Re: [ActiveDir] LDAP Logon Name

2006-08-17 Thread Paul Williams 

Not quite.  You need to escape the comma like so:

((objectCategory=person)(objectClass=user)(displayName=phelps\, k*))


--Paul

- Original Message - 
From: Matheesha Weerasinghe [EMAIL PROTECTED]

To: ActiveDir@mail.activedir.org
Sent: Monday, August 14, 2006 8:46 PM
Subject: Re: [ActiveDir] LDAP Logon Name



All I did was fix your query. It seemed like you were trying to do a
search for users who have phelps,k as the start of their
displayname.

I assume the printer wants a DN to do lookups. Any AD user should be
able to bind. But I dont know what it does with the bind credentials.
I've never configured a printer that needed to be given credentials to
an LDAP directory. Does it look at who submitted the job and do a
query for the persons email address and send them an email that its
done? I dont know.

You need to tell us how the LDAP credentials are going to be used by
the printer. Otherwise it may appear that we are not helpful. Which, I
well may be not ;-)

Sorry

M@



On 8/14/06, Alex Alborzfard [EMAIL PROTECTED] wrote:






Logon ID? Most likely the DN, but I need an account that can do the bind.

Per HP documentation after running the search, I am supposed to find the 
search prefix, which should begin after the individual user's CN.


This is the example right from documentation:



 Dn: 
 [EMAIL PROTECTED],OU=US,OU=Users,OU=Account,DC=americas,DC=cpqcorp,DC=net




I tried M@'s query, it worked…well kind of…it didn't generate an error, 
but got 0 entries on Matched DNs L


I also tried your tree view suggestion, but that didn't give me anything 
I could use for this printer.


I don't see anything even close to it. I'm beginning to HATE LDAP and HP 
both!!!





Alex






From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick

Sent: Monday, August 14, 2006 1:53 PM

To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] LDAP Logon Name




To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] LDAP Logon Name








Agreed. But does your printer search for the logon ID? I doubt it.  Most 
LDAP authentication (I HATE that term) will use the DN of the user: 
cn=user,cn=users,dc=domain,dc=com would be default.








From there it should be able to lookup the mail address in the directory.





You should specify the service account it will use to bind to the 
directory and the password and it should be fine from there.  To see that 
information, use ldp, and rather than search, use the tree view and 
navigate to it. (note: when the tree asks you for a dn value, leave it 
blank and press OK.)






Al












On 8/14/06, Matheesha Weerasinghe [EMAIL PROTECTED] wrote:



Your ldap filter doesnt look correct.






M@





On 8/14/06, Alex Alborzfard [EMAIL PROTECTED]  wrote:

According to product documentation, I have to configure embedded ldap
authentication. Apparently this printer has an Embedded Web Server
(EWS).
However, when I follow the documentation, using ldp tool, it fails when
trying to query ldap. The message I get is this:

***Searching...
ldap_search_s(ld, DC=pharmanet,DC=com, 2,
((objectclass=person)displayname=phelps,k*)), NULL,  0, msg)
Error: Search: Filter Error. 87
Server error:
Error94: ldap_parse_result failed: No result present in message
Getting 0 entries:

I connect to ldp as member of Domain Admins and Schema Admins, with the
same result.

Any ideas?

Alex

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tomasz Onyszko
Sent: Wednesday, August 09, 2006 3:05 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] LDAP Logon Name

Alex Alborzfard wrote:
 We have a HP printer/scanner that we want to setup for emailing
scanned
 documents.

 Management wants to ensure only domain users with email addresses can
do
 this.

 There is an option for setting up LDAP gateway, where you can set user

 name  password up.

 It's asking for LDAP logonname. I have tried my user name and account
 anme, but it didn't work.

 I looked it up in ADSIedit, but I couldn't find it.

I think that simplest way would be to refer to product documentation but

I would try to use DN, or CN (in CN=... format) of this user.

--
Tomasz Onyszko
http://www.w2k.pl/blog/ - (PL)
http://blogs.dirteam.com/blogs/tomek/ - (EN)
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx








.+-wm ibb+ڲKE0+v*?.+-jq.+-j!irدyثi

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx

Re: [ActiveDir] LDAP Logon Name

2006-08-17 Thread Paul Williams 



You need to escape the comma, as a comma 
is a delimiter and in the case of displayName it shouldn't be a 
delimiter:

((objectCategory=person)(objectClass=user)(displayName=phelps\, 
k*))


I've not read the whole thread, so can't 
discuss whether or not this is the best way to do what you want. I will 
say I feel for you re. the HP documentation. I had some fun getting the AD 
iLO integration stuff to work because the guide wasn't very helpful at 
explaining what format and syntax things wanted. I found the help on the 
administration pages better, and simply tried a number of things that I thought 
should work.


--Paul

  - Original Message - 
  From: 
  Alex Alborzfard 
  To: ActiveDir@mail.activedir.org 
  
  Sent: Monday, August 14, 2006 8:22 
  PM
  Subject: RE: [ActiveDir] LDAP Logon 
  Name
  
  
  Good catch, but the 
  corrected query still didn’t work! L
  
  
  Alex
  
  
  
  
  From: [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED] On Behalf Of Andrew CaceSent: Monday, August 14, 2006 2:50 
  PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] LDAP Logon 
  Name
  
  In the error below, 
  the LDAP filter is 
  "((objectclass=person)displayname=phelps,k*))". You 
  missed the opening parenthesis before displayname.
  
  -Andrew
  
  
  
  
  
  From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
  On Behalf Of Alex AlborzfardSent: Monday, August 14, 2006 1:24 
  PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] LDAP Logon 
  Name
  
  That was exactly the 
  same as HP documentation. I’ll try your filter and will post the 
  result.
  
  Thanks
  
  
  Alex
  
  
  
  
  From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
  On Behalf Of Matheesha 
  WeerasingheSent: Monday, 
  August 14, 2006 1:43 PMTo: 
  ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] LDAP Logon 
  Name
  
  
  I assume you need a filter such as 
  "((objectcategory=person)(objectclass=user)(displayname=phelps,k*))" 
  
  
  
  
  I optimised the user object search and put a opening 
  bracket when specifying the displayname.
  
  
  
  M@
  
  On 8/14/06, Matheesha Weerasinghe [EMAIL PROTECTED] 
  wrote: 
  
  
  Your ldap filter doesnt look 
  correct.
  
