9.6 Configuring LDAP

iPrint uses LDAP to verify rights to perform various iPrint operations, including authenticating users for printing, and performing management tasks such as uploading drivers. During the iPrint installation, iPrint attempts to identify the top-most container of the eDirectory tree and sets the base DN to this container for the AuthLDAPURL entry in /etc/opt/novell/iprint/httpd/conf/iprint_ssl.conf. For most installations, this is adequate because users are often distributed across containers. However, if you have multiple peer containers at the top of your eDirectory tree, leave this field blank so the LDAP search begins at the root of the eDirectory tree.

Use the following syntax for the AuthLDAPURL entry:


ldap://host:port/basedn?attribute?scope?filter

Use the following example of a typical AuthLDAPURL entry where the basedn is set to a container called DivisionA:


"ldaps://server1.my_company.com/C=DivisionA???(objectClass=user)"

Use the following example of a modified AuthLDAPURL entry where the base DN is removed. This means that the search begins at the root of the eDirectory tree:


"ldaps://server1.my_company.com/???(objectClass=user)"

HINT:For fault tolerance, you can specify additional LDAP servers in the event an LDAP server is unavailable. Additional servers use the attributes prescribed on the first server. Additional LDAP servers are separated by a space. An AuthLDAPURL entry specifying multiple LDAP servers appears like ldaps://ldap.domain.com ldap1.domain.com/o=novell???(objectClass=user)

For more information about the AuthLDAPURL, see AuthLDAPUrl Directive.