Home  ›  Parse a Dn for Cn Without Hitting Ad Server Again

Parse a Dn for Cn Without Hitting Ad Server Again

Written By Monday, April 4, 2022 Add Comment Edit

Synchronize user and group details with LDAP

LDAPThe Lightweight Directory Access Protocol (LDAP) is a directory service protocol that runs on a layer to a higher place the TCP/IP stack. It provides a machinery used to connect to, search, and change Cyberspace directories. The LDAP directory service is based on a client-server model. (Lightweight Directory Access Protocol) directories commonly shop data nigh user and groups in an system. One of the nigh common uses of LDAP is to provide single sign-on on a network that comprises multiple platforms and applications. When a network consists of only Windows computers, and then yous tin use an Active Directory domain. But when there is a mix of Windows, Apple and Linux machines then LDAP can provided the single source of user, group and hallmark information. (Information technology is worth noting that both Active Directory and Novell eDirectoryLikewise chosen Netware Directory Services, Novell eDirectory is directory service software that is used to centrally managing access to resources on multiple servers and computers within a network. The eDirectory software is role of the Novell Compliance Direction Platform. implement the LDAP protocol).

PaperCut NG/MF can employ an LDAP directory for user hallmark and every bit a source of user and grouping information. LDAP can either be enabled at installation time, or by changing the user source option after installation. When enabling LDAP, a number of configuration settings must exist specified to let the awarding to connect to the LDAP server.

To synchronize your user information with LDAP:

  • Set the primary sync source

  • Add bill of fare/identity numbers

  • Gear up the secondary sync source (optional)

  • Set up the sync options

Set the master sync source

  1. Select Options > User/Grouping Sync.

    The User/Group Sync page is displayed.

  2. In the Sync Source surface area, in Primary sync source, select LDAP.

  3. Consummate the following fields as required:

    • LDAP Server Type—Determines which LDAP fields are used to get user and grouping data. PaperCut NG/MF supports the following server types:

      • Unix / Open Directory

      • Microsoft Active Directory

      • Novell eDirectory

      All the same, information technology is easy to support other server types by adjusting the LDAP fields PaperCut NG/MF searches. For more information, run into Avant-garde LDAP configuration.

    • LDAP Server Accost—The hostname or IP address of the LDAP server.

    • Use SSLSecure Sockets Layer (SSL) is the standard security applied science for establishing an encrypted link between a spider web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral. The protocol uses a 3rd party, a Certificate Potency (CA), to identify one end or both cease of the transactions. To be able to create an SSL connection a web server requires an SSL certificate. When you choose to activate SSL on your web server you lot will be prompted to complete a number of questions near the identity of your website and your company. Your web server then creates two cryptographic keys - a Private Key and a Public Key. —Indicates if an encrypted SSL connection is used to connect to the LDAP server. The LDAP server requires SSL support to be enabled and should accept connections on the standard LDAPS port 636.

    • Base DN—The Base of operations DN of the LDAP server. This is the equivalent of the "suffix" config setting of the OpenLDAP server. For case, if the domain hosted past the LDAP server is "domain.com", so the Base of operations DN might be DC=domain,DC=com. The format of the Base DN tin can differ significantly depending on configuration. Some older Novell eDirectory installations require a blank Base DN to operate. Some examples:

      DC=myschool,DC=edu,DC=au DC=myorganization,DC=com OU=OrgUnit,DC=domain,DC=com DC=local

    • Admin DN—The DN of the user who has permission to connect to and query the LDAP server. This is typically an administrative user, although information technology tin can be a user that only has read-only access to the LDAP server. An example of the DN of the Administrator user on a Windows Advert domain "domain.com", would be CN=Administrator,CN=Users,DC=domain,DC=com. The exact format of the DN depends on the LDAP server. Some examples:

      • Windows Active Directory: CN=Administrator,CN=Users,DC=domain,DC=com

      • Windows Active Directory (in organizational unit):

        CN=administrator,OU=OrgUnit,DC=domain,DC=com

      • Mac Open Directory: uid=diradmin,CN=users,DC=domain,DC=com

      • Unix Open LDAP: uid=root,DC=domain,DC=com, or uid=ldapadmin,DC=domain,DC=com

      • Novell eDirectory: CN=root,DC=domain,DC=com, or CN=ldapadmin,OU=users,DC=domain,DC=com.