  
  
  
  M@
  
  
  On 8/14/06, Alex 
  Alborzfard [EMAIL PROTECTED]  wrote: 
  
  According to product documentation, I have to 
  configure embedded ldapauthentication. Apparently this printer has an 
  Embedded Web Server (EWS).However, when I follow the documentation, 
  using ldp tool, it fails whentrying to query ldap. The message I get is 
  this:***Searching...ldap_search_s(ld, "DC=pharmanet,DC=com", 
  2,"((objectclass=person)displayname=phelps,k*))", NULL,0, 
  msg)Error: Search: Filter Error. 87Server 
  error:Error94: ldap_parse_result failed: No result present in 
  messageGetting 0 entries:I connect to ldp as member of Domain 
  Admins and Schema Admins, with thesame result.Any 
  ideas?Alex-Original Message-From: [EMAIL PROTECTED][mailto:[EMAIL PROTECTED]] On Behalf Of Tomasz 
  Onyszko Sent: Wednesday, August 09, 2006 3:05 PMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] 
  LDAP Logon Name Alex 
  Alborzfard wrote: We have a HP printer/scanner that 
  we want to setup for emailing scanned documents. 
  Management wants to ensure only domain users with email addresses 
  cando this. There is an option for setting up LDAP 
  gateway, where you can set user  name  password 
  up. It's asking for LDAP logonname. I have tried my user name 
  and account  anme, but it didn't work. I looked it up 
  in ADSIedit, but I couldn't find it. I think that simplest way would 
  be to refer to product documentation butI would try to use DN, or CN 
  (in CN=... format) of this user. --Tomasz Onyszkohttp://www.w2k.pl/blog/ - 
  (PL)http://blogs.dirteam.com/blogs/tomek/ - (EN)List 
  info : http://www.activedir.org/List.aspxList 
  FAQ: http://www.activedir.org/ListFAQ.aspxList archive: http://www.activedir.org/ml/threads.aspxList 
  info : http://www.activedir.org/List.aspxList 
  FAQ: http://www.activedir.org/ListFAQ.aspxList archive: http://www.activedir.org/ml/threads.aspx

Re: [ActiveDir] LDAP Logon Name

2006-08-17 Thread Matheesha Weerasinghe 

Thanks Paul

M@

On 8/17/06, Paul Williams [EMAIL PROTECTED] wrote:


You need to escape the comma, as a comma is a delimiter and in the case of
displayName it shouldn't be a delimiter:

((objectCategory=person)(objectClass=user)(displayName=phelps\,
k*))


I've not read the whole thread, so can't discuss whether or not this is the
best way to do what you want.  I will say I feel for you re. the HP
documentation.  I had some fun getting the AD iLO integration stuff to work
because the guide wasn't very helpful at explaining what format and syntax
things wanted.  I found the help on the administration pages better, and
simply tried a number of things that I thought should work.


--Paul

- Original Message -
From: Alex Alborzfard
To: ActiveDir@mail.activedir.org
Sent: Monday, August 14, 2006 8:22 PM
Subject: RE: [ActiveDir] LDAP Logon Name



Good catch, but the corrected query still didn't work! L




Alex



From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Andrew Cace
Sent: Monday, August 14, 2006 2:50 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] LDAP Logon Name



In the error below, the LDAP filter is
((objectclass=person)displayname=phelps,k*)).  You
missed the opening parenthesis before displayname.



-Andrew





From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Alex Alborzfard
Sent: Monday, August 14, 2006 1:24 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] LDAP Logon Name



That was exactly the same as HP documentation. I'll try your filter and will
post the result.



Thanks




Alex



From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Matheesha Weerasinghe
Sent: Monday, August 14, 2006 1:43 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] LDAP Logon Name




I assume you need a filter such as
((objectcategory=person)(objectclass=user)(displayname=phelps,k*))





I optimised the user object search and put a opening bracket when specifying
the displayname.





M@




On 8/14/06, Matheesha Weerasinghe [EMAIL PROTECTED] wrote:


Your ldap filter doesnt look correct.





M@




On 8/14/06, Alex Alborzfard [EMAIL PROTECTED]  wrote:

According to product documentation, I have to configure embedded ldap
authentication. Apparently this printer has an Embedded Web Server
(EWS).
However, when I follow the documentation, using ldp tool, it fails when
trying to query ldap. The message I get is this:

***Searching...
ldap_search_s(ld, DC=pharmanet,DC=com, 2,
((objectclass=person)displayname=phelps,k*)), NULL,  0,
msg)
Error: Search: Filter Error. 87
Server error:
Error94: ldap_parse_result failed: No result present in message
Getting 0 entries:

I connect to ldp as member of Domain Admins and Schema Admins, with the
same result.

Any ideas?

Alex

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Tomasz Onyszko
Sent: Wednesday, August 09, 2006 3:05 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] LDAP Logon Name

Alex Alborzfard wrote:
 We have a HP printer/scanner that we want to setup for emailing
scanned
 documents.

 Management wants to ensure only domain users with email addresses can
do
 this.

 There is an option for setting up LDAP gateway, where you can set user

 name  password up.

 It's asking for LDAP logonname. I have tried my user name and account
 anme, but it didn't work.

 I looked it up in ADSIedit, but I couldn't find it.

I think that simplest way would be to refer to product documentation but

I would try to use DN, or CN (in CN=... format) of this user.

--
Tomasz Onyszko
http://www.w2k.pl/blog/ - (PL)
http://blogs.dirteam.com/blogs/tomek/ - (EN)
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx






List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx

RE: [ActiveDir] LDAP Logon Name

2006-08-17 Thread joe 



I'm sorry small correction...

You have two different things you have to worry about 
special characters in, DNs andSearch Filters. They have different sets of 
characters you need to worry about and also have twodifferent methods of 
escaping the characters.

In DNs you escape special characters by a preceding back 
slash, note from RFC 2253:

 If the UTF-8 string does not have any of the following 
characters which need escaping, then that string can be used as 
the string representation of the 
value. o a space or "#" character 
occurring at the beginning of the 
string o a space character occurring at 
the end of the string o one of the 
characters ",", "+", """, "\", "", "" or ";" 
Implementations MAY escape other characters. If a character 
to be escaped is one of the list shown above, then it is 
prefixed by a backslash ('\' ASCII 92). Otherwise the 
character to be escaped is replaced by a backslash and two hex 
digits, which form a single byte in the code of the 
character.
As you can see, commas are clearly listed as a character 
that needs to be escaped and this is obvious as Paul mentioned, it is a 
delimitr. It is used to delimit the DN into its individual 
RDNs.

