Xerox WorkCentre 5050 and LDAP Access Windows 2003 AD

First I'm new to LDAP and it's taken me all day to learn the little I do know so any help with likely be helpful!

I'm running a Windows 2003 AD and am trying to get our new Xerox WorkCentre 5050 to pull LDAP information for its Scan to E-mail and Faxing services.

I referenced http://www.petri.co.il/anonymous_ldap_operations_in_windows_2003_ad.htm to setup anonymous LDAP access.  However I still can not get the Xerox to pull any information.

The Xerox machine asks for:

IP Address:
Search Directory Root:
Login Credentials:
Search Name Order: (Common Name or Surname and Given Name)

I give it the ip address of our Global Catalog Server.  Not sure what to enter for search directory, I've tried "OU=Domain Users,DC=Domain,DC=Com" and "CN=Users,DC=Domain,DC=Com".  For login credentials, I've tried both anonymous and given it an account with domain admins privs.  As for search order, I've been using Common Name.

It then asks for LDAP Server [TYPE] and gives me the choices of: Exchange, Domino, NDS, ADS and Netscape.  I know Domino is for Lotus Notes so I have not tried this.  But I've tried all the rest with no results.

Anyone have any ideas?

Thanks in advance!
ARSCOAsked:
Who is Participating?
 
PberConnect With a Mentor Solutions ArchitectCommented:
Oh yeah, the LDAP Server type would be: ADS

Usually the problem with LDAP connections are not using the proper fully qualified DNs.  Usually the problem is with substituting OU=Users when it is CN=Users.  You seem to have a handle on this, so that's probably not the problem.
It is possible it's a Kerberos error and in that case, make sure the time (and the time zone) on the printer matches the time on AD (within 5 minutes).

Check the security/system/application event logs on the DC looking for errors.
0
 
PberSolutions ArchitectCommented:
IP Address: is straight forward

Search Directory Root: that would be the container where your users are.  If you have multiple containers, you are probably best off with the root.  i.e.  DC=Domain,DC=com.

Logon Credentials:  This would probably be the full DN of the account.  CN=LDAPAccount,CN=Users,DC=Domain,DC=com.  A word of caution, don't give this account domain admin privs.  Normally you can get away with a normal account and just delegate some additional rights as needed.  If you give it domain admin, you are hoping that the Xerox machine is secure.  

The search Name order:  By default, AD stores username First, Last.  So you probably want Given.  If you've modified this for last name, then place surname in there.

0
 
ARSCOAuthor Commented:
Yes I know having the user as a domain admin is bad, I'm simply trying to get it working; once I get there I will restrict the account used and their access.

I simply can't get it working even with domain privs.  This is getting REALLY frustrating.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
ARSCOAuthor Commented:
Ok I got it working.  I just ditched the anonymous stuff and setup a basic domain user and changed the root directory to "DC=domain,DC=com".

This worked well.  I just went to the area's I didn't want this user to be able to access and denied read access to them.

Thanks for the help.
0
 
PberSolutions ArchitectCommented:
Glad to help.
0
 
PberSolutions ArchitectCommented:
Further to your message, AD by default doesn't allow anonymous binds.  So that was probably your issue.
0
 
dexiaitCommented:
i'm sorry but it isn't work.
there are no eroor on dc's event viewer, and the eroro is the same check your credential, no ldap server connection.
Directory Root: i insert only domain because i have multiple containers, i.e. DC=Domain,DC=com.
Logon Credentials:  CN=LDAPAccount,CN=Users,DC=Domain,DC=com in my case it's too long, because my domain is a child domain. so what's it the solution?
could i insert "domain\accountname"?
i select system authentication ldap server, is it right?
Could you help me, please?
0
 
PberSolutions ArchitectCommented:

You should ask a new question not in an existing closed question.  I may be able to help you, but you would be limited to a very few experts that may be monitoring this question.
Click the Ask Now button under "Not what you are looking for? Ask an Expert"  in Accepted Solution above.  This will open a Related Question Wizard and all experts will have a chance to see your question.
0
 
dexiaitCommented:
thank you i'll do that
0
 
dexiaitCommented:
Hi pber i've already opened question and the following the code my question:
ID:24077817Author:dexiait
0
 
dexiaitCommented:
i've got a solution.
it's important insert directory root:
ou=users, dc,domain,dc=com
on xerox 5645 directory root is called "indirizzo ip server alternativo"
see you attach file.
New-Text-Document.doc
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.