iPrint uses LDAP to verify rights to perform various iPrint operations, including authenticating users for printing and performing management tasks such as uploading drivers. During the installation of the iPrint software, iPrint attempts to identify the top-most container of the eDirectory tree and sets the basedn to this container for the AuthLDAPURL entry in sys:\apache2\iprint\ipp.conf. For most installations, this is adequate because users are often distributed across containers. However, if you have multiple peer containers at the top of your eDirectory tree, you might need to modify the basedn entry so the LDAP search begins at the root of the eDirectory tree.
Here is the syntax for the AuthLDAPURL entry:
ldap://host:port/basedn?attribute?scope?filter
Here is an example of a typical AuthLDAPURL entry where the basedn is set to a container called DivisionA:
"ldaps://server1.my_company.com/C=DivisionA???(objectClass=user)"
Here is an example of a modified AuthLDAPURL entry where the basedn is removed so the search begins at the root of the eDirectory tree:
"ldaps://server1.my_company.com/???(objectClass=user)"
HINT:For fault tolerance, you can specify additional LDAP servers in the event an LDAP server is unavailable. Additional servers use the attributes prescribed on the first server. An AuthLDAPURL entry specifying multiple LDAP servers appears like "ldaps://server1.my_company.com/C=DivisionA???(objectClass=user) ldaps://server2.my_company.com”