just locked the machine services to specific users, you need to use XSA to track people and get a report

 

Can I disable printing on the device - or at least enable accounting here as well?

Since you are locking out users and not using accounting, you do so the same way you did everything else, just set printing in BW and color to Never

2.JPG

 

You don't enable accounting there, that isn't accounting, it is user access. XSA is accounting/tracking

 

 

How do I grant access to ressources on the device depending on LDAP group membership?

 

Consult the Admin guide, starts on page 87

Please be sure to select "Accept Solution" and or select the thumbs up icon to enter Kudos for posts that resolve your issues. Your feedback counts!

Joe.
Member
Posts: 11
Registered: ‎09-12-2016

Re: LDAP (ADS) worries


 

You don't enable accounting there, that isn't accounting, it is user access. XSA is accounting/tracking

 

 


This is something I can't read specific from the admin guide. Is it possible to do tracking based on LDAP username? So that no user/ID has to be created on the device?

 

Regards, Lars.

Analyst Nation Moderator
Posts: 5,604
Registered: ‎11-25-2013

Re: LDAP (ADS) worries

Is it possible to do tracking based on LDAP username? So that no user/ID has to be created on the device?

 

You can, but you need to use Network authentication, where the server is doing the tracking of jobs, not the printer.

Things like Xerox Secure Access, Nuance Equitrac, Papercut.

 

As soon as you implement network based login of any kind, you void the Xerox MFP as being responsible for tracking

 

Please be sure to select "Accept Solution" and or select the thumbs up icon to enter Kudos for posts that resolve your issues. Your feedback counts!

Joe.