In Search Filters, you have slightly different rules as 
indicated in RFC 2254:

If a 
value should contain any of the following 
characters 
Character ASCII 
value 
--- 
* 
0x2a 
( 
0x28 
) 
0x29 
\ 
0x5c 
NUL 
0x00 the character must be encoded as the backslash '\' 
character (ASCII 0x5c) followed by the two hexadecimal digits 
representing the ASCII value of the encoded character. The case 
of the two hexadecimal digits is not 
significant. This simple escaping mechanism eliminates 
filter-parsing ambiguities and allows any filter that can be 
represented in LDAP to be represented as a NUL-terminated 
string. Other characters besides the ones listed above may be 
escaped using this mechanism, for example, non-printing 
characters. For example, the filter checking whether the 
"cn" attribute contained a value with the character "*" anywhere 
in it would be represented as "(cn=*\2a*)". 
Note that although both the substring and present productions in 
the grammar above can produce the "attr=*" construct, this 
construct is used only to denote a presence 
filter.

As you can see, commas are not normally a character that 
needs to be escaped in a filter. However, they will, because of RFC2253 have to 
be escaped for any attributes with a DNbased attribute syntax (i.e. if you 
stuff a DN into a string value, you wouldn't need to escape it, but if you stuff 
it into a DN attribute you would). If you truly were going to escape a comma for 
a filter reason, the escape sequence would be \2c I believe. 


To further complicate the matter, putting that slash in 
front of the comma when it isn't required for a DN will cause the filter to not 
properly match.

[Thu 08/17/2006 
10:01:46.40]F:\DEV\cpp\eventiddmpadfind -default -f "displayname=user, 
test" -dn

AdFind V01.31.00cpp Joe Richards ([EMAIL PROTECTED]) 
March 2006

Using server: r2dc2.test.loc:389Directory: Windows 
Server 2003Base DN: DC=test,DC=loc

dn:CN=user\, 
test,OU=Users,OU=TestOU,DC=test,DC=loc

1 Objects returned

[Thu 08/17/2006 
10:01:48.69]F:\DEV\cpp\eventiddmpadfind -default -f "displayname=user\, 
test" -dn

AdFind V01.31.00cpp Joe Richards ([EMAIL PROTECTED]) 
March 2006

Using server: r2dc2.test.loc:389Directory: Windows 
Server 2003Base DN: DC=test,DC=loc

0 Objects 
returned


So the upshot, if your queryhas a DN in it and being 
compared against a DN syntax attribute say like member or memberof, then you 
need to escape any extraneous commas. Otherwise, leave the commas 
alone.

This one of the reasons why DNs should be based on very 
simple ascii characters. If using full blown GUI tools they will "usually" 
handle this stuff for you so you don't have to worry, but lower level tools and 
command line tools won't usually guide you as much. 

 joe




--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm




From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Paul 
WilliamsSent: Thursday, August 17, 2006 4:30 AMTo: 
ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] LDAP Logon 
Name

You need to escape the comma, as a comma 
is a delimiter and in the case of displayName it shouldn't be a 
delimiter:

((objectCategory=person)(objectClass=user)(displayName=phelps\, 
k*))


I've not read the whole thread, so can't 
discuss whether or not this is the best way to do what you want. I will 
say I feel for you re. the HP documentation. I had some fun getting the AD 
iLO integration stuff to work because the guide wasn't very helpful at 
explaining what format and syntax things wanted. I found the help on the 
administration pages better, and simply tri

Re: [ActiveDir] LDAP Logon Name

2006-08-15 Thread Al Mulnick 
Hmm... got a blank message again. Hopefully this is not a repeat then. 

Bind DN: The dn of the account to bind to the AD so you can search for users. 
User Search: if you try to search by assuming (shame on them for not explaining it better) that your display name and your cn would be close to matching, then shame on HP for such small thinking. That is the default if you use the active directory users and computers tools. However, anyone who has a more mature process and doesn't like unnatural contortionist moves to be able to find things in directories will tell you, you'll have your cn equal to something that's unique and doesn't have any escape characters. If you use the display name, you'll have escape characters so that makes that tough. 


If, and this is a big IF, you have your mailbox alias, samaccountname (NT logon id), and your cn match, then your search might be a heck of a lot easier. If those are not lined up, then please see the part about the big IF for a better explanation. 


It's applications like these that have driven me to conclude that those field should match and should be a globally unique id. Having them be domain specific, won't be enough, and forest specific won't be enough either if you ever decide to follow Microsoft's latest idea about multiple forests on a corporate network. ;) That's because when the identities collide, there will be issues. And that would be a bad thing to try and work out because users hate it when you mess with their identity. Ugly things happen in that situation more often than not and it's a shame because they can be avoided so easily IMHO. 


Al


On 8/14/06, Matheesha Weerasinghe [EMAIL PROTECTED] wrote:

RE: [ActiveDir] LDAP Logon Name

2006-08-14 Thread Alex Alborzfard 
According to product documentation, I have to configure embedded ldap
authentication. Apparently this printer has an Embedded Web Server
(EWS).
However, when I follow the documentation, using ldp tool, it fails when
trying to query ldap. The message I get is this:

***Searching...
ldap_search_s(ld, DC=pharmanet,DC=com, 2,
((objectclass=person)displayname=phelps,k*)), NULL,  0, msg)
Error: Search: Filter Error. 87
Server error: 
Error94: ldap_parse_result failed: No result present in message
Getting 0 entries:

I connect to ldp as member of Domain Admins and Schema Admins, with the
same result.

Any ideas?

Alex

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tomasz Onyszko
Sent: Wednesday, August 09, 2006 3:05 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] LDAP Logon Name

Alex Alborzfard wrote:
 We have a HP printer/scanner that we want to setup for emailing
scanned 
 documents.
 
 Management wants to ensure only domain users with email addresses can
do 
 this.
 
 There is an option for setting up LDAP gateway, where you can set user

 name  password up.
 
 It's asking for LDAP logonname. I have tried my user name and account 
 anme, but it didn't work.
 
