?
Solved

Xerox WorkCentre 5050 and LDAP Access Windows 2003 AD

Posted on 2007-07-23
11
Medium Priority
?
19,226 Views
Last Modified: 2013-12-24
First I'm new to LDAP and it's taken me all day to learn the little I do know so any help with likely be helpful!

I'm running a Windows 2003 AD and am trying to get our new Xerox WorkCentre 5050 to pull LDAP information for its Scan to E-mail and Faxing services.

I referenced http://www.petri.co.il/anonymous_ldap_operations_in_windows_2003_ad.htm to setup anonymous LDAP access.  However I still can not get the Xerox to pull any information.

The Xerox machine asks for:

IP Address:
Search Directory Root:
Login Credentials:
Search Name Order: (Common Name or Surname and Given Name)

I give it the ip address of our Global Catalog Server.  Not sure what to enter for search directory, I've tried "OU=Domain Users,DC=Domain,DC=Com" and "CN=Users,DC=Domain,DC=Com".  For login credentials, I've tried both anonymous and given it an account with domain admins privs.  As for search order, I've been using Common Name.

It then asks for LDAP Server [TYPE] and gives me the choices of: Exchange, Domino, NDS, ADS and Netscape.  I know Domino is for Lotus Notes so I have not tried this.  But I've tried all the rest with no results.

Anyone have any ideas?

Thanks in advance!
0
Comment
Question by:ARSCO
  • 5
  • 4
  • 2
11 Comments
 
LVL 26

Expert Comment

by:Pber
ID: 19550563
IP Address: is straight forward

Search Directory Root: that would be the container where your users are.  If you have multiple containers, you are probably best off with the root.  i.e.  DC=Domain,DC=com.

Logon Credentials:  This would probably be the full DN of the account.  CN=LDAPAccount,CN=Users,DC=Domain,DC=com.  A word of caution, don't give this account domain admin privs.  Normally you can get away with a normal account and just delegate some additional rights as needed.  If you give it domain admin, you are hoping that the Xerox machine is secure.  

The search Name order:  By default, AD stores username First, Last.  So you probably want Given.  If you've modified this for last name, then place surname in there.

0
 

Author Comment

by:ARSCO
ID: 19550767
Yes I know having the user as a domain admin is bad, I'm simply trying to get it working; once I get there I will restrict the account used and their access.

I simply can't get it working even with domain privs.  This is getting REALLY frustrating.
0
 
LVL 26

Accepted Solution

by:
Pber earned 2000 total points
ID: 19551019
Oh yeah, the LDAP Server type would be: ADS

Usually the problem with LDAP connections are not using the proper fully qualified DNs.  Usually the problem is with substituting OU=Users when it is CN=Users.  You seem to have a handle on this, so that's probably not the problem.
It is possible it's a Kerberos error and in that case, make sure the time (and the time zone) on the printer matches the time on AD (within 5 minutes).

Check the security/system/application event logs on the DC looking for errors.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 

Author Comment

by:ARSCO
ID: 19551188
Ok I got it working.  I just ditched the anonymous stuff and setup a basic domain user and changed the root directory to "DC=domain,DC=com".

This worked well.  I just went to the area's I didn't want this user to be able to access and denied read access to them.

Thanks for the help.
0
 
LVL 26

Expert Comment

by:Pber
ID: 19551248
Glad to help.
0
 
LVL 26

Expert Comment

by:Pber
ID: 19551497
Further to your message, AD by default doesn't allow anonymous binds.  So that was probably your issue.
0
 

Expert Comment

by:dexiait
ID: 23449372
i'm sorry but it isn't work.
there are no eroor on dc's event viewer, and the eroro is the same check your credential, no ldap server connection.
Directory Root: i insert only domain because i have multiple containers, i.e. DC=Domain,DC=com.
Logon Credentials:  CN=LDAPAccount,CN=Users,DC=Domain,DC=com in my case it's too long, because my domain is a child domain. so what's it the solution?
could i insert "domain\accountname"?
i select system authentication ldap server, is it right?
Could you help me, please?
0
 
LVL 26

Expert Comment

by:Pber
ID: 23451496

You should ask a new question not in an existing closed question.  I may be able to help you, but you would be limited to a very few experts that may be monitoring this question.
Click the Ask Now button under "Not what you are looking for? Ask an Expert"  in Accepted Solution above.  This will open a Related Question Wizard and all experts will have a chance to see your question.
0
 

Expert Comment

by:dexiait
ID: 23464969
thank you i'll do that
0
 

Expert Comment

by:dexiait
ID: 23465032
Hi pber i've already opened question and the following the code my question:
ID:24077817Author:dexiait
0
 

Expert Comment

by:dexiait
ID: 23465203
i've got a solution.
it's important insert directory root:
ou=users, dc,domain,dc=com
on xerox 5645 directory root is called "indirizzo ip server alternativo"
see you attach file.
New-Text-Document.doc
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Instead of error trapping or hard-coding for non-updateable fields when using QODBC, let VBA automatically disable them when forms open. This way, users can view but not change the data. Part 1 explained how to use schema tables to do this. Part 2 h…
One of the most important things in an application is the query performance. This article intends to give you good tips to improve the performance of your queries.
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question