8.2 Setup for user authentication linking with the directory server (Windows only)
User authentication through linking with a directory server has two methods. One is to use a DS user and the other is to use a linkage user. Use a DS user for the case where JP1 authentication information (JP1 user authentication information and JP1 operating permission) is managed by a directory server. Use a linkage user for the case where only JP1 user authentication information is managed by a directory server.
If user authentication is performed by linking with the directory server, both the JP1 administrator and directory server administrator need to perform setup tasks.
The following table shows the required setup tasks for the cases using a DS user or a linkage user respectively.
JP1 user type |
Setup tasks for JP1 administrator |
Setup tasks for directory server administrator |
---|---|---|
Linkage user |
Settings for directory server linkage on the authentication server
|
Registration of a JP1 user (linkage user) to the directory server |
DS user |
Settings for directory server linkage on the authentication server
Setting of operating permissions (when setting in JP1/Base) |
In-advance setting of the Active Directory
Setting of operating permissions (when setting in Active Directory) |
The following figure shows the setup procedure required on each host and the corresponding subsections in this manual when performing user authentication by linking with the directory server.
In the subsequent subsections, explanations will be given for settings required only for the cases performing user authentication through linking with a directory server. For details on other settings, see the location in this manual indicated in Figure 8-10 or Figure 8-11. The settings are the same as the settings when using the authentication server only.
Notes when linking with the directory server
-
A standard user can log into the authentication server even if directory server linkage is enabled.
-
When SSL is used, check the following:
Directory server
-
Whether the certification service has been installed
Authentication server
-
Whether the certification exported from the directory server has been installed
-
-
jp1hosts information or jp1hosts2 information cannot be used to resolve the name of the linked directory server to an IP address. Therefore, specify settings so that, for example, the OS hosts file can resolve the name.
- Organization of this section