Re: [ActiveDir] LDAP Logon Name
Not quite. You need to escape the comma like so: ((objectCategory=person)(objectClass=user)(displayName=phelps\, k*)) --Paul - Original Message - From: Matheesha Weerasinghe [EMAIL PROTECTED] To: ActiveDir@mail.activedir.org Sent: Monday, August 14, 2006 8:46 PM Subject: Re: [ActiveDir] LDAP Logon Name All I did was fix your query. It seemed like you were trying to do a search for users who have phelps,k as the start of their displayname. I assume the printer wants a DN to do lookups. Any AD user should be able to bind. But I dont know what it does with the bind credentials. I've never configured a printer that needed to be given credentials to an LDAP directory. Does it look at who submitted the job and do a query for the persons email address and send them an email that its done? I dont know. You need to tell us how the LDAP credentials are going to be used by the printer. Otherwise it may appear that we are not helpful. Which, I well may be not ;-) Sorry M@ On 8/14/06, Alex Alborzfard [EMAIL PROTECTED] wrote: Logon ID? Most likely the DN, but I need an account that can do the bind. Per HP documentation after running the search, I am supposed to find the search prefix, which should begin after the individual user's CN. This is the example right from documentation: Dn: [EMAIL PROTECTED],OU=US,OU=Users,OU=Account,DC=americas,DC=cpqcorp,DC=net I tried M@'s query, it worked…well kind of…it didn't generate an error, but got 0 entries on Matched DNs L I also tried your tree view suggestion, but that didn't give me anything I could use for this printer. I don't see anything even close to it. I'm beginning to HATE LDAP and HP both!!! Alex From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick Sent: Monday, August 14, 2006 1:53 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] LDAP Logon Name To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] LDAP Logon Name Agreed. But does your printer search for the logon ID? I doubt it. Most LDAP authentication (I HATE that term) will use the DN of the user: cn=user,cn=users,dc=domain,dc=com would be default. From there it should be able to lookup the mail address in the directory. You should specify the service account it will use to bind to the directory and the password and it should be fine from there. To see that information, use ldp, and rather than search, use the tree view and navigate to it. (note: when the tree asks you for a dn value, leave it blank and press OK.) Al On 8/14/06, Matheesha Weerasinghe [EMAIL PROTECTED] wrote: Your ldap filter doesnt look correct. M@ On 8/14/06, Alex Alborzfard [EMAIL PROTECTED] wrote: According to product documentation, I have to configure embedded ldap authentication. Apparently this printer has an Embedded Web Server (EWS). However, when I follow the documentation, using ldp tool, it fails when trying to query ldap. The message I get is this: ***Searching... ldap_search_s(ld, DC=pharmanet,DC=com, 2, ((objectclass=person)displayname=phelps,k*)), NULL, 0, msg) Error: Search: Filter Error. 87 Server error: Error94: ldap_parse_result failed: No result present in message Getting 0 entries: I connect to ldp as member of Domain Admins and Schema Admins, with the same result. Any ideas? Alex -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tomasz Onyszko Sent: Wednesday, August 09, 2006 3:05 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] LDAP Logon Name Alex Alborzfard wrote: We have a HP printer/scanner that we want to setup for emailing scanned documents. Management wants to ensure only domain users with email addresses can do this. There is an option for setting up LDAP gateway, where you can set user name password up. It's asking for LDAP logonname. I have tried my user name and account anme, but it didn't work. I looked it up in ADSIedit, but I couldn't find it. I think that simplest way would be to refer to product documentation but I would try to use DN, or CN (in CN=... format) of this user. -- Tomasz Onyszko http://www.w2k.pl/blog/ - (PL) http://blogs.dirteam.com/blogs/tomek/ - (EN) List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx .+-wm ibb+ڲKE0+v*?.+-jq.+-j!irدyثi List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
Re: [ActiveDir] LDAP Logon Name
You need to escape the comma, as a comma is a delimiter and in the case of displayName it shouldn't be a delimiter: ((objectCategory=person)(objectClass=user)(displayName=phelps\, k*)) I've not read the whole thread, so can't discuss whether or not this is the best way to do what you want. I will say I feel for you re. the HP documentation. I had some fun getting the AD iLO integration stuff to work because the guide wasn't very helpful at explaining what format and syntax things wanted. I found the help on the administration pages better, and simply tried a number of things that I thought should work. --Paul - Original Message - From: Alex Alborzfard To: ActiveDir@mail.activedir.org Sent: Monday, August 14, 2006 8:22 PM Subject: RE: [ActiveDir] LDAP Logon Name Good catch, but the corrected query still didnt work! L Alex From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andrew CaceSent: Monday, August 14, 2006 2:50 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] LDAP Logon Name In the error below, the LDAP filter is "((objectclass=person)displayname=phelps,k*))". You missed the opening parenthesis before displayname. -Andrew From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alex AlborzfardSent: Monday, August 14, 2006 1:24 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] LDAP Logon Name That was exactly the same as HP documentation. Ill try your filter and will post the result. Thanks Alex From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matheesha WeerasingheSent: Monday, August 14, 2006 1:43 PMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] LDAP Logon Name I assume you need a filter such as "((objectcategory=person)(objectclass=user)(displayname=phelps,k*))" I optimised the user object search and put a opening bracket when specifying the displayname. M@ On 8/14/06, Matheesha Weerasinghe [EMAIL PROTECTED] wrote: Your ldap filter doesnt look correct. M@ On 8/14/06, Alex Alborzfard [EMAIL PROTECTED] wrote: According to product documentation, I have to configure embedded ldapauthentication. Apparently this printer has an Embedded Web Server (EWS).However, when I follow the documentation, using ldp tool, it fails whentrying to query ldap. The message I get is this:***Searching...ldap_search_s(ld, "DC=pharmanet,DC=com", 2,"((objectclass=person)displayname=phelps,k*))", NULL,0, msg)Error: Search: Filter Error. 