PaperCut NG supports two closely related features: card and ID numbers:
A card number is the number read from a swipe or proximity card assigned to a user. Swipe and proximity cards are often used for user authentication at hardware terminals, copiers and print release stations.
An ID number is a unique number allocated to a user. It may represent a student or employee number or may simply be a random number. It may be keyed in at a copier, hardware terminal or release station as an alternative to username/password authentication. As ID numbers may be guessed or learnt by others we recommend a secret PIN be used in conjunction with an ID number when used for user authentication.
As both card numbers and ID numbers function as a unique number identifying a user, they both share the same field in the User record of the database - the card/ID number. This means that all administrative functions related to card numbers and ID numbers are the same - because they operate on the same database field.
Although we use the term "number", PaperCut permits any string containing both letters and numbers in the card/ID field. If used as an ID number to be typed at a numeric keypad, a purely numeric number is best. ID numbers generated by PaperCut are always purely numeric.
One more thing to know is that PaperCut NG actually supports two different card/ID numbers for each user. We call these the primary and the secondary card/ID number. There are many reasons why having two numbers can be useful. For example:
One number can be for a card - and the other for an ID number in case the user misplaces his or her card.
Different card readers can sometimes read different numbers from the same card - so having two numbers allows both types of readers to be supported.
It is possible to issue new cards to users and phase out the old card with an overlap period in which they both work.
Use of either the primary or secondary card/ID number field is optional - the decision is up to your organization.
PaperCut offers a range of tools for managing card/ID numbers allowing for either centrally managed or user managed card/ID numbers:
Automatic generation of numbers within PaperCut (See the section called “Automatic Card/ID Generation”)
Batch update from an external file (See the section called “Batch User Card/Identity Update”)
Import from AD or LDAP (See the section called “Card/Identity Numbers Sync”)
Lookup via an external database (See the section called “Database lookup configuration”)
PaperCut can generate random card/ID numbers for your users. This may be the ideal solution if you don't already have ID numbers assigned for other purposes. PaperCut provides a number of options allowing you to choose whether to centrally administer the card/ID numbers or to allow users to generate and manage their own numbers. You may:
Enable users to manage their own card/ID number and/or PIN. (See the section called “Allowing users to manage their own card/ID number and/or PIN”.)
Generate card numbers during your nightly user/group sync operation (See the section called “Card/Identity Numbers Sync”.)
Generate numbers as a Bulk User Operation. (See the section called “Bulk User Operations”.)
When generating numbers on behalf of users, you will need to inform users what their number is. PaperCut can help with this task as well. You can:
Send an email to each user with their new number. This is set up in → → . See the section called “Card/ID Number Notification” for more information.
Allow users to view their number in the user web portal. To enable this feature, check the "Allow users to view their card/ID numbers" checkbox in → → . You will need to specify whether you wish users to view their primary or secondary card/ID number.
When generating card/ID numbers, you are asked to specify the length or number of digits you require in the generated numbers. Short numbers are easier to remember and faster to key in, but it is also easier to guess someone else's number. If your number is too short, PaperCut may not be able to generate sufficient numbers to cover all your users.
A good rule of thumb is to make the number 3 digits longer than the number of users in your organisation. If you have 10-20 users, a 4 digit number is probably sufficient. However, if you have 1000 users, you probably need a 7 or 8 digit number.
You can choose to allow users to manage their own card/ID number or PIN or both. These options are controlled in → and result in different functionality appearing in the Change Details menu item of the end-user web interface.
When using card number and PIN authentication is may be useful too allow users to change their PIN in a similar way to users changing passwords.
To enable this feature:
Navigate to → .
Enable the option Allow users to change their card/ID PIN
Users may then login into the end user web interface and under the Change Details menu item will see the option Change Card/ID PIN.
You may allow users to generate their own card/ID number from the Change Details page:
Navigate to → .
Enable the option Allow users to change their card/ID number and then select which card number they can change. Users may edit the prinary number, or the secondary but not both.
Ensure that Auto-generate random number (users cannot manually enter a number) is checked. This option gives users the ability to generate a new random number, but not to create a number of their own choosing.
If unchecked, users may choose any number they wish. Please note that this may be a potential security risk as it may allow users to confirm the existence of a valid card number used by someone else. We recommend that sites enable two-factor authentication by also requiring users to have a secret PIN number.
Note: To change the number of digits used when users auto-generate their own card/ID number, change the user.auto-generate-card-id.length value by using the Config Editor. In version 14.3 or later, you can also set this in the Admin interface under the Auto-generate random number option, by setting the 'Length' value.
Users may then login into the end user web interface and under the Change Details menu item will see the option Change Card/ID.
The batch user card/ID update feature allows the administrator to update user card/ID numbers and optionally import or update PINs by reading data from a simple text file. User card/ID numbers may also be imported using the batch user import/update feature (see the section called “Batch User Data Import and Update”).