 I looked it up in ADSIedit, but I couldn't find it.

I think that simplest way would be to refer to product documentation but

I would try to use DN, or CN (in CN=... format) of this user.

-- 
Tomasz Onyszko
http://www.w2k.pl/blog/ - (PL)
http://blogs.dirteam.com/blogs/tomek/ - (EN)
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx

Re: [ActiveDir] LDAP Logon Name

2006-08-14 Thread Matheesha Weerasinghe 
Your ldap filter doesnt look correct.

M@
On 8/14/06, Alex Alborzfard [EMAIL PROTECTED] wrote:
According to product documentation, I have to configure embedded ldapauthentication. Apparently this printer has an Embedded Web Server
(EWS).However, when I follow the documentation, using ldp tool, it fails whentrying to query ldap. The message I get is this:***Searching...ldap_search_s(ld, DC=pharmanet,DC=com, 2,
((objectclass=person)displayname=phelps,k*)), NULL,0, msg)Error: Search: Filter Error. 87Server error:Error94: ldap_parse_result failed: No result present in message
Getting 0 entries:I connect to ldp as member of Domain Admins and Schema Admins, with thesame result.Any ideas?Alex-Original Message-From: 
[EMAIL PROTECTED][mailto:[EMAIL PROTECTED]] On Behalf Of Tomasz OnyszkoSent: Wednesday, August 09, 2006 3:05 PMTo: 
ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] LDAP Logon NameAlex Alborzfard wrote: We have a HP printer/scanner that we want to setup for emailing
scanned documents. Management wants to ensure only domain users with email addresses cando this. There is an option for setting up LDAP gateway, where you can set user
 name  password up. It's asking for LDAP logonname. I have tried my user name and account anme, but it didn't work. I looked it up in ADSIedit, but I couldn't find it.
I think that simplest way would be to refer to product documentation butI would try to use DN, or CN (in CN=... format) of this user.--Tomasz Onyszkohttp://www.w2k.pl/blog/
 - (PL)http://blogs.dirteam.com/blogs/tomek/ - (EN)List info : http://www.activedir.org/List.aspxList FAQ: 
http://www.activedir.org/ListFAQ.aspxList archive: http://www.activedir.org/ml/threads.aspxList info : 
http://www.activedir.org/List.aspxList FAQ: http://www.activedir.org/ListFAQ.aspxList archive: http://www.activedir.org/ml/threads.aspx

Re: [ActiveDir] LDAP Logon Name

2006-08-14 Thread Matheesha Weerasinghe 
I assume you need a filter such as ((objectcategory=person)(objectclass=user)(displayname=phelps,k*)) 

I optimised the user object search and put a opening bracket when specifying the displayname.

M@
On 8/14/06, Matheesha Weerasinghe [EMAIL PROTECTED] wrote:


Your ldap filter doesnt look correct.


M@

On 8/14/06, Alex Alborzfard [EMAIL PROTECTED]
 wrote: 
According to product documentation, I have to configure embedded ldapauthentication. Apparently this printer has an Embedded Web Server 
(EWS).However, when I follow the documentation, using ldp tool, it fails whentrying to query ldap. The message I get is this:***Searching...ldap_search_s(ld, DC=pharmanet,DC=com, 2,
((objectclass=person)displayname=phelps,k*)), NULL,0, msg)Error: Search: Filter Error. 87Server error:Error94: ldap_parse_result failed: No result present in message
Getting 0 entries:I connect to ldp as member of Domain Admins and Schema Admins, with thesame result.Any ideas?Alex-Original Message-From: 
[EMAIL PROTECTED][mailto:[EMAIL PROTECTED]] On Behalf Of Tomasz Onyszko
Sent: Wednesday, August 09, 2006 3:05 PMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] LDAP Logon Name
Alex Alborzfard wrote: We have a HP printer/scanner that we want to setup for emailing scanned documents. Management wants to ensure only domain users with email addresses can
do this. There is an option for setting up LDAP gateway, where you can set user  name  password up. It's asking for LDAP logonname. I have tried my user name and account
 anme, but it didn't work. I looked it up in ADSIedit, but I couldn't find it. I think that simplest way would be to refer to product documentation butI would try to use DN, or CN (in CN=... format) of this user.
--Tomasz Onyszkohttp://www.w2k.pl/blog/ - (PL)
http://blogs.dirteam.com/blogs/tomek/ - (EN)List info : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspxList archive: 
http://www.activedir.org/ml/threads.aspxList info : http://www.activedir.org/List.aspxList FAQ: 
http://www.activedir.org/ListFAQ.aspxList archive: 
http://www.activedir.org/ml/threads.aspx

Re: [ActiveDir] LDAP Logon Name

2006-08-14 Thread Al Mulnick 
Agreed.But does your printer search for the logon ID? I doubt it. Most LDAP authentication (I HATE that term) will use the DN of the user: cn=user,cn=users,dc=domain,dc=com would be default. 

From there it should be able to lookup the mail address in the directory. 

You should specify the service account it will use to bind to the directory and the password and it should be fine from there. To see that information, use ldp, and rather than search, use the tree view and navigate to it. (note: when the tree asks you for a dn value, leave it blank and press OK.)


Al


On 8/14/06, Matheesha Weerasinghe [EMAIL PROTECTED] wrote:


Your ldap filter doesnt look correct.


M@

On 8/14/06, Alex Alborzfard [EMAIL PROTECTED]
 wrote: 
According to product documentation, I have to configure embedded ldapauthentication. Apparently this printer has an Embedded Web Server 
(EWS).However, when I follow the documentation, using ldp tool, it fails whentrying to query ldap. The message I get is this:***Searching...ldap_search_s(ld, DC=pharmanet,DC=com, 2,
((objectclass=person)displayname=phelps,k*)), NULL,0, msg)Error: Search: Filter Error. 87Server error:Error94: ldap_parse_result failed: No result present in message
Getting 0 entries:I connect to ldp as member of Domain Admins and Schema Admins, with thesame result.Any ideas?Alex-Original Message-From: 
[EMAIL PROTECTED][mailto:[EMAIL PROTECTED]] On Behalf Of Tomasz Onyszko
Sent: Wednesday, August 09, 2006 3:05 PMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] LDAP Logon Name
Alex Alborzfard wrote: We have a HP printer/scanner that we want to setup for emailing scanned documents. Management wants to ensure only domain users with email addresses can
do this. There is an option for setting up LDAP gateway, where you can set user  name  password up. It's asking for LDAP logonname. I have tried my user name and account
 anme, but it didn't work. I looked it up in ADSIedit, but I couldn't find it. I think that simplest way would be to refer to product documentation butI would try to use DN, or CN (in CN=... format) of this user.
--Tomasz Onyszkohttp://www.w2k.pl/blog/ - (PL)
http://blogs.dirteam.com/blogs/tomek/ - (EN)List info : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspxList archive: 
http://www.activedir.org/ml/threads.aspxList info : http://www.activedir.org/List.aspxList FAQ: 
http://www.activedir.org/ListFAQ.aspxList archive: 
http://www.activedir.org/ml/threads.aspx

