?
Solved

HP M4335 using LDAP - Poll Active Directory server for emails.

Posted on 2008-10-14
11
Medium Priority
?
3,370 Views
Last Modified: 2013-12-24
We currently have a slew of HP MFD's and we need them to be able to pull email addresses from active directoy. I tried setting this up in the past, unfortunatly with no luck. AD lies on Windows Server 2003 so I would assume the emails need to be pulled from AD VIA LDAP. I used a HP M4345 since it is the one we have access to and is closest to us for testing.
LDAP.JPG
0
Comment
Question by:FBTC_Helpdesk
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
11 Comments
 
LVL 31

Accepted Solution

by:
Henrik Johansson earned 2000 total points
ID: 22724641
LDAP Server = IP-address of DC
Credentials = Use LDAP... and enter DN and password for the user to bind to AD
Search root = DC=domain,DC=com changed to match your AD domain name.
0
 

Author Comment

by:FBTC_Helpdesk
ID: 22732398
Does there need to be anything in the remaining fields. I have attached an example of the filled out LDAP info. When I "tried" to set this up before, I thought I remembered having to enter in more information, especially when searching the database.

Thanks.
LDAP.JPG
0
 
LVL 31

Expert Comment

by:Henrik Johansson
ID: 22732640
You nead to use LDAP-syntax for username and domain.
Search root: DC=ad,DC=firstbankers,DC=com
LDAP-username: CN=user,OU=path,DC=ad,DC=firstbankers,DC=com
If user is stored in default users container: CN=user,CN=Users,DC=ad,DC=firstbankers,DC=com

The last 3 fields looks optional and shouldn't be necessary, but can be used to filter down the result to not include the whole domain.
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:FBTC_Helpdesk
ID: 22744677
Any reason why it would keep telling me that my domain admin user doesn't have rights to the LDAP server? Also, where do i input LDAP-username: CN=FirstName.LastName,OU=IT,DC=ad,DC=firstbankers,DC=com? Do I put this in the LDAP Administrator DN? We're getting closer.
0
 
LVL 31

Expert Comment

by:Henrik Johansson
ID: 22746248
Yes, the line "LDAP Administrator's DN" shall be in LDAP-format (DN='Distingious Name' is the LDAP-path to the user object)
The CN-part is the "Display Name" you see when listing the users in ADUC.
0
 

Author Comment

by:FBTC_Helpdesk
ID: 23233365
It keeps telling me that my user credentials failed. I know that's not right because I'm using Domain Admin credentials?

0
 
LVL 31

Expert Comment

by:Henrik Johansson
ID: 23243185
As said, you nead to use LDAP-syntax for the user and domain by using the correct DN-paths.
On a DC (or other machine with adminpak.msi installed), use the following command to find the DN of the user.

dsquery user -samid "LogonName (pre-Win2000)"
or
dsquery user -upn LogonName@ad.firstbankers.com
0
 

Author Comment

by:FBTC_Helpdesk
ID: 23264761
I did the following (dsquery user -upn LogonName@ad.firstbankers.com) on my domain controller and was able to get the correct LDAP Administrators DN. I pluged it exactly what came up and entered the admin password below that. Unfortunatly I'm getting the same error: LDAP verification failed for the following reason(s): The LDAP server or the connection has failed.I did the following (dsquery user -upn LogonName@ad.firstbankers.com) on my domain controller and was able to get the correct LDAP Administrators DN. I plugged it exactly what came up and entered the admin password below that. Unfortunately I'm getting the same error: LDAP verification failed for the following reason(s): The LDAP server or the connection has failed.

I know this isn't rocket science, and I'm starting to think that the server I am trying to authenticate to might not have something installed to let me use LDAP authentication. This server I am connecting to houses AD which is basically LDAP - right?

I have tried connecting to the server by IP and by DNS name using port 389.

Does the Bind and Search Root have anything to do with authenication or is this just used to poll AD for matching email addresses.

I'm almost to the point of saying the hell with it, and having my end users manually enter in email addresses.

Any other ideas?

I know this isn't rocket science, and I'm starting to think that the server I am trying to authencate to might not have someone installed to let me use LDAP authenication. This server I am connecting to houses AD which is basically LDAP - right?

I have tried connecting to the server by IP and by DNS name using port 389.

Does the Bind and Search Root have anything to do with authenication or is this just used to poll AD for matching email addresses.

I'm almost to the point of saying the hell with it, and having my user manually enter in email addresses.

Any other ideas?
0
 
LVL 1

Expert Comment

by:NTGuru705
ID: 23540145
Any luck with this?
0
 

Author Comment

by:FBTC_Helpdesk
ID: 23547743
Nope, still can't get these darn HP multi function devices to talk to LDAP and I "think" I have everything correct. Any ideas as to what I might be missing?
0
 

Expert Comment

by:rudokop
ID: 24439779
Do you need it to autofill address list for the "send email with scan" procedure?
If so I do have a solution that worked for me.
In the "Digital Sending" tab you must choose "LDAP Settings"
LDAP Server Bind Method: simple
Use Public Credentials: Username: user must be in your AD, for example m4345
LDAP Server: IP address of your LDAP server
Search Root: CN=users,DC=firstbankers,DC=com
Device user information retrieval method: AD Defaults

Now click "Apply"

That worked for me.

This might be usefull too -- if you want to ignore disabled users contacts in your address book then apply the LDAP filter.
To do so:
Click "Advanced..."
LDAP Filter Condition: (&(objectClass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
Click "OK"

And I hope you are OK now, have fun.
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
With so many activities to perform, Exchange administrators are always busy in organizations. If everything, including Exchange Servers, Outlook clients, and Office 365 accounts work without any issues, they can sit and relax. But unfortunately, it…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question