87Server error:Error94: ldap_parse_result failed: No result present in messageGetting 0 entries:I connect to ldp as member of Domain Admins and Schema Admins, with thesame result.Any ideas?Alex-Original Message-From: [EMAIL PROTECTED][mailto:[EMAIL PROTECTED]] On Behalf Of Tomasz Onyszko Sent: Wednesday, August 09, 2006 3:05 PMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] LDAP Logon Name Alex Alborzfard wrote: We have a HP printer/scanner that we want to setup for emailing scanned documents. Management wants to ensure only domain users with email addresses cando this. There is an option for setting up LDAP gateway, where you can set user name password up. It's asking for LDAP logonname. I have tried my user name and account anme, but it didn't work. I looked it up in ADSIedit, but I couldn't find it. I think that simplest way would be to refer to product documentation butI would try to use DN, or CN (in CN=... format) of this user. --Tomasz Onyszkohttp://www.w2k.pl/blog/ - (PL)http://blogs.dirteam.com/blogs/tomek/ - (EN)List info : http://www.activedir.org/List.aspxList FAQ: http://www.activedir.org/ListFAQ.aspxList archive: http://www.activedir.org/ml/threads.aspxList info : http://www.activedir.org/List.aspxList FAQ: http://www.activedir.org/ListFAQ.aspxList archive: http://www.activedir.org/ml/threads.aspx
Re: [ActiveDir] LDAP Logon Name
Thanks Paul M@ On 8/17/06, Paul Williams [EMAIL PROTECTED] wrote: You need to escape the comma, as a comma is a delimiter and in the case of displayName it shouldn't be a delimiter: ((objectCategory=person)(objectClass=user)(displayName=phelps\, k*)) I've not read the whole thread, so can't discuss whether or not this is the best way to do what you want. I will say I feel for you re. the HP documentation. I had some fun getting the AD iLO integration stuff to work because the guide wasn't very helpful at explaining what format and syntax things wanted. I found the help on the administration pages better, and simply tried a number of things that I thought should work. --Paul - Original Message - From: Alex Alborzfard To: ActiveDir@mail.activedir.org Sent: Monday, August 14, 2006 8:22 PM Subject: RE: [ActiveDir] LDAP Logon Name Good catch, but the corrected query still didn't work! L Alex From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andrew Cace Sent: Monday, August 14, 2006 2:50 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] LDAP Logon Name In the error below, the LDAP filter is ((objectclass=person)displayname=phelps,k*)). You missed the opening parenthesis before displayname. -Andrew From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alex Alborzfard Sent: Monday, August 14, 2006 1:24 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] LDAP Logon Name That was exactly the same as HP documentation. I'll try your filter and will post the result. Thanks Alex From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matheesha Weerasinghe Sent: Monday, August 14, 2006 1:43 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] LDAP Logon Name I assume you need a filter such as ((objectcategory=person)(objectclass=user)(displayname=phelps,k*)) I optimised the user object search and put a opening bracket when specifying the displayname. M@ On 8/14/06, Matheesha Weerasinghe [EMAIL PROTECTED] wrote: Your ldap filter doesnt look correct. M@ On 8/14/06, Alex Alborzfard [EMAIL PROTECTED] wrote: According to product documentation, I have to configure embedded ldap authentication. Apparently this printer has an Embedded Web Server (EWS). However, when I follow the documentation, using ldp tool, it fails when trying to query ldap. The message I get is this: ***Searching... ldap_search_s(ld, DC=pharmanet,DC=com, 2, ((objectclass=person)displayname=phelps,k*)), NULL, 0, msg) Error: Search: Filter Error. 87 Server error: Error94: ldap_parse_result failed: No result present in message Getting 0 entries: I connect to ldp as member of Domain Admins and Schema Admins, with the same result. Any ideas? Alex -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tomasz Onyszko Sent: Wednesday, August 09, 2006 3:05 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] LDAP Logon Name Alex Alborzfard wrote: We have a HP printer/scanner that we want to setup for emailing scanned documents. Management wants to ensure only domain users with email addresses can do this. There is an option for setting up LDAP gateway, where you can set user name password up. It's asking for LDAP logonname. I have tried my user name and account anme, but it didn't work. I looked it up in ADSIedit, but I couldn't find it. I think that simplest way would be to refer to product documentation but I would try to use DN, or CN (in CN=... format) of this user. -- Tomasz Onyszko http://www.w2k.pl/blog/ - (PL) http://blogs.dirteam.com/blogs/tomek/ - (EN) List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
RE: [ActiveDir] LDAP Logon Name
I'm sorry small correction... You have two different things you have to worry about special characters in, DNs andSearch Filters. They have different sets of characters you need to worry about and also have twodifferent methods of escaping the characters. In DNs you escape special characters by a preceding back slash, note from RFC 2253: If the UTF-8 string does not have any of the following characters which need escaping, then that string can be used as the string representation of the value. o a space or "#" character occurring at the beginning of the string o a space character occurring at the end of the string o one of the characters ",", "+", """, "\", "", "" or ";" Implementations MAY escape other characters. If a character to be escaped is one of the list shown above, then it is prefixed by a backslash ('\' ASCII 92). Otherwise the character to be escaped is replaced by a backslash and two hex digits, which form a single byte in the code of the character. As you can see, commas are clearly listed as a character that needs to be escaped and this is obvious as Paul mentioned, it is a delimitr. It