RE: [ActiveDir] LDAP Logon Name

2006-08-14 Thread Alex Alborzfard 








That was exactly the same as HP
documentation. Ill try your filter and will post the result.



Thanks





Alex











From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matheesha Weerasinghe
Sent: Monday, August 14, 2006 1:43
PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] LDAP
Logon Name







I assume you need a filter such as
((objectcategory=person)(objectclass=user)(displayname=phelps,k*))












I optimised the user object search and put a opening bracket when
specifying the displayname.











M@







On 8/14/06, Matheesha
Weerasinghe [EMAIL PROTECTED]
wrote: 





Your ldap filter doesnt look correct.















M@











On 8/14/06, Alex Alborzfard [EMAIL PROTECTED]
 wrote: 

According to product documentation, I have to configure embedded ldap
authentication. Apparently this printer has an Embedded Web Server 
(EWS).
However, when I follow the documentation, using ldp tool, it fails when
trying to query ldap. The message I get is this:

***Searching...
ldap_search_s(ld, DC=pharmanet,DC=com, 2,
((objectclass=person)displayname=phelps,k*)),
NULL,0, msg)
Error: Search: Filter Error. 87
Server error:
Error94: ldap_parse_result failed: No result present in message
Getting 0 entries:

I connect to ldp as member of Domain Admins and Schema Admins, with the
same result.

Any ideas?

Alex

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
On Behalf Of Tomasz Onyszko 
Sent: Wednesday, August 09, 2006 3:05 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] LDAP Logon Name 

Alex Alborzfard wrote:
 We have a HP printer/scanner that we want to setup for emailing 
scanned
 documents.

 Management wants to ensure only domain users with email addresses can
do
 this.

 There is an option for setting up LDAP gateway, where you can set user 

 name  password up.

 It's asking for LDAP logonname. I have tried my user name and account 
 anme, but it didn't work.

 I looked it up in ADSIedit, but I couldn't find it. 

I think that simplest way would be to refer to product documentation but

I would try to use DN, or CN (in CN=... format) of this user. 

--
Tomasz Onyszko
http://www.w2k.pl/blog/ -
(PL)
http://blogs.dirteam.com/blogs/tomek/
- (EN)
List info : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
List info : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx

RE: [ActiveDir] LDAP Logon Name

2006-08-14 Thread Andrew Cace 








In the error below, the LDAP filter is ((objectclass=person)displayname=phelps,k*)).
You missed the opening parenthesis before displayname.



-Andrew











From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alex Alborzfard
Sent: Monday, August 14, 2006 1:24
PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] LDAP
Logon Name





That was exactly the same as HP
documentation. Ill try your filter and will post the result.



Thanks





Alex











From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matheesha Weerasinghe
Sent: Monday, August 14, 2006 1:43
PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] LDAP
Logon Name







I assume you need a filter such as
((objectcategory=person)(objectclass=user)(displayname=phelps,k*))












I optimised the user object search and put a opening bracket when
specifying the displayname.











M@







On 8/14/06, Matheesha
Weerasinghe [EMAIL PROTECTED]
wrote: 





Your ldap filter doesnt look correct.















M@











On 8/14/06, Alex Alborzfard [EMAIL PROTECTED]
 wrote: 

According to product documentation, I have to configure embedded ldap
authentication. Apparently this printer has an Embedded Web Server 
(EWS).
However, when I follow the documentation, using ldp tool, it fails when
trying to query ldap. The message I get is this:

***Searching...
ldap_search_s(ld, DC=pharmanet,DC=com, 2,
((objectclass=person)displayname=phelps,k*)),
NULL,0, msg)
Error: Search: Filter Error. 87
Server error:
Error94: ldap_parse_result failed: No result present in message
Getting 0 entries:

I connect to ldp as member of Domain Admins and Schema Admins, with the
same result.

Any ideas?

Alex

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
On Behalf Of Tomasz Onyszko 
Sent: Wednesday, August 09, 2006 3:05 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] LDAP Logon Name 

Alex Alborzfard wrote:
 We have a HP printer/scanner that we want to setup for emailing 
scanned
 documents.

 Management wants to ensure only domain users with email addresses can
do
 this.

 There is an option for setting up LDAP gateway, where you can set user 

 name  password up.

 It's asking for LDAP logonname. I have tried my user name and account 
 anme, but it didn't work.

 I looked it up in ADSIedit, but I couldn't find it. 

I think that simplest way would be to refer to product documentation but

I would try to use DN, or CN (in CN=... format) of this user. 

--
Tomasz Onyszko
http://www.w2k.pl/blog/ -
(PL)
http://blogs.dirteam.com/blogs/tomek/
- (EN)
List info : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
List info : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx

RE: [ActiveDir] LDAP Logon Name

2006-08-14 Thread Alex Alborzfard 








Logon ID? Most likely the DN, but I need
an account that can do the bind.

Per HP documentation after running the
search, I am supposed to find the search prefix, which should begin after the
individual users CN.

This is the example right from
documentation:



 Dn: [EMAIL PROTECTED],OU=US,OU=Users,OU=Account,DC=americas,DC=cpqcorp,DC=net



I tried M@s query, it workedwell
kind ofit didnt generate an error, but got 0 entries on Matched DNs
L

I also tried your tree view suggestion,
but that didnt give me anything I could use for this printer.

I dont see anything even close to
it. Im beginning to HATE LDAP and HP both!!!





Alex











From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick
Sent: Monday, August 14, 2006 1:53
PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] LDAP
Logon Name







Agreed.But does your printer search for the logon ID? I doubt
it. Most LDAP authentication (I HATE that term) will use the DN of the
user: cn=user,cn=users,dc=domain,dc=com would be default. 











