Skip to main contentClick to view our Accessibility Statement or contact us with accessibility-related questions.

Use Active Directory

Product support for
Xerox C410 Color Printer
Article ID
KB0010362
Published
2023-05-04

You can use the Active Directory login method alone or in conjunction with the LDAP+GSSAPI login method.

  • Only one Kerberos configuration file can be saved in the printer memory. This configuration file can apply to multiple realms and Kerberos Domain Controllers.

  • Administrators are required to anticipate the different types of authentication requests the Kerberos server can receive, and to configure the configuration file to handle the requests.

  • Uploading another configuration file or updating the Kerberos settings overwrites the saved configuration file.

  • Active Directory relies on an external server for authentication. If the server is down, then users cannot access the printer using Active Directory.

  • To help prevent unauthorized access, after each session, log out from the printer.

Creating an Active Directory Login Method:

  1. From the Embedded Web Server, click Settings > Security > Login Methods.

  2. In the Network Accounts section, click Add Login Method > Active Directory.

  3. Configure the settings.

    • Domain: Type the realm or domain name of the Active Directory server.

    • User Name: Type the name of the user that can authenticate to the Active Directory.

    • Password: Type the password of the user.

    • Organizational Unit: Type the organizational unit attribute to which the user belongs.

  4. Click Join Domain.

Editing or Deleting an Active Directory Login Method:

  1. From the Embedded Web Server, click Settings > Security > Login Methods.

  2. In the Network Accounts section, click the Active Directory login method.

  3. To delete the login method, click Unjoin Domain.

  4. Configure the General Information settings.

    • Setup Name: Type a unique name for the Active Directory login method.

    • Server Address: Type the IP address or the host name of the LDAP server.

    • Server Port: Enter the port where queries are sent.

    • Required User Input: Select the required authentication credentials when logging in to the printer.

    • Use Integrated Windows Authentication. Select one of the following:

      • Do not use.

      • Use if available: Use Windows operating system authentication credentials, if available.

      • Require: Use only Windows operating system authentication credentials.

  5. Configure the Device Credentials options.

    • Use Active Directory Device Credentials: Use user credentials and group designations that are pulled from the existing network comparable to other network services.

    • Use Active Directory Device Credentials is disabled, then provide the authentication credentials used to bind the printer with the Active Directory server.

      • Device Username: Type the fully qualified DN of a user registered to the Active Directory server.

      • Device Realm: The Active Directory domain name.

      • Device Password: Type the password for the user.

  6. Configure the Advanced Options settings.

    • Use SSL/TLS: If the LDAP server requires SSL, then select SSL/TLS.

    • Require Certificate: If the LDAP server requires a certificate, then select Yes.

    • Userid Attribute: Type the LDAP attribute to search for when authenticating user credentials. The default value is sAMAccountName, which is common in a Windows environment. For other directories, you can type uid, cn, or a user defined attribute. For more information, contact your system administrator.

    • Mail Attribute: Type the LDAP attribute that contains the email addresses for users. The default value is mail.

    • Full Name Attribute: Type the LDAP attribute that contains the full names for users. The default value is cn.

    • Home Directory Attribute: Type the LDAP attribute that contains the home directory for users. The default value is homeDirectory.

    • Group Membership Attribute: Type the LDAP attribute required for group search. The default value is memberOf.

    • Search Base: This setting is the node in the LDAP server where user accounts reside. You can type multiple search bases, separated by commas.

      Note: A search base consists of multiple attributes separated by commas, such as cn (common name), ou (organizational unit), o (organization), c (country), and dc (domain).

    • Search Timeout: Enter a value from 5 to 30 seconds or 5 to 300 seconds, depending on your printer model.

    • Follow LDAP Referrals: Search the different servers in the domain for the logged-in user account.

  7. Configure the Search Specific Object Classes settings.

    • person: Search the person object class.

    • Custom Object Classes: Type the name of the custom object class to search.

      Note: You can search a maximum of three custom object classes. In the other Custom Object Class field, type the other object class.

  8. Configure the Address Book Setup settings.

    Note: Use the following settings to configure the address book used when scanning to an email address:

    • Displayed Name: Select the LDAP attribute that you want to show on the address book.

    • Max Search Results: Type the maximum search results shown on the address book.

    • Use User Credentials: Connect to the LDAP server with the credentials for the logged-in user.

    • Search Attributes: Select LDAP attributes used as search filters.

    • Custom Attributes: Type LDAP custom attributes used as search filters.

  9. Click Save and Verify.