is used to delimit the DN into its individual RDNs. In Search Filters, you have slightly different rules as indicated in RFC 2254: If a value should contain any of the following characters Character ASCII value --- * 0x2a ( 0x28 ) 0x29 \ 0x5c NUL 0x00 the character must be encoded as the backslash '\' character (ASCII 0x5c) followed by the two hexadecimal digits representing the ASCII value of the encoded character. The case of the two hexadecimal digits is not significant. This simple escaping mechanism eliminates filter-parsing ambiguities and allows any filter that can be represented in LDAP to be represented as a NUL-terminated string. Other characters besides the ones listed above may be escaped using this mechanism, for example, non-printing characters. For example, the filter checking whether the "cn" attribute contained a value with the character "*" anywhere in it would be represented as "(cn=*\2a*)". Note that although both the substring and present productions in the grammar above can produce the "attr=*" construct, this construct is used only to denote a presence filter. As you can see, commas are not normally a character that needs to be escaped in a filter. However, they will, because of RFC2253 have to be escaped for any attributes with a DNbased attribute syntax (i.e. if you stuff a DN into a string value, you wouldn't need to escape it, but if you stuff it into a DN attribute you would). If you truly were going to escape a comma for a filter reason, the escape sequence would be \2c I believe. To further complicate the matter, putting that slash in front of the comma when it isn't required for a DN will cause the filter to not properly match. [Thu 08/17/2006 10:01:46.40]F:\DEV\cpp\eventiddmpadfind -default -f "displayname=user, test" -dn AdFind V01.31.00cpp Joe Richards ([EMAIL PROTECTED]) March 2006 Using server: r2dc2.test.loc:389Directory: Windows Server 2003Base DN: DC=test,DC=loc dn:CN=user\, test,OU=Users,OU=TestOU,DC=test,DC=loc 1 Objects returned [Thu 08/17/2006 10:01:48.69]F:\DEV\cpp\eventiddmpadfind -default -f "displayname=user\, test" -dn AdFind V01.31.00cpp Joe Richards ([EMAIL PROTECTED]) March 2006 Using server: r2dc2.test.loc:389Directory: Windows Server 2003Base DN: DC=test,DC=loc 0 Objects returned So the upshot, if your queryhas a DN in it and being compared against a DN syntax attribute say like member or memberof, then you need to escape any extraneous commas. Otherwise, leave the commas alone. This one of the reasons why DNs should be based on very simple ascii characters. If using full blown GUI tools they will "usually" handle this stuff for you so you don't have to worry, but lower level tools and command line tools won't usually guide you as much. joe -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Paul WilliamsSent: Thursday, August 17, 2006 4:30 AMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] LDAP Logon Name You need to escape the comma, as a comma is a delimiter and in the case of displayName it shouldn't be a delimiter: ((objectCategory=person)(objectClass=user)(displayName=phelps\, k*)) I've not read the whole thread, so can't discuss whether or not this is the best way to do what you want. I will say I feel for you re. the HP documentation. I had some fun getting the AD iLO integration stuff to work because the guide wasn't very helpful at explaining what format and syntax things wanted. I found the help on the administration pages better, and simply tri
Re: [ActiveDir] LDAP Logon Name
Hmm... got a blank message again. Hopefully this is not a repeat then. Bind DN: The dn of the account to bind to the AD so you can search for users. User Search: if you try to search by assuming (shame on them for not explaining it better) that your display name and your cn would be close to matching, then shame on HP for such small thinking. That is the default if you use the active directory users and computers tools. However, anyone who has a more mature process and doesn't like unnatural contortionist moves to be able to find things in directories will tell you, you'll have your cn equal to something that's unique and doesn't have any escape characters. If you use the display name, you'll have escape characters so that makes that tough. If, and this is a big IF, you have your mailbox alias, samaccountname (NT logon id), and your cn match, then your search might be a heck of a lot easier. If those are not lined up, then please see the part about the big IF for a better explanation. It's applications like these that have driven me to conclude that those field should match and should be a globally unique id. Having them be domain specific, won't be enough, and forest specific won't be enough either if you ever decide to follow Microsoft's latest idea about multiple forests on a corporate network. ;) That's because when the identities collide, there will be issues. And that would be a bad thing to try and work out because users hate it when you mess with their identity. Ugly things happen in that situation more often than not and it's a shame because they can be avoided so easily IMHO. Al On 8/14/06, Matheesha Weerasinghe [EMAIL PROTECTED] wrote:
RE: [ActiveDir] LDAP Logon Name
According to product documentation, I have to configure embedded ldap authentication. Apparently this printer has an Embedded Web Server (EWS). However, when I follow the documentation, using ldp tool, it fails when trying to query ldap. The message I get is this: ***Searching... ldap_search_s(ld, DC=pharmanet,DC=com, 2, ((objectclass=person)displayname=phelps,k*)), NULL, 0, msg) Error: Search: Filter Error. 87 Server error: Error94: ldap_parse_result failed: No result present in message Getting 0 entries: I connect to ldp as member of Domain Admins and Schema Admins, with the same result. Any ideas? Alex -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tomasz Onyszko Sent: Wednesday, August 09, 2006 3:05 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] LDAP Logon Name Alex Alborzfard wrote: We have a HP printer/scanner that we want to setup for emailing scanned documents. Management wants to ensure only domain users with email addresses can do this. There is an option for setting up LDAP gateway, where you can set user name password up. It's asking for LDAP logonname. I have tried my user name and account anme, but it didn't work. I looked it up in ADSIedit, but I couldn't find it. I think that simplest way would be to refer to product documentation but I would try to use DN, or CN (in CN=... format) of this user. -- Tomasz Onyszko http://www.w2k.pl/blog/ - (PL) http://blogs.dirteam.com/blogs/tomek/ - (EN) List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
