Appendix D. Advanced LDAP Configuration
Prev   Next

Appendix D. Advanced LDAP Configuration

Table of Contents

LDAP Server Default Configuration
Standard (Unix / Open Directory)
Novell eDirectory Defaults
Microsoft Active Directory Defaults

PaperCut NG supports the following LDAP server types out-of-the-box:

Basic configuration options for these platforms/environments are discussed at the section called “Using LDAP for user synchronization”.

However, other server/schema types can be supported by defining the fields to query and the LDAP searches to perform. These options are configured by adjusting config entries in the Config Editor, which can be opened from the Options tab. The following config keys are available for the primary sync source:

Config nameDescription

ldap.schema.user-name-field

The LDAP field that contains the user's username.

ldap.schema.user-full-name-field

The LDAP field that contains the user's full name.

ldap.schema.user-email-field

The LDAP field that contains the user's email address.

ldap.schema.other-emails-field

The LDAP field that contains the user's other email addresses. If the user has only one other email then a single value or a multi-value LDAP field can be used. If the user has multiple other email addresses then a multi-value LDAP field must be used.

ldap.schema.user-second-card-id-field

The LDAP field that contains the user's second card id.

ldap.schema.user-department-field

The LDAP field that contains the user's department.

ldap.schema.user-office-field

The LDAP field that contains the user's office location.

ldap.schema.user-card-id-field

The LDAP field containing the user's primary card ID value.

ldap.schema.user-second-card-id-field

The LDAP field containing the user's secondary card ID value.

ldap.schema.user-name-search

The LDAP search to retrieve the user. The {0} in the search is replaces with * when listing all users, and [username] when searching for a specific user. If no search is defined, the default is ([userNameField]={0}).

IMPORTANT: The search must include the {0} value.

ldap.schema.group-name-field

The LDAP field that contains the group's name.

ldap.schema.group-member-field

The LDAP field that contains the group members.

ldap.schema.group-search

The LDAP search to retrieve the group. The {0} in the search is replaced with * for all group searches. If no search is defined, the default is ([groupMemberField]={0}), which means get all entries with at least one member.

IMPORTANT: The search must include the {0} value.

ldap.schema.posix-groups

If Y, then the group member field contains the user's username. If N, then the group member field contains the user's DN.

ldap.schema.home-directory-field

The LDAP field that contains the user's home folder path.

Table D.1. LDAP Primary Sync Source Config entries

If you are using a secondary sync source, the following config keys are available:

Config nameDescription

ldap2.schema.user-name-field

The LDAP field that contains the user's username.

ldap2.schema.user-full-name-field

The LDAP field that contains the user's full name.

ldap2.schema.user-email-field

The LDAP field that contains the user's email address.

ldap.2.schema.other-emails-field

The LDAP field that contains the user's other email addresses. If the user has only one other email then a single value or a multi-value LDAP field can be used. If the user has multiple other email addresses then a multi-value LDAP field must be used.

ldap.2.schema.user-second-card-id-field

The LDAP field that contains the user's second card id.

ldap2.schema.user-department-field

The LDAP field that contains the user's department.

ldap2.schema.user-office-field

The LDAP field that contains the user's office location.

ldap2.schema.user-card-id-field

The LDAP field containing the user's primary card ID value.

ldap2.schema.user-second-card-id-field

The LDAP field containing the user's secondary card ID value.

ldap2.schema.user-name-search

The LDAP search to retrieve the user. The {0} in the search is replaces with * when listing all users, and [username] when searching for a specific user. If no search is defined, the default is ([userNameField]={0}).

IMPORTANT: The search must include the {0} value.

ldap2.schema.group-name-field

The LDAP field that contains the group's name.

ldap2.schema.group-member-field

The LDAP field that contains the group members.

ldap2.schema.group-search

The LDAP search to retrieve the group. The {0} in the search is replaced with * for all group searches. If no search is defined, the default is ([groupMemberField]={0}), which means get all entries with at least one member.

IMPORTANT: The search must include the {0} value.

ldap2.schema.posix-groups

If Y, then the group member field contains the user's username. If N, then the group member field contains the user's DN.

ldap2.schema.home-directory-field

The LDAP field that contains the user's home folder path.

Table D.2. LDAP Secondary Sync Source Config entries

LDAP Server Default Configuration

When a particular LDAP server type is selected (e.g. Novell eDirectory), PaperCut NG uses the following defaults to query the LDAP server. These defaults can be used as a starting point for customizing the LDAP searches or for supporting other server types.

Standard (Unix / Open Directory)

If the LDAP server is configured to support Unix based authentication then this schema type can be used. The following defaults are used.

Config nameDefault value

ldap.schema.user-name-field

uid

ldap.schema.user-full-name-field

cn

ldap.schema.user-email-field

mail

ldap.schema.user-department-field

departmentNumber

ldap.schema.user-office-field

[not set]

ldap.schema.user-name-search

(uid={0})

ldap.schema.group-name-field

cn

ldap.schema.group-member-field

memberUid

ldap.schema.group-search

(memberUid={0})

ldap.schema.posix-groups

Y

ldap.schema.home-directory-field

[not set]

Table D.3. Unix / Open Directory LDAP default settings

Novell eDirectory Defaults

If the LDAP server is a Novell eDirectory then the following defaults are used.

Config nameDefault value

ldap.schema.user-name-field

cn

ldap.schema.user-full-name-field

fullName

ldap.schema.user-email-field

mail

ldap.schema.user-department-field

OU

ldap.schema.user-office-field

l

ldap.schema.user-name-search

(&(cn={0})(objectClass=person))

ldap.schema.group-name-field

cn

ldap.schema.group-member-field

member

ldap.schema.group-search

(&(member={0})(objectClass=groupOfNames))

ldap.schema.posix-groups

N

ldap.schema.home-directory-field

[not set]

Table D.4. Novell eDirectory LDAP default settings

Microsoft Active Directory Defaults

If the LDAP server is a Microsoft Active Directory then the following defaults are used.

Config nameDefault value

ldap.schema.user-name-field

sAMAccountName

ldap.schema.user-full-name-field

displayName

ldap.schema.user-email-field

mail

ldap.schema.user-department-field

department

ldap.schema.user-office-field

physicalDeliveryOfficeName

ldap.schema.user-name-search

(&(sAMAccountName={0})(objectCategory=person) (objectClass=user)(sAMAccountType=805306368))

ldap.schema.group-name-field

sAMAccountName

ldap.schema.group-member-field

member

ldap.schema.group-search

(&(member={0})(objectCategory=group))

ldap.schema.posix-groups

N

ldap.schema.home-directory-field

homeDirectory

Table D.5. Active Directory LDAP default settings

Prev   Next
Appendix C. PaperCut LPD Service Home Appendix E. Capacity Planning

© Copyright 1999-2015. PaperCut Software International Pty Ltd. All rights reserved.