Setup an LDAP Authentication Profile

1. Click [System] → [Security] → [Authentication Profile] to open the [Authentication Profile] tab.

2. Click [Add].

3. Select [LDAP] from the [Type] menu on the [General] tab.

4. Enter the name of the authentication profile. The name will be displayed on the login screen when an administrator a user login to the application or the MFP.

5. Enter the LDAP server information on the [LDAP] tab. Make sure to click (Save) to create the profile.

   Item	Description
   Server Name	Enter the server name.
   Port	Enter the port number. The default is 389 The port number is automatically changed from 389 to 636 when the SSL setting is enabled.
   SSL	Specify whether to enable or disable SSL.
   Active Directory	Specify whether or not to enable Active Directory. When Active Directory is enabled, enter the following items: [Domain]: Enter the full domain. [Alt UPN Suffix]: Enter the alternate UPN suffix. This appends the suffix to the username. Input example: mycompany.com
   Base DN	Enter the start point for searching for an account name. Starting from the base DN, the search is performed toward the end of the branches. Example: ou=member,dc=mycompany,dc=com
   Search Scope	Specify the search range from the base DN. [Single level]: The search is performed in the hierarchy that is a level below the base DN. [Subtree]: The search is performed in the base DN and all levels in the hierarchy under the Base DN.
   Search Condition	Enter the search condition. The following string is set as the default value: (&(objectClass=organizationalPerson) (sAMAccountName=^))
   Card Search Condition	Enter the search condition to be used for a user's Card ID search. The following string is set as the default value: (&(objectClass=organizationalPerson)(cardID=^)) Note The following characters should be escaped with a backslash (\): "(", ")", "*", "\", "/"
   PIN Code Search Condition	Enter the search condition to be used for a user PIN code search. The following string is set as the default value: (&(objectClass=organizationalPerson)(PINCode=^)) Note The following characters should be escaped with a backslash (\): "(", ")", "*", "\", "/"
   Prefix	Enter the prefix of the LDAP search filter.
   Suffix	Enter the suffix of the LDAP search filter.
   Anonymous Bind	Select whether to specify [Proxy User Name] and [Proxy User Password]. When this option is selected, you cannot specify [Proxy User Name] and [Proxy User Password].
   Proxy User Name	Enter the name of the proxy user.
   Proxy User Password	Click the [Change Password] button, and then enter the password of the proxy user.
   Enable DNS Round Robin	Specify whether or not to enable the DNS round robin function. The DNS round robin function assigns multiple IP addresses to a single domain name and disperses the connection workload among multiple servers.
   Timeout	Specify the LDAP operation timeout. The default is 5 seconds.
   Login User Name	Enter the attribute to identify the login user name. Enter the following string as the default value: sAMAccountName
   Display Name	Enter the display name. Enter the following string as the default value: displayName
   Email Address	Enter the attribute of the e-mail address of the user. Enter the following string as the default value: mail
   Fax Destination	Enter the attribute of the fax destination. Enter the following string as the default value: facsimileTelephoneNumber
   Group	Enter the attribute of the group name. Enter the following string as the default value: memberOf
   Home Folder	Enter the attribute of the user home folder. Enter the following string as the default value: homeDirectory
   Card ID	Enter the attribute of the card ID.
   User PIN	Enter the attribute of the PIN code. Only single-byte alphanumeric characters can be used.
   Account Limit	Enter the user attribute to determine the account limit. This item is displayed when [Managed in Authentication Server] is enabled in [Enforce Account Limit] in [User Management and Accounting Settings].
   Department	Enter the attribute of the department.
   Cost Center	Enter the attribute of the cost center.
   Group Search Condition	Enter the attribute to search for a group. Specify this setting when [Full Search] is selected in [Group Search Method For Administrator Role] or [Group Search Method For User].
   Group Search Method For Administrator Role	Select the method to identify the group member. [Simple Search]: Search is performed based on the identifier (DN). [Full Search]: Search is performed based on the user login group attribute. The default is [Full Search].
   Group Name Attribute For Administrator Role	Enter the attribute to obtain the group name. Specify this setting when [Full Search] is selected in [Group Search Method For Administrator Role].
   Group Search Method For User	Select the method to identify the group of a user. [Simple Search]: Searches for a group to which the user is directly assigned. [Full Search]: Searches for a group when a user with an authentication profile retrieves a group. The default is [Simple Search].

6. If you have authentication agent created, you can assign the agents to the LDAP profile in [Auth Proxy] tab. Click the arrow up to move the agent to the [Assigned Agent]. Refer to Authentication Agent for more details.

To check if the connection to the created authentication profile works, click the (Check Connection) button. You will be asked to enter a username and a password. The credential will be used to connect to the external authentication server. If the result returns unsuccessful, please check your input in the [LDAP] tab and try again.