When your organization works with LDAP directory servers, PRISMAsync Print Server can connect to these LDAP directory servers to retrieve user information for authentication purposes. Users can use the login names and passwords they also use elsewhere in the organization.
LDAP (Lightweight Directory Access Protocol) is an application protocol that queries and modifies items on LDAP directory servers. The PRISMAsync Print Server can request the LDAP directory server to perform user authentication, but also to provide address book information for scan to email.
The user accounts configured on the LDAP directory servers belong to one or more LDAP user groups on the same server. The LDAP user groups that store printer users can be mapped to PRISMAsync user groups. In this way you define the access rights of the LDAP user accounts.
You need additional software to manage the user accounts and user groups on the LDAP directory server. Users that have an LDAP user account cannot change or recover their password on the printer.
After you have configured a PRISMAsync Print Server domain that corresponds with a domain on an LDAP directory server, you map one or more LDAP user groups to PRISMAsync Print Server domain user groups.
For a new domain user group you define the access rights in the same way as you do for custom and factory defined user groups. The domain integration means that access rights are updated automatically when a user logs in to the printer.
In the example below the user group Office users has been added from the domain office. The other user groups are the custom user group Export and the factory defined user groups. For these user groups, the [Domain] field contains the hostname of the printer.
Example: domains
Example: domainsThe user authentication process with a connection to an LDAP directory server is as follows:
User authentication via LDAP domainThe user logs in with a domain selection and the specification of a username and password.
PRISMAsync Print Server sets up a connection with the LDAP directory server according to the attributes of the domain configuration.
PRISMAsync Print Server sends the (encrypted) username of the user for verification. The password is kept on PRISMAsync Print Server.
The LDAP directory server verifies the user account.
The LDAP directory server returns the verification results.
When the user account is valid, PRISMAsync Print Server checks the access rights of the domain user groups of the user.
The verification results are displayed on the login window.