From there it should be able to lookup the mail address in the
directory. 











You should specify the service account it will use to bind to the
directory and the password and it should be fine from there. To see that
information, use ldp, and rather than search, use the tree view and navigate to
it. (note: when the tree asks you for a dn value, leave it blank and press OK.)












Al



















On 8/14/06, Matheesha
Weerasinghe [EMAIL PROTECTED]
wrote: 





Your ldap filter doesnt look correct.















M@











On 8/14/06, Alex Alborzfard [EMAIL PROTECTED]
 wrote: 

According to product documentation, I have to configure embedded ldap
authentication. Apparently this printer has an Embedded Web Server 
(EWS).
However, when I follow the documentation, using ldp tool, it fails when
trying to query ldap. The message I get is this:

***Searching...
ldap_search_s(ld, DC=pharmanet,DC=com, 2,
((objectclass=person)displayname=phelps,k*)),
NULL,0, msg)
Error: Search: Filter Error. 87
Server error:
Error94: ldap_parse_result failed: No result present in message
Getting 0 entries:

I connect to ldp as member of Domain Admins and Schema Admins, with the
same result.

Any ideas?

Alex

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
On Behalf Of Tomasz Onyszko 
Sent: Wednesday, August 09, 2006 3:05 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] LDAP Logon Name 

Alex Alborzfard wrote:
 We have a HP printer/scanner that we want to setup for emailing 
scanned
 documents.

 Management wants to ensure only domain users with email addresses can
do
 this.

 There is an option for setting up LDAP gateway, where you can set user 

 name  password up.

 It's asking for LDAP logonname. I have tried my user name and account 
 anme, but it didn't work.

 I looked it up in ADSIedit, but I couldn't find it. 

I think that simplest way would be to refer to product documentation but

I would try to use DN, or CN (in CN=... format) of this user. 

--
Tomasz Onyszko
http://www.w2k.pl/blog/ -
(PL)
http://blogs.dirteam.com/blogs/tomek/
- (EN)
List info : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
List info : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx

RE: [ActiveDir] LDAP Logon Name

2006-08-14 Thread Alex Alborzfard 








Good catch, but the corrected query still
didnt work! L





Alex











From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andrew Cace
Sent: Monday, August 14, 2006 2:50
PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] LDAP
Logon Name





In the error below, the LDAP filter is ((objectclass=person)displayname=phelps,k*)).
You missed the opening parenthesis before displayname.



-Andrew











From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alex
 Alborzfard
Sent: Monday, August 14, 2006 1:24
PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] LDAP
Logon Name





That was exactly the same as HP
documentation. Ill try your filter and will post the result.



Thanks





Alex











From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Matheesha Weerasinghe
Sent: Monday, August 14, 2006 1:43
PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] LDAP
Logon Name







I assume you need a filter such as ((objectcategory=person)(objectclass=user)(displayname=phelps,k*))












I optimised the user object search and put a opening bracket when
specifying the displayname.











M@







On 8/14/06, Matheesha
Weerasinghe [EMAIL PROTECTED]
wrote: 





Your ldap filter doesnt look correct.















M@











On 8/14/06, Alex Alborzfard [EMAIL PROTECTED]
 wrote: 

According to product documentation, I have to configure embedded ldap
authentication. Apparently this printer has an Embedded Web Server 
(EWS).
However, when I follow the documentation, using ldp tool, it fails when
trying to query ldap. The message I get is this:

***Searching...
ldap_search_s(ld, DC=pharmanet,DC=com, 2,
((objectclass=person)displayname=phelps,k*)),
NULL,0, msg)
Error: Search: Filter Error. 87
Server error:
Error94: ldap_parse_result failed: No result present in message
Getting 0 entries:

I connect to ldp as member of Domain Admins and Schema Admins, with the
same result.

Any ideas?

Alex

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
On Behalf Of Tomasz Onyszko 
Sent: Wednesday, August 09, 2006 3:05 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] LDAP Logon Name 

Alex Alborzfard wrote:
 We have a HP printer/scanner that we want to setup for emailing 
scanned
 documents.

 Management wants to ensure only domain users with email addresses can
do
 this.

 There is an option for setting up LDAP gateway, where you can set user 

 name  password up.

 It's asking for LDAP logonname. I have tried my user name and account 
 anme, but it didn't work.

 I looked it up in ADSIedit, but I couldn't find it. 

I think that simplest way would be to refer to product documentation but

I would try to use DN, or CN (in CN=... format) of this user. 

--
Tomasz Onyszko
http://www.w2k.pl/blog/ -
(PL)
http://blogs.dirteam.com/blogs/tomek/
- (EN)
List info : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
List info : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx

Re: [ActiveDir] LDAP Logon Name

2006-08-14 Thread Matheesha Weerasinghe 

All I did was fix your query. It seemed like you were trying to do a
search for users who have phelps,k as the start of their
displayname.

I assume the printer wants a DN to do lookups. Any AD user should be
able to bind. But I dont know what it does with the bind credentials.
I've never configured a printer that needed to be given credentials to
an LDAP directory. Does it look at who submitted the job and do a
query for the persons email address and send them an email that its
done? I dont know.

You need to tell us how the LDAP credentials are going to be used by
the printer. Otherwise it may appear that we are not helpful. Which, I
well may be not ;-)

Sorry

M@



On 8/14/06, Alex Alborzfard [EMAIL PROTECTED] wrote:






Logon ID? Most likely the DN, but I need an account that can do the bind.

Per HP documentation after running the search, I am supposed to find the search 
prefix, which should begin after the individual user's CN.

This is the example right from documentation:



 Dn: [EMAIL PROTECTED],OU=US,OU=Users,OU=Account,DC=americas,DC=cpqcorp,DC=net



I tried M@'s query, it worked…well kind of…it didn't generate an error, but got 
0 entries on Matched DNs L

I also tried your tree view suggestion, but that didn't give me anything I 
could use for this printer.

I don't see anything even close to it. I'm beginning to HATE LDAP and HP both!!!




Alex






From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick
Sent: Monday, August 14, 2006 1:53 PM

To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] LDAP Logon Name




To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] LDAP Logon Name








Agreed. But does your printer search for the logon ID? I doubt it.  Most LDAP 
authentication (I HATE that term) will use the DN of the user: 
cn=user,cn=users,dc=domain,dc=com would be default.