Example: To update/import the card/ID numbers or PINs of all the users in the import.txt file on a windows system.
C:\> cd C:\Program Files\PaperCut NG\server\bin\win
server-command batch-import-user-card-id-numbers "C:\card numbers\import.txt"
Note that the import path should be quoted if it contains spaces.
The card/ID number must uniquely identify a user, so care should be taken to ensure that no two users have the same card/ID number. This means that the card/ID numbers defined in the import file should be unique. If PaperCut NG encounters a non-unique card/ID number that user will not be updated.
A batch user card/ID update may be performed by calling the
batch-import-user-card-id-numbers server-command. Use of server-command is detailed in
the section called “Server Commands (server-command)”. The import file format is detailed in
the section called “Batch User Card/Identity Update File Format”.
Batch updates are a major operation modifying data en masse. Best practise suggests:
Always run a backup before proceeding with the import.
First experiment/test the update process with a small batch of users before moving onto the full batch.
The import file is in tab delimited format and contains the following fields in the given order.
| No. | Field | Description | Optional? | Limitations |
|---|---|---|---|---|
1. | Username | The user's username. | Mandatory | Max. 50 characters |
2. | Primary User Card/ID Number | A unique primary card/ID number for this user. | Optional (card/ID number not set if blank) |
Max. 100 characters. To specify that the number should be set to blank, enter a
hyphen ( |
3. | User Card/ID PIN | The user's card/ID PIN. | Optional (card/ID PIN not set if blank) |
To specify that the PIN should be set to blank, enter a hyphen
( |
4. | Secondary User Card/ID Number | A unique secondary card/ID number for this user. | Optional (card/ID number not set if blank) |
Max. 100 characters. To specify that the number should be set to blank, enter a
hyphen ( |
Table 6.3. User Card/Identity Update File Format
Other limitations: Although any actual limit to the size of an update file should be large enough for any purpose, we recommend keeping the file size below 10MB.
If your card/ID numbers are stored in an external database, see the section called “Looking up card numbers in an external database”.
A simple way to create a tab delimited file is to create a spreadsheet in Microsoft Excel, then save
it in the Text (Tab delimited) format.
PaperCut NG can import user card/ID numbers from Active Directory and LDAP. This is the recommended approach because it allows the card/ID numbers to be associated with users in a centralized location. For more information see the section called “Card/Identity Numbers Sync”.
Card numbers can also be imported using the import file described in the section called “Batch User Card/Identity Update”.
In some circumstances the mapping between card numbers and users may be stored in another external database (e.g. a database used for secure door access). In this case, it may be more convenient to look up the card numbers in this database in real-time.
This also allows users to be associated with more than two card/ID numbers. This is useful where users are allocated different types of authentication cards, or there are alternate card systems used throughout the organization.
To allocate multiple card numbers to a user, simply populate the mapping table with multiple entries per user where different card numbers map to the same username.
Once external user lookups are enabled, PaperCut NG will do the following when looking up a user by card number:
Find a user with the matching card number in the PaperCut NG database.
If not found, the card number will be looked up in the external database.
If a match is found the information returned is used to find the matching user in the PaperCut NG database. If a user is found the lookup is successful.
To enable external card number lookups:
Navigate to → → .
Enable the option Use external database for card number lookup.
Select the database type. If using Oracle or MySQL you must install the database driver as described in the the section called “Database specific configuration”, and the application server must be restarted.
Enter the database connection URL. For examples see the section called “Step 4 - Change the PaperCut NG connection details” of the section called “Upsizing to an External RDBMS”.
Enter the database connection username and password.
The option SQL to map card number in external database to: allows you to choose what the card number in your external database maps to. The options include:
username, used if your external database contains a mapping between card numbers and usernames, and
user's identity number, used if your external database contains a mapping between card numbers and user ids (and the user ids have been imported and stored on users in PaperCut).
Select the option that matches the mapping in your external database.
Enter an SQL select query that looks up the card number in your external database and
returns either a username or user id as selected above. The query must return a single row
with the first field being the username or user id (as found in PaperCut NG). The SQL
statement must contain {cardnumber}, which will be replaced with the card
number to find.
An example select query that looks up a card number and returns a username is:
select user_name from users_table where card_number = {cardnumber}
An example select query that looks up a card number and returns an indentity number is:
select user_id from users_table where card_number = {cardnumber}
The {cardnumber} replacement does not require quotations (it is sent
as a parameter). This also serves to prevent SQL injection attacks sent via card
numbers.
To test the lookup is working as expected:
Navigate to the tab.
Pick a card number from your external database that maps to a user in PaperCut NG.
Enter this card number in the Quick Find field and press Go.
Verify that the matching user is displayed. If the expected user is not displayed check the App. Log tab for errors.
© Copyright 1999-2015. PaperCut Software International Pty Ltd. All rights reserved.