Appendix C. Advanced LDAP Configuration

Appendix C. Advanced LDAP Configuration
Prev		Next

Table of Contents

Unix / NIS Defaults
Novell eDirectory Defaults
Microsoft Active Directory Defaults

PaperCut NG supports the following LDAP server types out-of-the-box:

Novell eDirectory
Microsoft Active Directory
Unix/NIS/Posix

and basic configuration options for these platforms/environments are discussed at the section called “Using LDAP for user synchronization”.

However, other server/schema types can be supported by defining the fields to query and the LDAP searches to perform. These options are configured by adjusting config entries in the Config Editor, which can be opened from the Options tab. The following config items are available:

Config name	Description
ldap.schema.user-name-field	The LDAP field that contains the user's username.
ldap.schema.user-full-name-field	The LDAP field that contains the user's full name.
ldap.schema.user-email-field	The LDAP field that contains the user's email address.
ldap.schema.user-name-search	The LDAP search to retrieve the user. The `{0}` in the search is replaces with `*` when listing all users, and `[username]` when searching for a specific user. If no search is defined, the default is `([userNameField]={0})`.
ldap.schema.group-name-field	The LDAP field that contains the group's name.
ldap.schema.group-member-field	The LDAP field that contains the group members.
ldap.schema.group-search	The LDAP search to retrieve the group. The `{0}` in the search is replaced with `*` for all group searches. If no search is defined, the default is `([groupMemberField]={0})`, which means get all entries with at least one member.
ldap.schema.posix-groups	If `Y`, then the group member field contains the user's username. If `N`, then the group member field contains the user's DN.

Table C.1. LDAP Config entries

LDAP Server Default Configuration

When a particular LDAP server type is selected (e.g. Novell eDirectory), PaperCut NG uses the following defaults to query the LDAP server. These defaults can be used as a starting point for customizing the LDAP searches or for supporting other server types.

Unix / NIS Defaults

If the LDAP server is configured to support Unix based authentication then this schema type can be used. The following defaults are used.

Config name	Default value
ldap.schema.user-name-field	`uid`
ldap.schema.user-full-name-field	`cn`
ldap.schema.user-email-field	`mail`
ldap.schema.user-name-search	`(uid={0})`
ldap.schema.group-name-field	`cn`
ldap.schema.group-member-field	`memberUid`
ldap.schema.group-search	`(memberUid={0})`
ldap.schema.posix-groups	`Y`

Table C.2. Unix / NIS LDAP default settings

Novell eDirectory Defaults

If the LDAP server is a Novell eDirectory then the following defaults are used.

Config name	Default value
ldap.schema.user-name-field	`cn`
ldap.schema.user-full-name-field	`fullName`
ldap.schema.user-email-field	`mail`
ldap.schema.user-name-search	`(&(cn={0})(objectClass=person))`
ldap.schema.group-name-field	`cn`
ldap.schema.group-member-field	`member`
ldap.schema.group-search	`(&(member={0})(objectClass=groupOfNames))`
ldap.schema.posix-groups	`N`

Table C.3. Novell eDirectory LDAP default settings

Microsoft Active Directory Defaults

If the LDAP server is a Microsoft Active Directory then the following defaults are used.

Config name	Default value
ldap.schema.user-name-field	`sAMAccountName`
ldap.schema.user-full-name-field	`displayName`
ldap.schema.user-email-field	`mail`
ldap.schema.user-name-search	`(&(sAMAccountName={0})(objectCategory=person)(objectClass=user)(sAMAccountType=805306368))`
ldap.schema.group-name-field	`sAMAccountName`
ldap.schema.group-member-field	`member`
ldap.schema.group-search	`(&(member={0})(objectCategory=group))`
ldap.schema.posix-groups	`N`

Table C.4. Active Directory LDAP default settings

Prev		Next
Appendix B. Troubleshooting & Technical FAQ's	Home	Appendix D. Capacity Planning