Advanced LDAP configuration
PaperCut NG supports the following LDAPThe Lightweight Directory Access Protocol (LDAP) is a directory service protocol that runs on a layer above the TCP/IP stack. It provides a mechanism used to connect to, search, and modify Internet directories. The LDAP directory service is based on a client-server model. server types out-of-the-box:
-
Microsoft Active Directory
-
Unix/NIS/Posix
For more information about basic configuration options for these platforms, see Using LDAP for user synchronization.
However, PaperCut NG can support other server/schema types by defining the fields to query and the LDAP searches to perform. Configure these options in the Advanced Config EditorThe Config Editor stores information used by PaperCut to configure advanced options and functions. This information is stored in config keys, which are editable by an administrator. on the Options tab. The following config keys are available for the primary sync source:
Config name | Description |
---|---|
ldap.schema.user-name-field | The LDAP field that contains the user's username. |
ldap.schema.user-full-name-field | The LDAP field that contains the user's full name. |
ldap.schema.user-email-field | The LDAP field that contains the user's email address. |
ldap.schema.other-emails-field | The LDAP field that contains the user's other email addresses. If the user has only one other email, then use a single value or a multi-value LDAP field. If the user has multiple other email addresses then use a multi-value LDAP field. |
ldap.schema.user-second-card-id-field | The LDAP field that contains the user's second card id. |
ldap.schema.user-department-field | The LDAP field that contains the user's department. |
ldap.schema.user-office-field | The LDAP field that contains the user's office location. |
ldap.schema.user-card-id-field | The LDAP field containing the user's primary card ID value. |
ldap.schema.user-second-card-id-field | The LDAP field containing the user's secondary card ID value. |
ldap.schema.user-name-search | The LDAP search to retrieve the user. The {0} in the search is replaced with * when listing all users, and [username] when searching for a specific user. If no search is defined, the default is ([userNameField]={0}). IMPORTANT: The search must include the {0} value. |
ldap.schema.group-name-field | The LDAP field that contains the group's name. |
ldap.schema.group-member-field | The LDAP field that contains the group members. |
ldap.schema.group-search | The LDAP search to retrieve the group. The {0} in the search is replaced with * for all group searches. If no search is defined, the default is ([groupMemberField]={0}), which means get all entries with at least one member. IMPORTANT: The search must include the {0} value. |
ldap.schema.posix-groups | If Y, then the group member field contains the user's username. If N, then the group member field contains the user's DN. |
ldap.schema.home-directory-field | The LDAP field that contains the user's home folder path. |
If you are using a secondary sync source, the following config keys are available:
Config name | Description |
---|---|
ldap2.schema.user-name-field | The LDAP field that contains the user's username. |
ldap2.schema.user-full-name-field | The LDAP field that contains the user's full name. |
ldap2.schema.user-email-field | The LDAP field that contains the user's email address. |
ldap.2.schema.other-emails-field | The LDAP field that contains the user's other email addresses. If the user has only one other email, then use a single value or a multi-value LDAP field. If the user has multiple other email addresses then use a multi-value LDAP field. |
ldap.2.schema.user-second-card-id-field | The LDAP field that contains the user's second card id. |
ldap2.schema.user-department-field | The LDAP field that contains the user's department. |
ldap2.schema.user-office-field | The LDAP field that contains the user's office location. |
ldap2.schema.user-card-id-field | The LDAP field containing the user's primary card ID value. |
ldap2.schema.user-second-card-id-field | The LDAP field containing the user's secondary card ID value. |
ldap2.schema.user-name-search | The LDAP search to retrieve the user. The {0} in the search is replaced with * when listing all users, and [username] when searching for a specific user. If no search is defined, the default is ([userNameField]={0}). IMPORTANT: The search must include the {0} value. |
ldap2.schema.group-name-field | The LDAP field that contains the group's name. |
ldap2.schema.group-member-field | The LDAP field that contains the group members. |
ldap2.schema.group-search | The LDAP search to retrieve the group. The {0} in the search is replaced with * for all group searches. If no search is defined, the default is ([groupMemberField]={0}), which means get all entries with at least one member. IMPORTANT: The search must include the {0} value. |
ldap2.schema.posix-groups | If Y, then the group member field contains the user's username. If N, then the group member field contains the user's DN. |
ldap2.schema.home-directory-field | The LDAP field that contains the user's home folder path. |