      The Admin DN and password is optional if your LDAP server allows anonymous binds for querying.

    • Admin password—The password for the higher up user.

      TIP

      Some LDAP servers are configured to allow 'bearding' LDAP query access. In these situations, y'all can go out Admin DN and Admin password bare.

  4. Select the users to import:

    • Import all users

    • Import users from selected groups—If yous select the option, click Select Groups; then select the groups/OUs you want to import. This option is useful if the domain contains old users or users who practise non print.

Add card/identity numbers

Menu and ID numbers are used as an alternative to usernames/passwords for authentication at software Release Stations, or at hardware terminals fastened to photocopiers. The card/ID number tin too exist searched in the user quick-find in the User Listing page. See User card and ID numbers for more information.

In PaperCut NG/MF, you tin can acquaintance one or ii unique menu/ID numbers with each user. These are known every bit the primary and secondary card/ID number. You lot can automatically import or generate these card/ID numbers for each user.

Oft card/ID numbers are already assigned by other systems, in which case yous must import these numbers into PaperCut NG/MF from Active Directory or LDAP. Unlike other fields, such as full-name and electronic mail address, there is no standard field used exclusively for card numbers. For this reason PaperCut NG/MF allows specifying the field from which to import the card/ID number.

Y'all can add card/identity numbers in the following ways:

  • Generate random bill of fare/ID numbers

  • Import the card/identity numbers from LDAP

  • Extract the bill of fare/id number from an LDAP/AD field using a regular expression

Generate random card/ID numbers

PaperCut also allows you to generate a random card/ID number for either the primary or secondary card/ID number. To car-generate card numbers:

  1. In the Sync Source area, consummate the post-obit fields:

    • Primary number—select Automobile-generate random ID (if blank).

    • Length—enter the number of digits.

      Curt numbers are easier to remember and faster to primal in, but information technology is also easier to approximate someone else's number. If your number is too short, PaperCut cannot generate sufficient numbers to cover all your users.

  2. Click Utilise.

IMPORTANT

The card/ID number must uniquely place a user, and then you should ensure that no two users have the same card/ID number. Brand sure the card/ID numbers yous have defined in your user source are unique. If PaperCut NG/MF finds a non-unique carte/ID number information technology does not update the user'due south details, and displays a warning in the synchronization results. When generating card/ID numbers, you are asked to specify the length or number of digits you crave in the generated numbers.

Import the carte du jour/identity number from LDAP

LDAP provides a very flexible mode to shop user related information. The fields available depend on LDAP server being used and how that is configured. Many LDAP servers as well let administrators to create custom fields to store boosted custom user information. You should consult your LDAP server's documentation or talk to your LDAP administrator to understand which LDAP field stores the user card/ID number.

NOTE

In the Sync Options area, ensure the Update users' full-proper noun, email, dwelling directory, section and office when synchronizing check box is selected to import card/Id numbers.

  1. In Main number, select Sync from Advertisement/LDAP field.

  2. In Advertisement/LDAP field name, enter the name of the field containing the carte du jour/ID numbers. Past default, PaperCut NG/MF uses the employeeNumber field to retrieve the principal card number. This is a standard LDAP field, but if this is not suitable, you tin choose whatsoever valid LDAP user field.

  3. If required, import the secondary Carte/ID numbers.

    1. In Secondary number, select Sync from AD/LDAP field.

    2. In AD/LDAP field name, enter the name of the field containing the menu/ID numbers.

      NOTE

      If divers, and so the same regular expression that is applied to the commencement card number is applied to the 2nd card also.

Important

It is important to test that the menu numbers are being retrieved correctly. To test the changes, click Exam Settings. If the card number is retrieved correctly, they are listed equally the 4th user field in the exam output.

Extract the bill of fare/id number from an LDAP/AD field using a regular expression

The vast majority of sites store the total card number in a single field in Ad/LDAP. In this situation, yous do not need to use a regular expression (regex) to extract the menu number. A regular expression is required just under some specific circumstances, including:

  • The field contains more then just the carte number. For example, if the field contained a card number and student number separated past a comma (east.grand. 12345678,0003456).

  • The multi-valued LDAP/AD field contains multiple values and simply ane representing the card number. e.g. Some third party authentication management systems store external IDs (like carte du jour numbers) in a unmarried multi-valued LDAP field.

    Notation

    For multi-value fields, PaperCut imports all the field values separated past TABs. Use the regex to extract the required portion of the field.

To utilize a regular expression to extract the bill of fare/id number:

  1. In the Sync Source expanse, select the Apply regular expression to extract primary/secondary card number from Advertising/LDAP cheque box.

  2. Enter the regular expression used to extract the card number. The regular expression must contain a capture grouping (represented by parentheses), that represents the part of the field that the carte number is extracted from.

The simplest way to create a regular expression is to starting time with ane of the post-obit examples.

Case regular expressions to extract carte numbers
Regular Expression Description
([\d]+) Extracts the beginning sequence of digits. e.g. if the field contains 12345678,005678 then 12345678 is extracted.
([\d]{5}) Extracts the first sequence of 5 digits. e.grand. if the field contains 12345678 then 12345 is extracted.
=([\d]+) Extracts the sequence of digits after the = character. e.g. if the field contains 12345678=56789" so 56789 is extracted.
([\d]+)::abc Extracts the sequence of digits preceding the text ::abc. This is a common notation when storing identities in a multi-valued field in LDAP. The ::abc notation is used to indicate the unlike identity types. In this example, if the field contains 1234::xyz 5678:qrs 9876::abc then 9876 is extracted.

For more information on regular expressions and a test tool, run into http://www.fileformat.info/tool/regex.htm. If you need assistance, delight contact support.

Gear up the secondary sync source (optional)

Enabling a secondary sync source allows PaperCut to merge the results from two independent sources. Examples of where this is useful include:

  • A schoolhouse with an Active Directory domain for the majority of users and a split up LDAP server that is used and managed past one department.

  • An organization with a new LDAP server and an quondam legacy LDAP server with carve up just unique users who have not been migrated to the new server.

  • A academy with an Active Directory for the Windows student workstations and an Open Directory for the staff Mac workstations.

When enabled, PaperCut queries both sources to find users and groups. Usernames are treated as globally unique, so the same username existing in both sources is treated as the aforementioned user (in this case, the details for the user are merged, with the chief sync source taking priority). If there is an error connecting to or synchronizing against either source then no deportment takes place.

To fix a secondary sync source:

  1. In the Secondary Sync Source (Advanced) area, select the Enable secondary sync source bank check box.

  2. Complete the secondary sync source details as described above. These fields are the aforementioned as those for the main sync source.

Set the sync options

The options listed in the Sync Options area control how the synchronization will have place.

  1. In the Sync Options area, select any of the post-obit options equally appropriate:

    • Update users' full-name, e-mail, department and office when synchronizing—if a user's details in PaperCut do non match those in the synchronization source, update the details in PaperCut NG/MF.

    • Import new users and update details overnight—synchronization automatically occurs each night at approximately 12:55am. This choice never deletes users from PaperCut.

    • Delete users that do not be in the selected source—deletes users from PaperCut if they no longer exist in the selected synchronization source.

      This option affects but users added via the synchronization source (e.m. the domain) and does not delete Guest and anonymous user management. Users that do not exist in the Sync source are deleted only when you lot manually synchronize (click Synchronize At present).

      This option does not delete users when automatically synchronizing overnight.

  2. To test the operation, click Examination Settings.

    A Testing sync settings popup dialog box displays the details of users and user groups that volition be modified (updated, added or deleted) when the actual sync operation is run.

  3. Click Apply.

dixonobjectioneve.blogspot.com

Source: https://www.papercut.com/support/resources/manuals/ng-mf/common/topics/sys-user-group-sync-ldap.html

0 Response to "Parse a Dn for Cn Without Hitting Ad Server Again"

Post a Comment

Subscribe to: Post Comments (Atom)

Iklan Atas Artikel

Iklan Tengah Artikel 1

Iklan Tengah Artikel 2

Iklan Bawah Artikel