Solved

HP M4335 using LDAP - Poll Active Directory server for emails.

Posted on 2008-10-14
11
3,293 Views
Last Modified: 2013-12-24
We currently have a slew of HP MFD's and we need them to be able to pull email addresses from active directoy. I tried setting this up in the past, unfortunatly with no luck. AD lies on Windows Server 2003 so I would assume the emails need to be pulled from AD VIA LDAP. I used a HP M4345 since it is the one we have access to and is closest to us for testing.
LDAP.JPG
0
Comment
Question by:FBTC_Helpdesk
11 Comments
 
LVL 31

Accepted Solution

by:
Henrik Johansson earned 500 total points
ID: 22724641
LDAP Server = IP-address of DC
Credentials = Use LDAP... and enter DN and password for the user to bind to AD
Search root = DC=domain,DC=com changed to match your AD domain name.
0
 

Author Comment

by:FBTC_Helpdesk
ID: 22732398
Does there need to be anything in the remaining fields. I have attached an example of the filled out LDAP info. When I "tried" to set this up before, I thought I remembered having to enter in more information, especially when searching the database.

Thanks.
LDAP.JPG
0
 
LVL 31

Expert Comment

by:Henrik Johansson
ID: 22732640
You nead to use LDAP-syntax for username and domain.
Search root: DC=ad,DC=firstbankers,DC=com
LDAP-username: CN=user,OU=path,DC=ad,DC=firstbankers,DC=com
If user is stored in default users container: CN=user,CN=Users,DC=ad,DC=firstbankers,DC=com

The last 3 fields looks optional and shouldn't be necessary, but can be used to filter down the result to not include the whole domain.
0
 

Author Comment

by:FBTC_Helpdesk
ID: 22744677
Any reason why it would keep telling me that my domain admin user doesn't have rights to the LDAP server? Also, where do i input LDAP-username: CN=FirstName.LastName,OU=IT,DC=ad,DC=firstbankers,DC=com? Do I put this in the LDAP Administrator DN? We're getting closer.
0
 
LVL 31

Expert Comment

by:Henrik Johansson
ID: 22746248
Yes, the line "LDAP Administrator's DN" shall be in LDAP-format (DN='Distingious Name' is the LDAP-path to the user object)
The CN-part is the "Display Name" you see when listing the users in ADUC.
0
 

Author Comment

by:FBTC_Helpdesk
ID: 23233365
It keeps telling me that my user credentials failed. I know that's not right because I'm using Domain Admin credentials?

0
 
LVL 31

Expert Comment

by:Henrik Johansson
ID: 23243185
As said, you nead to use LDAP-syntax for the user and domain by using the correct DN-paths.
On a DC (or other machine with adminpak.msi installed), use the following command to find the DN of the user.

dsquery user -samid "LogonName (pre-Win2000)"
or
dsquery user -upn LogonName@ad.firstbankers.com
0
 

Author Comment

by:FBTC_Helpdesk
ID: 23264761
I did the following (dsquery user -upn LogonName@ad.firstbankers.com) on my domain controller and was able to get the correct LDAP Administrators DN. I pluged it exactly what came up and entered the admin password below that. Unfortunatly I'm getting the same error: LDAP verification failed for the following reason(s): The LDAP server or the connection has failed.I did the following (dsquery user -upn LogonName@ad.firstbankers.com) on my domain controller and was able to get the correct LDAP Administrators DN. I plugged it exactly what came up and entered the admin password below that. Unfortunately I'm getting the same error: LDAP verification failed for the following reason(s): The LDAP server or the connection has failed.

I know this isn't rocket science, and I'm starting to think that the server I am trying to authenticate to might not have something installed to let me use LDAP authentication. This server I am connecting to houses AD which is basically LDAP - right?

I have tried connecting to the server by IP and by DNS name using port 389.

Does the Bind and Search Root have anything to do with authenication or is this just used to poll AD for matching email addresses.

I'm almost to the point of saying the hell with it, and having my end users manually enter in email addresses.

Any other ideas?

I know this isn't rocket science, and I'm starting to think that the server I am trying to authencate to might not have someone installed to let me use LDAP authenication. This server I am connecting to houses AD which is basically LDAP - right?

I have tried connecting to the server by IP and by DNS name using port 389.

Does the Bind and Search Root have anything to do with authenication or is this just used to poll AD for matching email addresses.

I'm almost to the point of saying the hell with it, and having my user manually enter in email addresses.

Any other ideas?
0
 
LVL 1

Expert Comment

by:NTGuru705
ID: 23540145
Any luck with this?
0
 

Author Comment

by:FBTC_Helpdesk
ID: 23547743
Nope, still can't get these darn HP multi function devices to talk to LDAP and I "think" I have everything correct. Any ideas as to what I might be missing?
0
 

Expert Comment

by:rudokop
ID: 24439779
Do you need it to autofill address list for the "send email with scan" procedure?
If so I do have a solution that worked for me.
In the "Digital Sending" tab you must choose "LDAP Settings"
LDAP Server Bind Method: simple
Use Public Credentials: Username: user must be in your AD, for example m4345
LDAP Server: IP address of your LDAP server
Search Root: CN=users,DC=firstbankers,DC=com
Device user information retrieval method: AD Defaults

Now click "Apply"

That worked for me.

This might be usefull too -- if you want to ignore disabled users contacts in your address book then apply the LDAP filter.
To do so:
Click "Advanced..."
LDAP Filter Condition: (&(objectClass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
Click "OK"

And I hope you are OK now, have fun.
0

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
IT Contract Fee 17 85
Uninstall Exchange 2013 error 1 10
Update in Sql 7 8
Exchange2003 Exchange 2010 coexistence 32 17
Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
Never store passwords in plain text or just their hash: it seems a no-brainier, but there are still plenty of people doing that. I present the why and how on this subject, offering my own real life solution that you can implement right away, bringin…
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
This video discusses moving either the default database or any database to a new volume.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now