Solved

HP M4335 using LDAP - Poll Active Directory server for emails.

Posted on 2008-10-14
11
3,338 Views
Last Modified: 2013-12-24
We currently have a slew of HP MFD's and we need them to be able to pull email addresses from active directoy. I tried setting this up in the past, unfortunatly with no luck. AD lies on Windows Server 2003 so I would assume the emails need to be pulled from AD VIA LDAP. I used a HP M4345 since it is the one we have access to and is closest to us for testing.
LDAP.JPG
0
Comment
Question by:FBTC_Helpdesk
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
11 Comments
 
LVL 31

Accepted Solution

by:
Henrik Johansson earned 500 total points
ID: 22724641
LDAP Server = IP-address of DC
Credentials = Use LDAP... and enter DN and password for the user to bind to AD
Search root = DC=domain,DC=com changed to match your AD domain name.
0
 

Author Comment

by:FBTC_Helpdesk
ID: 22732398
Does there need to be anything in the remaining fields. I have attached an example of the filled out LDAP info. When I "tried" to set this up before, I thought I remembered having to enter in more information, especially when searching the database.

Thanks.
LDAP.JPG
0
 
LVL 31

Expert Comment

by:Henrik Johansson
ID: 22732640
You nead to use LDAP-syntax for username and domain.
Search root: DC=ad,DC=firstbankers,DC=com
LDAP-username: CN=user,OU=path,DC=ad,DC=firstbankers,DC=com
If user is stored in default users container: CN=user,CN=Users,DC=ad,DC=firstbankers,DC=com

The last 3 fields looks optional and shouldn't be necessary, but can be used to filter down the result to not include the whole domain.
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 

Author Comment

by:FBTC_Helpdesk
ID: 22744677
Any reason why it would keep telling me that my domain admin user doesn't have rights to the LDAP server? Also, where do i input LDAP-username: CN=FirstName.LastName,OU=IT,DC=ad,DC=firstbankers,DC=com? Do I put this in the LDAP Administrator DN? We're getting closer.
0
 
LVL 31

Expert Comment

by:Henrik Johansson
ID: 22746248
Yes, the line "LDAP Administrator's DN" shall be in LDAP-format (DN='Distingious Name' is the LDAP-path to the user object)
The CN-part is the "Display Name" you see when listing the users in ADUC.
0
 

Author Comment

by:FBTC_Helpdesk
ID: 23233365
It keeps telling me that my user credentials failed. I know that's not right because I'm using Domain Admin credentials?

0
 
LVL 31

Expert Comment

by:Henrik Johansson
ID: 23243185
As said, you nead to use LDAP-syntax for the user and domain by using the correct DN-paths.
On a DC (or other machine with adminpak.msi installed), use the following command to find the DN of the user.

dsquery user -samid "LogonName (pre-Win2000)"
or
dsquery user -upn LogonName@ad.firstbankers.com
0
 

Author Comment

by:FBTC_Helpdesk
ID: 23264761
I did the following (dsquery user -upn LogonName@ad.firstbankers.com) on my domain controller and was able to get the correct LDAP Administrators DN. I pluged it exactly what came up and entered the admin password below that. Unfortunatly I'm getting the same error: LDAP verification failed for the following reason(s): The LDAP server or the connection has failed.I did the following (dsquery user -upn LogonName@ad.firstbankers.com) on my domain controller and was able to get the correct LDAP Administrators DN. I plugged it exactly what came up and entered the admin password below that. Unfortunately I'm getting the same error: LDAP verification failed for the following reason(s): The LDAP server or the connection has failed.

I know this isn't rocket science, and I'm starting to think that the server I am trying to authenticate to might not have something installed to let me use LDAP authentication. This server I am connecting to houses AD which is basically LDAP - right?

I have tried connecting to the server by IP and by DNS name using port 389.

Does the Bind and Search Root have anything to do with authenication or is this just used to poll AD for matching email addresses.

I'm almost to the point of saying the hell with it, and having my end users manually enter in email addresses.

Any other ideas?

I know this isn't rocket science, and I'm starting to think that the server I am trying to authencate to might not have someone installed to let me use LDAP authenication. This server I am connecting to houses AD which is basically LDAP - right?

I have tried connecting to the server by IP and by DNS name using port 389.

Does the Bind and Search Root have anything to do with authenication or is this just used to poll AD for matching email addresses.

I'm almost to the point of saying the hell with it, and having my user manually enter in email addresses.

Any other ideas?
0
 
LVL 1

Expert Comment

by:NTGuru705
ID: 23540145
Any luck with this?
0
 

Author Comment

by:FBTC_Helpdesk
ID: 23547743
Nope, still can't get these darn HP multi function devices to talk to LDAP and I "think" I have everything correct. Any ideas as to what I might be missing?
0
 

Expert Comment

by:rudokop
ID: 24439779
Do you need it to autofill address list for the "send email with scan" procedure?
If so I do have a solution that worked for me.
In the "Digital Sending" tab you must choose "LDAP Settings"
LDAP Server Bind Method: simple
Use Public Credentials: Username: user must be in your AD, for example m4345
LDAP Server: IP address of your LDAP server
Search Root: CN=users,DC=firstbankers,DC=com
Device user information retrieval method: AD Defaults

Now click "Apply"

That worked for me.

This might be usefull too -- if you want to ignore disabled users contacts in your address book then apply the LDAP filter.
To do so:
Click "Advanced..."
LDAP Filter Condition: (&(objectClass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
Click "OK"

And I hope you are OK now, have fun.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Unified and professional email signatures help maintain a consistent company brand image to the outside world. This article shows how to create an email signature in Exchange Server 2010 using a transport rule and how to overcome native limitations …
Check out this step-by-step guide for using the newly updated Experts Exchange mobile app—released on May 30.
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question