Choose your language

Choose your login

Contact us

Advanced LDAP configuration

This page applies to:

PaperCut NG/MF supports the following LDAP server types out-of-the-box:

  • Novell eDirectory

  • Microsoft Active Directory

  • Unix/NIS/Posix

For more information about basic configuration options for these platforms, see Synchronize user and group details with LDAP

However, PaperCut NG/MF can support other server/schema types by defining the fields to query and the LDAP searches to perform. Configure these options in the Advanced Config Editor on the Options tab. The following config keys are available for the primary sync source:

LDAP primary sync source config keys

Config nameDescription
ldap.schema.user-name-fieldThe LDAP field that contains the user's username.
ldap.schema.user-full-name-fieldThe LDAP field that contains the user's full name.
ldap.schema.user-pin-fieldThe LDAP field that contains the user's PIN. This must be only digits.
ldap.schema.user-email-fieldThe LDAP field that contains the user's email address.
ldap.schema.other-emails-fieldThe LDAP field that contains the user's other email addresses. If the user has only one other email, then use a single value or a multi-value LDAP field. If the user has multiple other email addresses then use a multi-value LDAP field.
ldap.schema.user-second-card-id-fieldThe LDAP field that contains the user's second card id.
ldap.schema.user-department-fieldThe LDAP field that contains the user's department.
ldap.schema.user-office-fieldThe LDAP field that contains the user's office location.
ldap.schema.user-card-id-fieldThe LDAP field containing the user's primary card ID value.
ldap.schema.user-second-card-id-fieldThe LDAP field containing the user's secondary card ID value.
ldap.schema.user-name-searchThe LDAP search to retrieve the user. The {0} in the search is replaced with * when listing all users, and [username] when searching for a specific user. If no search is defined, the default is ([userNameField]={0}). IMPORTANT: The search must include the {0} value.
ldap.schema.group-name-fieldThe LDAP field that contains the group's name.
ldap.schema.group-member-fieldThe LDAP field that contains the group members.
ldap.schema.group-searchThe LDAP search to retrieve the group. The {0} in the search is replaced with * for all group searches. If no search is defined, the default is ([groupMemberField]={0}), which means get all entries with at least one member. IMPORTANT: The search must include the {0} value.
ldap.schema.posix-groupsIf Y, then the group member field contains the user's username. If N, then the group member field contains the user's DN.
ldap.schema.home-directory-fieldThe LDAP field that contains the user's home folder path.

If you are using a secondary sync source, the following config keys are available:

LDAP secondary sync source config keys

Config nameDescription
ldap.2.schema.user-name-fieldThe LDAP field that contains the user's username.
ldap.2.schema.user-full-name-fieldThe LDAP field that contains the user's full name.
ldap.2.schema.user-pin-fieldThe LDAP field that contains the user's PIN. This must be only digits.
ldap.2.schema.user-email-fieldThe LDAP field that contains the user's email address.
ldap.2.schema.other-emails-fieldThe LDAP field that contains the user's other email addresses. If the user has only one other email, then use a single value or a multi-value LDAP field. If the user has multiple other email addresses then use a multi-value LDAP field.
ldap.2.schema.user-second-card-id-fieldThe LDAP field that contains the user's second card id.
ldap.2.schema.user-department-fieldThe LDAP field that contains the user's department.
ldap.2.schema.user-office-fieldThe LDAP field that contains the user's office location.
ldap.2.schema.user-card-id-fieldThe LDAP field containing the user's primary card ID value.
ldap.2.schema.user-second-card-id-fieldThe LDAP field containing the user's secondary card ID value.
ldap.2.schema.user-name-searchThe LDAP search to retrieve the user. The {0} in the search is replaced with * when listing all users, and [username] when searching for a specific user. If no search is defined, the default is ([userNameField]={0}). IMPORTANT: The search must include the {0} value.
ldap.2.schema.group-name-fieldThe LDAP field that contains the group's name.
ldap.2.schema.group-member-fieldThe LDAP field that contains the group members.
ldap.2.schema.group-searchThe LDAP search to retrieve the group. The {0} in the search is replaced with * for all group searches. If no search is defined, the default is ([groupMemberField]={0}), which means get all entries with at least one member. IMPORTANT: The search must include the {0} value.
ldap.2.schema.posix-groupsIf Y, then the group member field contains the user's username. If N, then the group member field contains the user's DN.
ldap.2.schema.home-directory-fieldThe LDAP field that contains the user's home folder path.

LDAP server default configuration

Comments