From there it should be able to lookup the mail address in the directory.





You should specify the service account it will use to bind to the directory and 
the password and it should be fine from there.  To see that information, use 
ldp, and rather than search, use the tree view and navigate to it. (note: when 
the tree asks you for a dn value, leave it blank and press OK.)





Al












On 8/14/06, Matheesha Weerasinghe [EMAIL PROTECTED] wrote:



Your ldap filter doesnt look correct.






M@





On 8/14/06, Alex Alborzfard [EMAIL PROTECTED]  wrote:

According to product documentation, I have to configure embedded ldap
authentication. Apparently this printer has an Embedded Web Server
(EWS).
However, when I follow the documentation, using ldp tool, it fails when
trying to query ldap. The message I get is this:

***Searching...
ldap_search_s(ld, DC=pharmanet,DC=com, 2,
((objectclass=person)displayname=phelps,k*)), NULL,  0, msg)
Error: Search: Filter Error. 87
Server error:
Error94: ldap_parse_result failed: No result present in message
Getting 0 entries:

I connect to ldp as member of Domain Admins and Schema Admins, with the
same result.

Any ideas?

Alex

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tomasz Onyszko
Sent: Wednesday, August 09, 2006 3:05 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] LDAP Logon Name

Alex Alborzfard wrote:
 We have a HP printer/scanner that we want to setup for emailing
scanned
 documents.

 Management wants to ensure only domain users with email addresses can
do
 this.

 There is an option for setting up LDAP gateway, where you can set user

 name  password up.

 It's asking for LDAP logonname. I have tried my user name and account
 anme, but it didn't work.

 I looked it up in ADSIedit, but I couldn't find it.

I think that simplest way would be to refer to product documentation but

I would try to use DN, or CN (in CN=... format) of this user.

--
Tomasz Onyszko
http://www.w2k.pl/blog/ - (PL)
http://blogs.dirteam.com/blogs/tomek/ - (EN)
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx

RE: [ActiveDir] LDAP Logon Name

2006-08-14 Thread Alex Alborzfard 
No you are definitely helpful. My best guess is that the printer wants to make 
sure you have a valid user account in AD, before letting you can fire off an 
email from it.

Reading further on HP LDAP doc, at LDAP Authentication configuration page, it 
instructs to: 

-Input cn into the Match the name entered with the LDAP attribute of field.
 -Find the device user email address in the LDP trace. Copy the attribute 
defining the email address.
(A screenshot of ldp query result is shown as: 1mail:[EMAIL PROTECTED];
-Paste the attribute into the Retrieve the device user's email address using 
attribute of box
-Find the device user display name in the LDP trace. Copy the attribute 
defining the display name.
(A screenshot of ldp query result is shown as: 1displayName:Phelps,K
-Paste the attribute into the Retrieve the device and name using the attribute 
of box.
- Click Test LDAP Authentication. Input your username and password.

And this is just the first part. I save you the authentication manager 
configuration part. Hopefully this will give you an idea of what the heck they 
want!

Thanks

Alex

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matheesha 
Weerasinghe
Sent: Monday, August 14, 2006 3:47 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] LDAP Logon Name

All I did was fix your query. It seemed like you were trying to do a
search for users who have phelps,k as the start of their
displayname.

I assume the printer wants a DN to do lookups. Any AD user should be
able to bind. But I dont know what it does with the bind credentials.
I've never configured a printer that needed to be given credentials to
an LDAP directory. Does it look at who submitted the job and do a
query for the persons email address and send them an email that its
done? I dont know.

You need to tell us how the LDAP credentials are going to be used by
the printer. Otherwise it may appear that we are not helpful. Which, I
well may be not ;-)

Sorry

M@



On 8/14/06, Alex Alborzfard [EMAIL PROTECTED] wrote:





 Logon ID? Most likely the DN, but I need an account that can do the bind.

 Per HP documentation after running the search, I am supposed to find the 
 search prefix, which should begin after the individual user's CN.

 This is the example right from documentation:



  Dn: [EMAIL 
  PROTECTED],OU=US,OU=Users,OU=Account,DC=americas,DC=cpqcorp,DC=net



 I tried M@'s query, it worked…well kind of…it didn't generate an error, but 
 got 0 entries on Matched DNs L

 I also tried your tree view suggestion, but that didn't give me anything I 
 could use for this printer.

 I don't see anything even close to it. I'm beginning to HATE LDAP and HP 
 both!!!




 Alex

 


 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick
 Sent: Monday, August 14, 2006 1:53 PM

 To: ActiveDir@mail.activedir.org
 Subject: Re: [ActiveDir] LDAP Logon Name




 To: ActiveDir@mail.activedir.org
 Subject: Re: [ActiveDir] LDAP Logon Name








 Agreed. But does your printer search for the logon ID? I doubt it.  Most LDAP 
 authentication (I HATE that term) will use the DN of the user: 
 cn=user,cn=users,dc=domain,dc=com would be default.







 From there it should be able to lookup the mail address in the directory.





 You should specify the service account it will use to bind to the directory 
 and the password and it should be fine from there.  To see that information, 
 use ldp, and rather than search, use the tree view and navigate to it. (note: 
 when the tree asks you for a dn value, leave it blank and press OK.)





 Al












 On 8/14/06, Matheesha Weerasinghe [EMAIL PROTECTED] wrote:



 Your ldap filter doesnt look correct.






 M@





 On 8/14/06, Alex Alborzfard [EMAIL PROTECTED]  wrote:

 According to product documentation, I have to configure embedded ldap
 authentication. Apparently this printer has an Embedded Web Server
 (EWS).
 However, when I follow the documentation, using ldp tool, it fails when
 trying to query ldap. The message I get is this:

 ***Searching...
 ldap_search_s(ld, DC=pharmanet,DC=com, 2,
 ((objectclass=person)displayname=phelps,k*)), NULL,  0, msg)
 Error: Search: Filter Error. 87
 Server error:
 Error94: ldap_parse_result failed: No result present in message
 Getting 0 entries:

 I connect to ldp as member of Domain Admins and Schema Admins, with the
 same result.

 Any ideas?

