10.6 Configuring LDAP

iPrint uses LDAP to verify rights to perform various iPrint operations, including authenticating users for printing, and performing management tasks such as uploading drivers. During the iPrint installation, iPrint attempts to identify the top-most container of the eDirectory tree and sets the base DN to this container for the AuthLDAPDNURL entry in /etc/opt/novell/iprint/httpd/conf/iprint_ssl.conf. For most installations, this is adequate because users are often distributed across containers. However, if you have multiple peer containers at the top of your eDirectory tree, leave this field blank so the LDAP search begins at the root of the eDirectory tree.

Use the following syntax for the AuthLDAPDNURL entry:

ldap://host:port/basedn?attribute?scope?filter

Use the following example of a typical AuthLDAPDNURL entry where the base DN is set to a container called DivisionA:

"ldaps://server1.my_company.com/C=DivisionA???(objectClass=user)"

Use the following example of a modified AuthLDAPDNURL entry where the base DN is removed. This means that the search begins at the root of the eDirectory tree:

"ldaps://server1.my_company.com/???(objectClass=user)"

HINT:For fault tolerance, you can specify additional LDAP servers if an LDAP server is unavailable. Additional servers use the attributes prescribed on the first server. Additional LDAP servers are separated by a space. An AuthLDAPDNURL entry specifying multiple LDAP servers appears like ldaps://ldap.domain.com ldap1.domain.com/o=novell???(objectClass=user)

For more information about AuthLDAPURL, see the AuthLDAPUrl Directive.