Re: [ActiveDir] LDAP Logon Name
Your ldap filter doesnt look correct. M@ On 8/14/06, Alex Alborzfard [EMAIL PROTECTED] wrote: According to product documentation, I have to configure embedded ldapauthentication. Apparently this printer has an Embedded Web Server (EWS).However, when I follow the documentation, using ldp tool, it fails whentrying to query ldap. The message I get is this:***Searching...ldap_search_s(ld, DC=pharmanet,DC=com, 2, ((objectclass=person)displayname=phelps,k*)), NULL,0, msg)Error: Search: Filter Error. 87Server error:Error94: ldap_parse_result failed: No result present in message Getting 0 entries:I connect to ldp as member of Domain Admins and Schema Admins, with thesame result.Any ideas?Alex-Original Message-From: [EMAIL PROTECTED][mailto:[EMAIL PROTECTED]] On Behalf Of Tomasz OnyszkoSent: Wednesday, August 09, 2006 3:05 PMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] LDAP Logon NameAlex Alborzfard wrote: We have a HP printer/scanner that we want to setup for emailing scanned documents. Management wants to ensure only domain users with email addresses cando this. There is an option for setting up LDAP gateway, where you can set user name password up. It's asking for LDAP logonname. I have tried my user name and account anme, but it didn't work. I looked it up in ADSIedit, but I couldn't find it. I think that simplest way would be to refer to product documentation butI would try to use DN, or CN (in CN=... format) of this user.--Tomasz Onyszkohttp://www.w2k.pl/blog/ - (PL)http://blogs.dirteam.com/blogs/tomek/ - (EN)List info : http://www.activedir.org/List.aspxList FAQ: http://www.activedir.org/ListFAQ.aspxList archive: http://www.activedir.org/ml/threads.aspxList info : http://www.activedir.org/List.aspxList FAQ: http://www.activedir.org/ListFAQ.aspxList archive: http://www.activedir.org/ml/threads.aspx
Re: [ActiveDir] LDAP Logon Name
I assume you need a filter such as ((objectcategory=person)(objectclass=user)(displayname=phelps,k*)) I optimised the user object search and put a opening bracket when specifying the displayname. M@ On 8/14/06, Matheesha Weerasinghe [EMAIL PROTECTED] wrote: Your ldap filter doesnt look correct. M@ On 8/14/06, Alex Alborzfard [EMAIL PROTECTED] wrote: According to product documentation, I have to configure embedded ldapauthentication. Apparently this printer has an Embedded Web Server (EWS).However, when I follow the documentation, using ldp tool, it fails whentrying to query ldap. The message I get is this:***Searching...ldap_search_s(ld, DC=pharmanet,DC=com, 2, ((objectclass=person)displayname=phelps,k*)), NULL,0, msg)Error: Search: Filter Error. 87Server error:Error94: ldap_parse_result failed: No result present in message Getting 0 entries:I connect to ldp as member of Domain Admins and Schema Admins, with thesame result.Any ideas?Alex-Original Message-From: [EMAIL PROTECTED][mailto:[EMAIL PROTECTED]] On Behalf Of Tomasz Onyszko Sent: Wednesday, August 09, 2006 3:05 PMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] LDAP Logon Name Alex Alborzfard wrote: We have a HP printer/scanner that we want to setup for emailing scanned documents. Management wants to ensure only domain users with email addresses can do this. There is an option for setting up LDAP gateway, where you can set user name password up. It's asking for LDAP logonname. I have tried my user name and account anme, but it didn't work. I looked it up in ADSIedit, but I couldn't find it. I think that simplest way would be to refer to product documentation butI would try to use DN, or CN (in CN=... format) of this user. --Tomasz Onyszkohttp://www.w2k.pl/blog/ - (PL) http://blogs.dirteam.com/blogs/tomek/ - (EN)List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspxList archive: http://www.activedir.org/ml/threads.aspxList info : http://www.activedir.org/List.aspxList FAQ: http://www.activedir.org/ListFAQ.aspxList archive: http://www.activedir.org/ml/threads.aspx
Re: [ActiveDir] LDAP Logon Name
Agreed.But does your printer search for the logon ID? I doubt it. Most LDAP authentication (I HATE that term) will use the DN of the user: cn=user,cn=users,dc=domain,dc=com would be default. From there it should be able to lookup the mail address in the directory. You should specify the service account it will use to bind to the directory and the password and it should be fine from there. To see that information, use ldp, and rather than search, use the tree view and navigate to it. (note: when the tree asks you for a dn value, leave it blank and press OK.) Al On 8/14/06, Matheesha Weerasinghe [EMAIL PROTECTED] wrote: Your ldap filter doesnt look correct. M@ On 8/14/06, Alex Alborzfard [EMAIL PROTECTED] wrote: According to product documentation, I have to configure embedded ldapauthentication. Apparently this printer has an Embedded Web Server (EWS).However, when I follow the documentation, using ldp tool, it fails whentrying to query ldap. The message I get is this:***Searching...ldap_search_s(ld, DC=pharmanet,DC=com, 2, ((objectclass=person)displayname=phelps,k*)), NULL,0, msg)Error: Search: Filter Error. 87Server error:Error94: ldap_parse_result failed: No result present in message Getting 0 entries:I connect to ldp as member of Domain Admins and Schema Admins, with thesame result.Any ideas?Alex-Original Message-From: [EMAIL PROTECTED][mailto:[EMAIL PROTECTED]] On Behalf Of Tomasz Onyszko Sent: Wednesday, August 09, 2006 3:05 PMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] LDAP Logon Name Alex Alborzfard wrote: We have a HP printer/scanner that we want to setup for emailing scanned documents. Management wants to ensure only domain users with email addresses can do this. There is an option for setting up LDAP gateway, where you can set user name password up. It's asking for LDAP logonname. I have tried my user name and account anme, but it didn't work. I looked it up in ADSIedit, but I couldn't find it. I think that simplest way would be to refer to product documentation butI would try to use DN, or CN (in CN=... format) of this user. --Tomasz Onyszkohttp://www.w2k.pl/blog/ - (PL) http://blogs.dirteam.com/blogs/tomek/ - (EN)List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspxList archive: http://www.activedir.org/ml/threads.aspxList info : http://www.activedir.org/List.aspxList FAQ: http://www.activedir.org/ListFAQ.aspxList archive: http://www.activedir.org/ml/threads.aspx
