HP MFP Digital Sending Software (DSS) 5.0 - Configuring DSS to Use Two-Server Authentication

Page 4 of 5 white paper

The BindRoot value is the root LDAP directory location to start a search for user information.

Multiple search roots are not supported in DSS 5.01. A typical value might look like

“o=companyname.com”.

UserMappingMethod defines how the user name entered at the device control panel will be

formatted to match the LDAP directory.

as-entered Search for the username as entered at the device

domain-slash-username Search for Domain\UserName. Only valid for Windows user

accounts

domain-colon-username Search for Domain:UserName. Only valid for Windows user

accounts

exchange-sid Search for Security Identfier (SID) formatted as text (Exchange

default). Only valid for Windows user accounts

active-directory-sid Search for Security Identifier (SID) stored in a binary format (Active

Directory default). Only valid for Windows user accounts

<UserMappingMethod>as-entered</UserMappingMethod>

The LDAP attribute used to search for a user's directory entry.

This is the LDAP attribute that contains the user's email address.

This is the LDAP attribute that contains the user's display name (or formal name).

<DisplayNameMatch>displayName</DisplayNameMatch>

4. Save the XML document

If you are using Notepad, click File, Save.

Then exit the text editor.

5. Close the DSS Configuration Utility

6. Restart the DSS service

Sample Configuration File

Sample XML document using anonymous LDAP authentication

<TwoServerAuthenticationSettings xmlns="TwoServerAuthenticationSettings"

xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

xsi:schemaLocation="TwoServerAuthenticationSettings

../../../TwoServerAuthenticationSettings.xsd>">

<Server>servername</Server>

<BindMethod>anonymous</BindMethod>

<UserMappingMethod>as-entered</UserMappingMethod>