HP M4335 using LDAP - Poll Active Directory server for emails.

We currently have a slew of HP MFD's and we need them to be able to pull email addresses from active directoy. I tried setting this up in the past, unfortunatly with no luck. AD lies on Windows Server 2003 so I would assume the emails need to be pulled from AD VIA LDAP. I used a HP M4345 since it is the one we have access to and is closest to us for testing.
LDAP.JPG
FBTC_HelpdeskAsked:
Who is Participating?
 
Henrik JohanssonConnect With a Mentor Systems engineerCommented:
LDAP Server = IP-address of DC
Credentials = Use LDAP... and enter DN and password for the user to bind to AD
Search root = DC=domain,DC=com changed to match your AD domain name.
0
 
FBTC_HelpdeskAuthor Commented:
Does there need to be anything in the remaining fields. I have attached an example of the filled out LDAP info. When I "tried" to set this up before, I thought I remembered having to enter in more information, especially when searching the database.

Thanks.
LDAP.JPG
0
 
Henrik JohanssonSystems engineerCommented:
You nead to use LDAP-syntax for username and domain.
Search root: DC=ad,DC=firstbankers,DC=com
LDAP-username: CN=user,OU=path,DC=ad,DC=firstbankers,DC=com
If user is stored in default users container: CN=user,CN=Users,DC=ad,DC=firstbankers,DC=com

The last 3 fields looks optional and shouldn't be necessary, but can be used to filter down the result to not include the whole domain.
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
FBTC_HelpdeskAuthor Commented:
Any reason why it would keep telling me that my domain admin user doesn't have rights to the LDAP server? Also, where do i input LDAP-username: CN=FirstName.LastName,OU=IT,DC=ad,DC=firstbankers,DC=com? Do I put this in the LDAP Administrator DN? We're getting closer.
0
 
Henrik JohanssonSystems engineerCommented:
Yes, the line "LDAP Administrator's DN" shall be in LDAP-format (DN='Distingious Name' is the LDAP-path to the user object)
The CN-part is the "Display Name" you see when listing the users in ADUC.
0
 
FBTC_HelpdeskAuthor Commented:
It keeps telling me that my user credentials failed. I know that's not right because I'm using Domain Admin credentials?

0
 
Henrik JohanssonSystems engineerCommented:
As said, you nead to use LDAP-syntax for the user and domain by using the correct DN-paths.
On a DC (or other machine with adminpak.msi installed), use the following command to find the DN of the user.

dsquery user -samid "LogonName (pre-Win2000)"
or
dsquery user -upn LogonName@ad.firstbankers.com
0
 
FBTC_HelpdeskAuthor Commented:
I did the following (dsquery user -upn LogonName@ad.firstbankers.com) on my domain controller and was able to get the correct LDAP Administrators DN. I pluged it exactly what came up and entered the admin password below that. Unfortunatly I'm getting the same error: LDAP verification failed for the following reason(s): The LDAP server or the connection has failed.I did the following (dsquery user -upn LogonName@ad.firstbankers.com) on my domain controller and was able to get the correct LDAP Administrators DN. I plugged it exactly what came up and entered the admin password below that. Unfortunately I'm getting the same error: LDAP verification failed for the following reason(s): The LDAP server or the connection has failed.

I know this isn't rocket science, and I'm starting to think that the server I am trying to authenticate to might not have something installed to let me use LDAP authentication. This server I am connecting to houses AD which is basically LDAP - right?

I have tried connecting to the server by IP and by DNS name using port 389.

Does the Bind and Search Root have anything to do with authenication or is this just used to poll AD for matching email addresses.

I'm almost to the point of saying the hell with it, and having my end users manually enter in email addresses.

Any other ideas?

I know this isn't rocket science, and I'm starting to think that the server I am trying to authencate to might not have someone installed to let me use LDAP authenication. This server I am connecting to houses AD which is basically LDAP - right?

I have tried connecting to the server by IP and by DNS name using port 389.

Does the Bind and Search Root have anything to do with authenication or is this just used to poll AD for matching email addresses.

I'm almost to the point of saying the hell with it, and having my user manually enter in email addresses.

Any other ideas?
0
 
NTGuru705Commented:
Any luck with this?
0
 
FBTC_HelpdeskAuthor Commented:
Nope, still can't get these darn HP multi function devices to talk to LDAP and I "think" I have everything correct. Any ideas as to what I might be missing?
0
 
rudokopCommented:
Do you need it to autofill address list for the "send email with scan" procedure?
If so I do have a solution that worked for me.
In the "Digital Sending" tab you must choose "LDAP Settings"
LDAP Server Bind Method: simple
Use Public Credentials: Username: user must be in your AD, for example m4345
LDAP Server: IP address of your LDAP server
Search Root: CN=users,DC=firstbankers,DC=com
Device user information retrieval method: AD Defaults

Now click "Apply"

That worked for me.

This might be usefull too -- if you want to ignore disabled users contacts in your address book then apply the LDAP filter.
To do so:
Click "Advanced..."
LDAP Filter Condition: (&(objectClass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
Click "OK"

And I hope you are OK now, have fun.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.