RE: [ActiveDir] LDAP Logon Name
That was exactly the same as HP documentation. Ill try your filter and will post the result. Thanks Alex From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matheesha Weerasinghe Sent: Monday, August 14, 2006 1:43 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] LDAP Logon Name I assume you need a filter such as ((objectcategory=person)(objectclass=user)(displayname=phelps,k*)) I optimised the user object search and put a opening bracket when specifying the displayname. M@ On 8/14/06, Matheesha Weerasinghe [EMAIL PROTECTED] wrote: Your ldap filter doesnt look correct. M@ On 8/14/06, Alex Alborzfard [EMAIL PROTECTED] wrote: According to product documentation, I have to configure embedded ldap authentication. Apparently this printer has an Embedded Web Server (EWS). However, when I follow the documentation, using ldp tool, it fails when trying to query ldap. The message I get is this: ***Searching... ldap_search_s(ld, DC=pharmanet,DC=com, 2, ((objectclass=person)displayname=phelps,k*)), NULL,0, msg) Error: Search: Filter Error. 87 Server error: Error94: ldap_parse_result failed: No result present in message Getting 0 entries: I connect to ldp as member of Domain Admins and Schema Admins, with the same result. Any ideas? Alex -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Tomasz Onyszko Sent: Wednesday, August 09, 2006 3:05 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] LDAP Logon Name Alex Alborzfard wrote: We have a HP printer/scanner that we want to setup for emailing scanned documents. Management wants to ensure only domain users with email addresses can do this. There is an option for setting up LDAP gateway, where you can set user name password up. It's asking for LDAP logonname. I have tried my user name and account anme, but it didn't work. I looked it up in ADSIedit, but I couldn't find it. I think that simplest way would be to refer to product documentation but I would try to use DN, or CN (in CN=... format) of this user. -- Tomasz Onyszko http://www.w2k.pl/blog/ - (PL) http://blogs.dirteam.com/blogs/tomek/ - (EN) List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
RE: [ActiveDir] LDAP Logon Name
In the error below, the LDAP filter is ((objectclass=person)displayname=phelps,k*)). You missed the opening parenthesis before displayname. -Andrew From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alex Alborzfard Sent: Monday, August 14, 2006 1:24 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] LDAP Logon Name That was exactly the same as HP documentation. Ill try your filter and will post the result. Thanks Alex From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matheesha Weerasinghe Sent: Monday, August 14, 2006 1:43 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] LDAP Logon Name I assume you need a filter such as ((objectcategory=person)(objectclass=user)(displayname=phelps,k*)) I optimised the user object search and put a opening bracket when specifying the displayname. M@ On 8/14/06, Matheesha Weerasinghe [EMAIL PROTECTED] wrote: Your ldap filter doesnt look correct. M@ On 8/14/06, Alex Alborzfard [EMAIL PROTECTED] wrote: According to product documentation, I have to configure embedded ldap authentication. Apparently this printer has an Embedded Web Server (EWS). However, when I follow the documentation, using ldp tool, it fails when trying to query ldap. The message I get is this: ***Searching... ldap_search_s(ld, DC=pharmanet,DC=com, 2, ((objectclass=person)displayname=phelps,k*)), NULL,0, msg) Error: Search: Filter Error. 87 Server error: Error94: ldap_parse_result failed: No result present in message Getting 0 entries: I connect to ldp as member of Domain Admins and Schema Admins, with the same result. Any ideas? Alex -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Tomasz Onyszko Sent: Wednesday, August 09, 2006 3:05 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] LDAP Logon Name Alex Alborzfard wrote: We have a HP printer/scanner that we want to setup for emailing scanned documents. Management wants to ensure only domain users with email addresses can do this. There is an option for setting up LDAP gateway, where you can set user name password up. It's asking for LDAP logonname. I have tried my user name and account anme, but it didn't work. I looked it up in ADSIedit, but I couldn't find it. I think that simplest way would be to refer to product documentation but I would try to use DN, or CN (in CN=... format) of this user. -- Tomasz Onyszko http://www.w2k.pl/blog/ - (PL) http://blogs.dirteam.com/blogs/tomek/ - (EN) List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
RE: [ActiveDir] LDAP Logon Name
Logon ID? Most likely the DN, but I need an account that can do the bind. Per HP documentation after running the search, I am supposed to find the search prefix, which should begin after the individual users CN. This is the example right from documentation: Dn: [EMAIL PROTECTED],OU=US,OU=Users,OU=Account,DC=americas,DC=cpqcorp,DC=net I tried M@s query, it workedwell kind ofit didnt generate an error, but got 0 entries on Matched DNs L I also tried your tree view suggestion, but that didnt give me anything I could use for this printer. I dont see anything even close to it. Im beginning to HATE LDAP and HP both!!! Alex From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick Sent: Monday, August 14, 2006 1:53 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] LDAP Logon Name Agreed.But does your printer search for the logon ID? I doubt it. Most LDAP authentication (I HATE that term) will use the DN of the user: cn=user,cn=users,dc=domain,dc=com would be default. From there it should be able to lookup the mail address in the directory. You should specify the service account it will use to bind to the directory and the password and it should be fine from there. To see that information, use ldp, and rather than search, use the tree view and navigate to it. (note: when the tree asks you for a dn value, leave it blank and press OK.) Al On 8/14/06, Matheesha Weerasinghe [EMAIL PROTECTED] wrote: Your ldap filter doesnt look correct. M@ On 8/14/06, Alex Alborzfard [EMAIL PROTECTED] wrote: According to product documentation, I have to configure embedded ldap authentication. Apparently this printer has an Embedded Web Server (EWS). However, when I follow the documentation, using ldp tool, it fails when trying to query ldap. The message I get is this: ***Searching... ldap_search_s(ld, DC=pharmanet,DC=com, 2, ((objectclass=person)displayname=phelps,k*)), NULL,0, msg) Error: Search: Filter Error. 87 Server error: Error94: ldap_parse_result failed: No result present in message Getting 0 entries: I connect to ldp as member of Domain Admins and Schema Admins, with the same result. Any ideas? Alex -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Tomasz Onyszko Sent: Wednesday, August 09, 2006 3:05 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] LDAP Logon Name Alex Alborzfard wrote: We have a HP printer/scanner that we want to setup for emailing scanned documents. Management wants to ensure only domain users with email addresses can do this. There is an option for setting up LDAP gateway, where you can set user name password up. It's asking for LDAP logonname. I have tried my user name and account anme, but it didn't work. I looked it up in ADSIedit, but I couldn't find it. I think that simplest way would be to refer to product documentation but I would try to use DN, or CN (in CN=... format) of this user. -- Tomasz Onyszko http://www.w2k.pl/blog/ - (PL) http://blogs.dirteam.com/blogs/tomek/ - (EN) List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
RE: [ActiveDir] LDAP Logon Name
Good catch, but the corrected query still didnt work! L Alex From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andrew Cace Sent: Monday, August 14, 2006 2:50 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] LDAP Logon Name In the error below, the LDAP filter is ((objectclass=person)displayname=phelps,k*)). You missed the opening parenthesis before displayname. -Andrew From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alex Alborzfard Sent: Monday, August 14, 2006 1:24 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] LDAP Logon Name That was exactly the same as HP documentation. Ill try your filter and will post the result. Thanks Alex From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matheesha Weerasinghe Sent: Monday, August 14, 2006 1:43 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] LDAP Logon Name I assume you need a filter such as ((objectcategory=person)(objectclass=user)(displayname=phelps,k*)) I optimised the user object search and put a opening bracket when specifying the displayname. M@ On 8/14/06, Matheesha Weerasinghe [EMAIL PROTECTED] wrote: Your ldap filter doesnt look correct. M@ On 8/14/06, Alex Alborzfard [EMAIL PROTECTED] wrote: According to product documentation, I have to configure embedded ldap authentication. Apparently this printer has an Embedded Web Server (EWS). However, when I follow the documentation, using ldp tool, it fails when trying to query ldap. The message I get is this: ***Searching... ldap_search_s(ld, DC=pharmanet,DC=com, 2, ((objectclass=person)displayname=phelps,k*)), NULL,0, msg) Error: Search: Filter Error. 87 Server error: Error94: ldap_parse_result failed: No result present in message Getting 0 entries: I connect to ldp as member of Domain Admins and Schema Admins, with the same result. Any ideas? Alex -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Tomasz Onyszko Sent: Wednesday, August 09, 2006 3:05 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] LDAP Logon Name Alex Alborzfard wrote: We have a HP printer/scanner that we want to setup for emailing scanned documents. Management wants to ensure only domain users with email addresses can do this. There is an option for setting up LDAP gateway, where you can set user name password up. It's asking for LDAP logonname. I have tried my user name and account anme, but it didn't work. I looked it up in ADSIedit, but I couldn't find it. I think that simplest way would be to refer to product documentation but I would try to use DN, or CN (in CN=... format) of this user. -- Tomasz Onyszko http://www.w2k.pl/blog/ - (PL) http://blogs.dirteam.com/blogs/tomek/ - (EN) List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
Re: [ActiveDir] LDAP Logon Name
All I did was fix your query. It seemed like you were trying to do a search for users who have phelps,k as the start of their displayname. I assume the printer wants a DN to do lookups. Any AD user should be able to bind. But I dont know what it does with the bind credentials. I've never configured a printer that needed to be given credentials to an LDAP directory. Does it look at who submitted the job and do a query for the persons email address and send them an email that its done? I dont know. You need to tell us how the LDAP credentials are going to be used by the printer. Otherwise it may appear that we are not helpful. Which, I well may be not ;-) Sorry M@ On 8/14/06, Alex Alborzfard [EMAIL PROTECTED] wrote: Logon ID? Most likely the DN, but I need an account that can do the bind. Per HP documentation after running the search, I am supposed to find the search prefix, which should begin after the individual user's CN. This is the example right from documentation: Dn: [EMAIL PROTECTED],OU=US,OU=Users,OU=Account,DC=americas,DC=cpqcorp,DC=net I tried M@'s query, it worked…well kind of…it didn't generate an error, but got 0 entries on Matched DNs L I also tried your tree view suggestion, but that didn't give me anything I could use for this printer. I don't see anything even close to it. I'm beginning to HATE LDAP and HP both!!! Alex From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick Sent: Monday, August 14, 2006 1:53 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] LDAP Logon Name To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] LDAP Logon Name Agreed. But does your printer search for the logon ID? I doubt it. Most LDAP authentication (I HATE that term) will use the DN of the user: cn=user,cn=users,dc=domain,dc=com would be default. From there it should be able to lookup the mail address in the directory. You should specify the service account it will use to bind to the directory and the password and it should be fine from there. To see that information, use ldp, and rather than search, use the tree view and navigate to it. (note: when the tree asks you for a dn value, leave it blank and press OK.) Al On 8/14/06, Matheesha Weerasinghe [EMAIL PROTECTED] wrote: Your ldap filter doesnt look correct. M@ On 8/14/06, Alex Alborzfard [EMAIL PROTECTED] wrote: According to product documentation, I have to configure embedded ldap authentication. Apparently this printer has an Embedded Web Server (EWS). However, when I follow the documentation, using ldp tool, it fails when trying to query ldap. The message I get is this: ***Searching... ldap_search_s(ld, DC=pharmanet,DC=com, 2, ((objectclass=person)displayname=phelps,k*)), NULL, 0, msg) Error: Search: Filter Error. 87 Server error: Error94: ldap_parse_result failed: No result present in message Getting 0 entries: I connect to ldp as member of Domain Admins and Schema Admins, with the same result. Any ideas? Alex -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tomasz Onyszko Sent: Wednesday, August 09, 2006 3:05 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] LDAP Logon Name Alex Alborzfard wrote: We have a HP printer/scanner that we want to setup for emailing scanned documents. Management wants to ensure only domain users with email addresses can do this. There is an option for setting up LDAP gateway, where you can set user name password up. It's asking for LDAP logonname. I have tried my user name and account anme, but it didn't work. I looked it up in ADSIedit, but I couldn't find it. I think that simplest way would be to refer to product documentation but I would try to use DN, or CN (in CN=... format) of this user. -- Tomasz Onyszko http://www.w2k.pl/blog/ - (PL) http://blogs.dirteam.com/blogs/tomek/ - (EN) List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
RE: [ActiveDir] LDAP Logon Name
No you are definitely helpful. My best guess is that the printer wants to make sure you have a valid user account in AD, before letting you can fire off an email from it. Reading further on HP LDAP doc, at LDAP Authentication configuration page, it instructs to: -Input cn into the Match the name entered with the LDAP attribute of field. -Find the device user email address in the LDP trace. Copy the attribute defining the email address. (A screenshot of ldp query result is shown as: 1mail:[EMAIL PROTECTED]; -Paste the attribute into the Retrieve the device user's email address using attribute of box -Find the device user display name in the LDP trace. Copy the attribute defining the display name. (A screenshot of ldp query result is shown as: 1displayName:Phelps,K -Paste the attribute into the Retrieve the device and name using the attribute of box. - Click Test LDAP Authentication. Input your username and password. And this is just the first part. I save you the authentication manager configuration part. Hopefully this will give you an idea of what the heck they want! Thanks Alex -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matheesha Weerasinghe Sent: Monday, August 14, 2006 3:47 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] LDAP Logon Name All I did was fix your query. It seemed like you were trying to do a search for users who have phelps,k as the start of their displayname. I assume the printer wants a DN to do lookups. Any AD user should be able to bind. But I dont know what it does with the bind credentials. I've never configured a printer that needed to be given credentials to an LDAP directory. Does it look at who submitted the job and do a query for the persons email address and send them an email that its done? I dont know. You need to tell us how the LDAP credentials are going to be used by the printer. Otherwise it may appear that we are not helpful. Which, I well may be not ;-) Sorry M@ On 8/14/06, Alex Alborzfard [EMAIL PROTECTED] wrote: Logon ID? Most likely the DN, but I need an account that can do the bind. Per HP documentation after running the search, I am supposed to find the search prefix, which should begin after the individual user's CN. This is the example right from documentation: Dn: [EMAIL PROTECTED],OU=US,OU=Users,OU=Account,DC=americas,DC=cpqcorp,DC=net I tried M@'s query, it worked…well kind of…it didn't generate an error, but got 0 entries on Matched DNs L I also tried your tree view suggestion, but that didn't give me anything I could use for this printer. I don't see anything even close to it. I'm beginning to HATE LDAP and HP both!!! Alex From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick Sent: Monday, August 14, 2006 1:53 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] LDAP Logon Name To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] LDAP Logon Name Agreed. But does your printer search for the logon ID? I doubt it. Most LDAP authentication (I HATE that term) will use the DN of the user: cn=user,cn=users,dc=domain,dc=com would be default. From there it should be able to lookup the mail address in the directory. You should specify the service account it will use to bind to the directory and the password and it should be fine from there. To see that information, use ldp, and rather than search, use the tree view and navigate to it. (note: when the tree asks you for a dn value, leave it blank and press OK.) Al On 8/14/06, Matheesha Weerasinghe [EMAIL PROTECTED] wrote: Your ldap filter doesnt look correct. M@ On 8/14/06, Alex Alborzfard [EMAIL PROTECTED] wrote: According to product documentation, I have to configure embedded ldap authentication. Apparently this printer has an Embedded Web Server (EWS). However, when I follow the documentation, using ldp tool, it fails when trying to query ldap. The message I get is this: ***Searching... ldap_search_s(ld, DC=pharmanet,DC=com, 2, ((objectclass=person)displayname=phelps,k*)), NULL, 0, msg) Error: Search: Filter Error. 87 Server error: Error94: ldap_parse_result failed: No result present in message Getting 0 entries: I connect to ldp as member of Domain Admins and Schema Admins, with the same result. Any ideas? Alex -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tomasz Onyszko Sent: Wednesday, August 09, 2006 3:05 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] LDAP Logon Name Alex Alborzfard wrote: We have a HP printer/scanner that we want to setup for emailing scanned documents. Management wants to ensure only domain users with email addresses can do this. There is an option for setting up LDAP gateway, where you can set user name password