 Alex

 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of Tomasz Onyszko
 Sent: Wednesday, August 09, 2006 3:05 PM
 To: ActiveDir@mail.activedir.org
 Subject: Re: [ActiveDir] LDAP Logon Name

 Alex Alborzfard wrote:
  We have a HP printer/scanner that we want to setup for emailing
 scanned
  documents.
 
  Management wants to ensure only domain users with email addresses can
 do
  this.
 
  There is an option for setting up LDAP gateway, where you can set user

  name  password

Re: [ActiveDir] LDAP Logon Name

2006-08-14 Thread Matheesha Weerasinghe 

I took a quick look at the 9100C manual. It looks like it offers the
ldap search facility to get a list email addresses you want to send
the attachment to. So you'd scan the doc, it'll make an attachment and
send to an email address list obtained by an ldap query. You could
also use the address books on the printer or type the destinations
manually.

Obviously in order to do the ldap query, it may need credentials.The
credentials are almost certaintly in DN format as Al said. Else it
does it anonymously.

Check the address book feature. I think most people will probably
rather type destinations manually than do ldap searches ;-)

M@

On 8/14/06, Alex Alborzfard [EMAIL PROTECTED] wrote:

No you are definitely helpful. My best guess is that the printer wants to make 
sure you have a valid user account in AD, before letting you can fire off an 
email from it.

Reading further on HP LDAP doc, at LDAP Authentication configuration page, it 
instructs to:

-Input cn into the Match the name entered with the LDAP attribute of field.
 -Find the device user email address in the LDP trace. Copy the attribute 
defining the email address.
(A screenshot of ldp query result is shown as: 1mail:[EMAIL PROTECTED];
-Paste the attribute into the Retrieve the device user's email address using 
attribute of box
-Find the device user display name in the LDP trace. Copy the attribute 
defining the display name.
(A screenshot of ldp query result is shown as: 1displayName:Phelps,K
-Paste the attribute into the Retrieve the device and name using the attribute 
of box.
- Click Test LDAP Authentication. Input your username and password.

And this is just the first part. I save you the authentication manager 
configuration part. Hopefully this will give you an idea of what the heck they 
want!

Thanks

Alex

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matheesha 
Weerasinghe
Sent: Monday, August 14, 2006 3:47 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] LDAP Logon Name

All I did was fix your query. It seemed like you were trying to do a
search for users who have phelps,k as the start of their
displayname.

I assume the printer wants a DN to do lookups. Any AD user should be
able to bind. But I dont know what it does with the bind credentials.
I've never configured a printer that needed to be given credentials to
an LDAP directory. Does it look at who submitted the job and do a
query for the persons email address and send them an email that its
done? I dont know.

You need to tell us how the LDAP credentials are going to be used by
the printer. Otherwise it may appear that we are not helpful. Which, I
well may be not ;-)

Sorry

M@



On 8/14/06, Alex Alborzfard [EMAIL PROTECTED] wrote:





 Logon ID? Most likely the DN, but I need an account that can do the bind.

 Per HP documentation after running the search, I am supposed to find the 
search prefix, which should begin after the individual user's CN.

 This is the example right from documentation:



  Dn: [EMAIL 
PROTECTED],OU=US,OU=Users,OU=Account,DC=americas,DC=cpqcorp,DC=net



 I tried M@'s query, it worked…well kind of…it didn't generate an error, but 
got 0 entries on Matched DNs L

 I also tried your tree view suggestion, but that didn't give me anything I 
could use for this printer.

 I don't see anything even close to it. I'm beginning to HATE LDAP and HP 
both!!!




 Alex

 


 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick
 Sent: Monday, August 14, 2006 1:53 PM

 To: ActiveDir@mail.activedir.org
 Subject: Re: [ActiveDir] LDAP Logon Name




 To: ActiveDir@mail.activedir.org
 Subject: Re: [ActiveDir] LDAP Logon Name








 Agreed. But does your printer search for the logon ID? I doubt it.  Most LDAP 
authentication (I HATE that term) will use the DN of the user: 
cn=user,cn=users,dc=domain,dc=com would be default.







 From there it should be able to lookup the mail address in the directory.





 You should specify the service account it will use to bind to the directory 
and the password and it should be fine from there.  To see that information, use 
ldp, and rather than search, use the tree view and navigate to it. (note: when the 
tree asks you for a dn value, leave it blank and press OK.)





 Al












 On 8/14/06, Matheesha Weerasinghe [EMAIL PROTECTED] wrote:



 Your ldap filter doesnt look correct.






 M@





 On 8/14/06, Alex Alborzfard [EMAIL PROTECTED]  wrote:

 According to product documentation, I have to configure embedded ldap
 authentication. Apparently this printer has an Embedded Web Server
 (EWS).
 However, when I follow the documentation, using ldp tool, it fails when
 trying to query ldap. The message I get is this:

 ***Searching...
 ldap_search_s(ld, DC=pharmanet,DC=com, 2,
 ((objectclass=person)displayname=phelps,k*)), NULL,  0, msg)
 Error: Search: Filter Error. 87
 Server error:
 Error94: ldap_parse_result

[ActiveDir] LDAP Logon Name

2006-08-09 Thread Alex Alborzfard 








We have a HP printer/scanner that we want
to setup for emailing scanned documents.

Management wants to ensure only domain
users with email addresses can do this. 

There is an option for setting up LDAP
gateway, where you can set user name  password up.

Its asking for LDAP logonname. I
have tried my user name and account anme, but it didnt work. 

I looked it up in ADSIedit, but I couldnt
find it.



Can this be perhaps be done on the
Exchange side (there is also a setting for SMTP gateway)?



TIA





Alex

Re: [ActiveDir] LDAP Logon Name

2006-08-09 Thread Tomasz Onyszko 

Alex Alborzfard wrote:
We have a HP printer/scanner that we want to setup for emailing scanned 
documents.


Management wants to ensure only domain users with email addresses can do 
this.


There is an option for setting up LDAP gateway, where you can set user 
name  password up.


It’s asking for LDAP logonname. I have tried my user name and account 
anme, but it didn’t work.


I looked it up in ADSIedit, but I couldn’t find it.


I think that simplest way would be to refer to product documentation but 
I would try to use DN, or CN (in CN=... format) of this user.


--
Tomasz Onyszko
http://www.w2k.pl/blog/ - (PL)
http://blogs.dirteam.com/blogs/tomek/ - (EN)
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx