You are here: Installation > Advanced implementation > Advanced LDAP configuration

Advanced LDAP configuration

PaperCut NG supports the following LDAPThe Lightweight Directory Access Protocol (LDAP) is a directory service protocol that runs on a layer above the TCP/IP stack. It provides a mechanism used to connect to, search, and modify Internet directories. The LDAP directory service is based on a client-server model. server types out-of-the-box:

For more information about basic configuration options for these platforms, see Using LDAP for user synchronization.

However, PaperCut NG can support other server/schema types by defining the fields to query and the LDAP searches to perform. Configure these options in the Advanced Config EditorThe Config Editor stores information used by PaperCut to configure advanced options and functions. This information is stored in config keys, which are editable by an administrator. on the Options tab. The following config keys are available for the primary sync source:

Table 25: LDAP primary sync source config keys
Config name Description
ldap.schema.user-name-field The LDAP field that contains the user's username.
ldap.schema.user-full-name-field The LDAP field that contains the user's full name.
ldap.schema.user-email-field The LDAP field that contains the user's email address.
ldap.schema.other-emails-field The LDAP field that contains the user's other email addresses. If the user has only one other email, then use a single value or a multi-value LDAP field. If the user has multiple other email addresses then use a multi-value LDAP field.
ldap.schema.user-second-card-id-field The LDAP field that contains the user's second card id.
ldap.schema.user-department-field The LDAP field that contains the user's department.
ldap.schema.user-office-field The LDAP field that contains the user's office location.
ldap.schema.user-card-id-field The LDAP field containing the user's primary card ID value.
ldap.schema.user-second-card-id-field The LDAP field containing the user's secondary card ID value.
ldap.schema.user-name-search The LDAP search to retrieve the user. The {0} in the search is replaced with * when listing all users, and [username] when searching for a specific user. If no search is defined, the default is ([userNameField]={0}). IMPORTANT: The search must include the {0} value.
ldap.schema.group-name-field The LDAP field that contains the group's name.
ldap.schema.group-member-field The LDAP field that contains the group members.
ldap.schema.group-search The LDAP search to retrieve the group. The {0} in the search is replaced with * for all group searches. If no search is defined, the default is ([groupMemberField]={0}), which means get all entries with at least one member. IMPORTANT: The search must include the {0} value.
ldap.schema.posix-groups If Y, then the group member field contains the user's username. If N, then the group member field contains the user's DN.
ldap.schema.home-directory-field The LDAP field that contains the user's home folder path.

If you are using a secondary sync source, the following config keys are available:

Table 26: LDAP secondary sync source config keys
Config name Description
ldap2.schema.user-name-field The LDAP field that contains the user's username.
ldap2.schema.user-full-name-field The LDAP field that contains the user's full name.
ldap2.schema.user-email-field The LDAP field that contains the user's email address.
ldap.2.schema.other-emails-field The LDAP field that contains the user's other email addresses. If the user has only one other email, then use a single value or a multi-value LDAP field. If the user has multiple other email addresses then use a multi-value LDAP field.
ldap.2.schema.user-second-card-id-field The LDAP field that contains the user's second card id.
ldap2.schema.user-department-field The LDAP field that contains the user's department.
ldap2.schema.user-office-field The LDAP field that contains the user's office location.
ldap2.schema.user-card-id-field The LDAP field containing the user's primary card ID value.
ldap2.schema.user-second-card-id-field The LDAP field containing the user's secondary card ID value.
ldap2.schema.user-name-search The LDAP search to retrieve the user. The {0} in the search is replaced with * when listing all users, and [username] when searching for a specific user. If no search is defined, the default is ([userNameField]={0}). IMPORTANT: The search must include the {0} value.
ldap2.schema.group-name-field The LDAP field that contains the group's name.
ldap2.schema.group-member-field The LDAP field that contains the group members.
ldap2.schema.group-search The LDAP search to retrieve the group. The {0} in the search is replaced with * for all group searches. If no search is defined, the default is ([groupMemberField]={0}), which means get all entries with at least one member. IMPORTANT: The search must include the {0} value.
ldap2.schema.posix-groups If Y, then the group member field contains the user's username. If N, then the group member field contains the user's DN.
ldap2.schema.home-directory-field The LDAP field that contains the user's home folder path.