How to configure Ricoh LDAP search

Here you find how to configure RICOH multi function to search on Active Directory for retrieving email address or fax number.

If you want to use KERBEROS authentication, create first a REALM.
– Realm Name: description name
– KDC Server Name: domain controller address
– Domain Name: DNS domain name [yourdomain.com]

Then configure an LDAP server.
– Identification name: description name
– Server Name: Domain Controller address
– Search base: Where start to search.  [OU=myou,DC=mydomain,DC=com]
– Port Number: LDAP port. 389 for standard LDAP or 3268 for GC
– User Name: Account that can browse AD (standard domain user)
– Realm Name: REALM you have created before if you want to use kerberos. Not necessary for other type of authentication

Under Search Conditions you can match search attributes with Active directory attributes. The default on “Identification Name” is CN (common name). I change it on DISPLAYNAME

Advertisements

6 thoughts on “How to configure Ricoh LDAP search

  1. hairston.michael@gmail.com says:

    Question. I setup ldap on the MP 171 and the connection works fine. But on the the actual printer itself, how do you perform a search. I go to search destination and select ldap. I can chose my criteria but after that it does nothing. How do I actually perform the search?

    • Benjamin Pittonet says:

      I’m also looking looking into this (i know, this post date from a long time :/ ) But i currently need to search the ldap to authenticate user on the printer.

      What i need is that: when people come on the printer to print, they would be required to enter their user name and password from the LDAP to authenticate on the printer and get acces to the fonction. I’m also required to put in place an LDAP based “adress book” meaning that when people come to the printer they could just pick their user from a user list that the printer would take from the LDAP.

      So far I configured the KDC Realm and the LDAP (the connexion test is going fine, so i’m assuming the printer connect well to the LDAP or else i could have had an error) but the search criteria are not configured as i don’t know what i really need to input (displayName hasn’t worked for me, nor has “name” or “cn”) but i understood that it wasn’t necessary so i don’t think the problem is coming from there.

      Currently the error i got is that when trying to log onto the printer with a LDAP account and password, the printer return an error code: L0406-204 which correspond to a kerberos error, altought my kerberos is configured fine.

      If anyone could help me, it’ll be an awesome relief as i currently only have a week and a half left to get things to work before moving on to another part of my internship.

      Thanks in advance.

      • LS says:

        L0406-204 Kerberos authentication failed:

        Kerberos authentication settings are not correctly configured.
        Make sure the realm name, KDC (Key Distribution Center) name, and supporting domain name are specified correctly.

        The KDC and machine timing do not match.
        Authentication will fail if the difference between the KDC and machine timing is more than 5 minutes. Make sure the timing matches.

        Kerberos authentication will fail if the realm name is specified in lower-case letters. Make sure the realm name is specified in upper-case letters.

      • Benjamin Pittonet says:

        “LS says:
        April 15, 2015 at 10:09 am

        L0406-204 Kerberos authentication failed:

        Kerberos authentication settings are not correctly configured.
        Make sure the realm name, KDC (Key Distribution Center) name, and supporting domain name are specified correctly.

        The KDC and machine timing do not match.
        Authentication will fail if the difference between the KDC and machine timing is more than 5 minutes. Make sure the timing matches.

        Kerberos authentication will fail if the realm name is specified in lower-case letters. Make sure the realm name is specified in upper-case letters.”

        Thanks for the reply.

        I already saw the error code and tried to correct my settings but it’s still not working.

        I already checked the time and it matches so for the error code: “Make sure the realm name, KDC (Key Distribution Center) name, and supporting domain name are specified correctly.” is checked and OK, then there is “Authentication will fail if the difference between the KDC and machine timing is more than 5 minutes. Make sure the timing matches.” it matches so it is OK, and for the upper-case for the realm name i just checked and it is in upper-case already (plain letter so no funny character that might get me an error).
        But it’s still not working and I still don’t know why but i can’t log onto the printer with an LDAP account.

        I’m currently in an internship so my clock is ticking and i can’t leave without leaving a viable solution, right now i went on hard coding everyone in a single adress book then push the adress book in every printer. Not very practical but i don’t really have a choice :/

        Thanks for your help anyway, i really appreciated the advice!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s