Re: [ActiveDir] LDAP Logon Name
I took a quick look at the 9100C manual. It looks like it offers the ldap search facility to get a list email addresses you want to send the attachment to. So you'd scan the doc, it'll make an attachment and send to an email address list obtained by an ldap query. You could also use the address books on the printer or type the destinations manually. Obviously in order to do the ldap query, it may need credentials.The credentials are almost certaintly in DN format as Al said. Else it does it anonymously. Check the address book feature. I think most people will probably rather type destinations manually than do ldap searches ;-) M@ On 8/14/06, Alex Alborzfard [EMAIL PROTECTED] wrote: No you are definitely helpful. My best guess is that the printer wants to make sure you have a valid user account in AD, before letting you can fire off an email from it. Reading further on HP LDAP doc, at LDAP Authentication configuration page, it instructs to: -Input cn into the Match the name entered with the LDAP attribute of field. -Find the device user email address in the LDP trace. Copy the attribute defining the email address. (A screenshot of ldp query result is shown as: 1mail:[EMAIL PROTECTED]; -Paste the attribute into the Retrieve the device user's email address using attribute of box -Find the device user display name in the LDP trace. Copy the attribute defining the display name. (A screenshot of ldp query result is shown as: 1displayName:Phelps,K -Paste the attribute into the Retrieve the device and name using the attribute of box. - Click Test LDAP Authentication. Input your username and password. And this is just the first part. I save you the authentication manager configuration part. Hopefully this will give you an idea of what the heck they want! Thanks Alex -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matheesha Weerasinghe Sent: Monday, August 14, 2006 3:47 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] LDAP Logon Name All I did was fix your query. It seemed like you were trying to do a search for users who have phelps,k as the start of their displayname. I assume the printer wants a DN to do lookups. Any AD user should be able to bind. But I dont know what it does with the bind credentials. I've never configured a printer that needed to be given credentials to an LDAP directory. Does it look at who submitted the job and do a query for the persons email address and send them an email that its done? I dont know. You need to tell us how the LDAP credentials are going to be used by the printer. Otherwise it may appear that we are not helpful. Which, I well may be not ;-) Sorry M@ On 8/14/06, Alex Alborzfard [EMAIL PROTECTED] wrote: Logon ID? Most likely the DN, but I need an account that can do the bind. Per HP documentation after running the search, I am supposed to find the search prefix, which should begin after the individual user's CN. This is the example right from documentation: Dn: [EMAIL PROTECTED],OU=US,OU=Users,OU=Account,DC=americas,DC=cpqcorp,DC=net I tried M@'s query, it worked…well kind of…it didn't generate an error, but got 0 entries on Matched DNs L I also tried your tree view suggestion, but that didn't give me anything I could use for this printer. I don't see anything even close to it. I'm beginning to HATE LDAP and HP both!!! Alex From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick Sent: Monday, August 14, 2006 1:53 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] LDAP Logon Name To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] LDAP Logon Name Agreed. But does your printer search for the logon ID? I doubt it. Most LDAP authentication (I HATE that term) will use the DN of the user: cn=user,cn=users,dc=domain,dc=com would be default. From there it should be able to lookup the mail address in the directory. You should specify the service account it will use to bind to the directory and the password and it should be fine from there. To see that information, use ldp, and rather than search, use the tree view and navigate to it. (note: when the tree asks you for a dn value, leave it blank and press OK.) Al On 8/14/06, Matheesha Weerasinghe [EMAIL PROTECTED] wrote: Your ldap filter doesnt look correct. M@ On 8/14/06, Alex Alborzfard [EMAIL PROTECTED] wrote: According to product documentation, I have to configure embedded ldap authentication. Apparently this printer has an Embedded Web Server (EWS). However, when I follow the documentation, using ldp tool, it fails when trying to query ldap. The message I get is this: ***Searching... ldap_search_s(ld, DC=pharmanet,DC=com, 2, ((objectclass=person)displayname=phelps,k*)), NULL, 0, msg) Error: Search: Filter Error. 87 Server error: Error94: ldap_parse_result
[ActiveDir] LDAP Logon Name
We have a HP printer/scanner that we want to setup for emailing scanned documents. Management wants to ensure only domain users with email addresses can do this. There is an option for setting up LDAP gateway, where you can set user name password up. Its asking for LDAP logonname. I have tried my user name and account anme, but it didnt work. I looked it up in ADSIedit, but I couldnt find it. Can this be perhaps be done on the Exchange side (there is also a setting for SMTP gateway)? TIA Alex
Re: [ActiveDir] LDAP Logon Name
Alex Alborzfard wrote: We have a HP printer/scanner that we want to setup for emailing scanned documents. Management wants to ensure only domain users with email addresses can do this. There is an option for setting up LDAP gateway, where you can set user name password up. It’s asking for LDAP logonname. I have tried my user name and account anme, but it didn’t work. I looked it up in ADSIedit, but I couldn’t find it. I think that simplest way would be to refer to product documentation but I would try to use DN, or CN (in CN=... format) of this user. -- Tomasz Onyszko http://www.w2k.pl/blog/ - (PL) http://blogs.dirteam.com/blogs/tomek/ - (EN) List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx