Configure LDAP servers

To configure an LDAP server, do the following:

  1. In System Configuration, select Global Configuration Settings > Network Environment > Directory Services Synchronization.
  2. Select LDAP in the left menu, and click the Server to open its LDAP Server Properties page.
  3. In the Filtering section, specify a Search Filter for synchronization. "(objectClass=person)" is the default search filter, and can be modified as needed. Use standard LDAP filter syntax to define the search criteria. The search filter criteria also affects the information returned in the LDAP lookup Test tool.
    If desired, you can enter additional search criteria along with the Object class. For example, if the search filter entered is "(&(objectClass=person)(l=Waterloo)", this would search for objects that have the Object class = person AND also have a location set to Waterloo.
    When using LDAP email search, the Search filter field is not active. LDAP email search looks for entries in the displayName attribute, not the email address. The displayName attribute must match what is entered in the LDAP server.
  4. In the Field mappingssection, you can link Equitrac user fields to LDAP attributes. The specified field mappings are used by synchronization. Check the options you want to associate with the user accounts in the selected containers:
    • Account name – contains the user login ID. This is mapped to the User ID property in Equitrac.
    • Account name (alternate) - maps to the User ID property in Equitrac. This a fall-back field if the system cannot find Account name.
    • Display name – contains a description of the user, such as the full user name. This is mapped into the Full name property for the user within Equitrac.
    • Display name (alternate) – maps to the Full name property for the user within Equitrac. This a fall-back field if the system cannot find Display name.
    • Display name (alternate 2) - maps to the Full name property for the user within Equitrac. This a description fall-back field if the system cannot find Display name or Display name (alternate).
    • Email address - contains the user’s email address.
    • PrimaryPIN and SecondaryPIN – maps the numeric PIN values found on LDAP to the PrimaryPIN and SecondaryPIN fields in Equitrac.
    • Alternate PIN - maps the alternative primary PIN.
    • Department - maps the department name to the Department field in the Equitrac database. If the department name does not already exist within Equitrac, it is automatically created and the selected users are added to the new department. Multi-level departmental structures can be synchronized into a single department field by using the "value1+value2+value3" syntax. For example, co+st+l+description indicates the country, state/province and city, and a description of the department. Use the LDAP lookup dialog box for the list of available values.
    • Location - maps the user’s physical location.
    • Color quota - maps the color quota page limit. Use this if you are applying color quotas.
    • Home print server - maps the name of a print server to the Home Print Server field in the Equitrac database. If you are enabling Follow-You Printing, ensure that you select the Home Server attribute for these users.
    • Home scan folder - maps to the user’s home scan folder as a full network location (UNC path). It is used as a destination folder for scan processing.
    • Delegates - maps to the user’s delegates. The attribute for Delegates must be a DN (distinguished name) type, such as "secretary".
  5. The LDAP lookup must resolve to a unique user identifier.

  6. In the Synchronization section, select or clear the Updates to be applied checkboxes—Adds, Deletes, or Changes—to specify which AD accounts Equitrac receives and applies to the accounts database during subsequent synchronizations.
    You must have at least one option selected to perform synchronization or save your changes. You can import added or changed users, or remove inactive accounts from the Equitrac accounts database. Leave these settings at the default to ensure the accounts are updated and kept in sync with the ADS server.
    The Deletes option only works if the "isDeleted" AD attribute is set to true. In case the entire user record is removed from AD, Equitrac cannot detect this deletion due to an AD limitation, and the corresponding user is not deleted automatically from Equitrac database.
  7. Select the Do not enforce account limits for users in auto-created departments checkbox to import new departments into Equitrac via AD synchronization without enforcing account limits.
    By default, when new departments are imported into the system, they are created with account limits enforced, and the system administrator needs to manually set each department to not enforce account limits. This option overrides the enforce account limits setting in the department properties.
  8. Select the Automatic synchronization checkbox for Equitrac to continually synchronize its accounts database with the LDAP server.
  9. Select the Synchronize on save checkbox to schedule a single synchronization process (as opposed to automatic synchronization, which is performed periodically).
  10. Click Save to save your settings. The task continues to run even though the properties page is closed. Server settings apply to all containers of the server.
  11. After a few minutes, go to Accounts > Users to see the list of Users to ensure successful import of the accounts. Open the user account properties and ensure that the settings are correct.