LDAP Operation Guide
(Lightweight Directory Access Protocol)
To find basic information about network and advanced network
features of your Brother machine: See the uu Network User's Guide.
To download the latest manual, please visit the Brother Solutions
latest drivers and utilities for your machine, read FAQs and
troubleshooting tips or learn about special printing solutions from the
Brother Solutions Center.
Version 0
ENG
Table of Contents
Benefits to the customer............................................................................................................................1
Synchronize with SNTP server..................................................................................................................8
LDAP operation using the control panel for MFC-8510DN, MFC-8520DN, MFC-8710DW and
MFC-8910DW.......................................................................................................................................10
Import and export a CA certificate.....................................................................................................25
ii
Introduction
1
1
1
Overview
1
The LDAP protocol allows you to search for information such as fax numbers and E-mail addresses from your
server. When you use the Fax, I-Fax or Scan to E-mail server features, you can use the LDAP search to find
fax numbers or E-mail addresses.
Every E-mail program has a personal address book, but how do you look up an address for someone who's
never sent you an E-mail? How can an organization keep one centralized up-to-date phone book that
everybody has access to? The solution is to have LDAP. LDAP, Lightweight Directory Access Protocol, is an
Internet protocol that E-mail and other programs use to look up information from a directory server on your
network. So, instead of having to write in the recipients E-mail address or have to find it from another source,
you can search for it using LDAP direct from the control panel of the multifunction machine.
Benefits to the customer
1
It simplifies the process of sending a fax or scanning a document to E-mail through its effective search
facility.
It can save time, particularly if the recipients E-mail address if unknown to the sender.
1
Configuration for LDAP using a Web
Browser
2
2
Changing the LDAP configuration
2
2
Note
®
®
®
®
We recommend to use Windows Internet Explorer 7.0/8.0 or Firefox 3.6 for Windows and Safari
4.0/5.0 for Macintosh. Please also make sure that JavaScript and Cookies are always enabled in
whichever browser you use. If a different web browser is used, make sure it is compatible with HTTP 1.0
and HTTP 1.1.
a Start your web browser.
IP address of the machine or the print server name).
c No password is required by default. If you have previously set a password, enter it and press
d Click Network.
.
e Click Protocol.
f Check LDAP and then click Submit.
g Restart the machine to activate the configuration.
2
Configuration for LDAP using a Web Browser
h Make sure the machine is turned on and then choose Advanced Setting on the Protocol page. You
can configure and change the following LDAP settings using a web browser.
2
1
2
3
4
5
6
1 This is the location of your LDAP server.
2 Change the port if necessary. (389 is the typical port number of LDAP).
If you want to connect to the Global Catalog, enter the port number 3268.
3 Enter Search Root. This is the place to start a search. For example; if the domain name of the Active
Directory server is set to “local.example.com”, the Search Root could be such as “cn=Users, dc=local,
dc=example, dc=com”.
If your server supports LDAPv3, you can automatically obtain the Search Root by pressing
Fetch DNs.
4 Select Simple method in the Authentication section, and specify Username and Password . In
the case of connecting to the Active Directory server, enter the DN (Distinguished Name) format. (e.g.
“cn=username, cn=Users, dc=local, dc=example, dc=com ”)
5 This is how many seconds the machine will wait for a response from the LDAP server.
6 Enter the attribute type for name, E-mail address and fax number as used on the LDAP server.
1
This selection will only be available depending on the authentication method used.
3
Configuration for LDAP using a Web Browser
i After you have configured the LDAP settings, click Submit. Make sure that the Status is OK on the Test
Result page.
Note
• The LDAP function of this machine supports LDAPv3.
2
• You need to use Kerberos Authentication or Simple Authentication to communicate with your LDAP
server.
If the LDAP server supports Kerberos Authentication, we recommend to choose Kerberos for the
Authentication setting. It provides strong authentication between the LDAP server and your machine.
You must configure the protocol (network time server), or you must set the date, time and time zone
correctly on the control panel for Kerberos Authentication. The time must match the time on the server
used for the Kerberos Authentication. (For information about setting, see Synchronize with SNTP server
• SSL/TLS is not supported.
• For the details of each item, see the Help Text in the Web Based Management.
4
Configuration for LDAP using a Web Browser
Configuring your machine to communicate with your E-mail
server
2
You must also configure your Brother machine to communicate with your E-mail server.
2
a Start your web browser.
IP address of the machine or the print server name).
c No password is required by default. If you have previously set a password, enter it and press
d Click Network.
.
e Click Protocol.
f Make sure POP3/SMTP is checked and click Advanced Setting.
5
Configuration for LDAP using a Web Browser
g Change the E-mail server settings.
1
2
2
3
4
5
6
7
8
1 This is the location of your SMTP server and associated SMTP port address. The standard port
number for SMTP is 25.
2 If your SMTP server requires authentication, input the necessary information here.
3 You can choose the encryption method between the machine and the SMTP server.
4 Some features of this machine, like I-Fax, allow you to send and receive E-mails to it. Assign your
printer an E-mail address to make use of these features.
5 If you use POP3, enter your POP3 details in here. The standard port number for this E-mail system
is 110.
6 Click here if you use APOP (a more secure version of POP3).
7 You can choose the encryption method between the machine and the POP3 server.
8 This is the time which the multifunction machine will wait for each section of a segmented message
before sending them all. If the message is only part complete, the part complete message will be sent.
h After you have finished changing the settings, click Submit.
6
Configuration for LDAP using a Web Browser
i After a short while you will be asked if you want to send a test E-mail to ensure a connection has been
established with your E-mail server.
Do one of the following:
If you want to send a test E-mail, click Send Test E-mail.
If you do not want to test the connectivity, uncheck both test E-mail check boxes and then click Submit.
2
j After a few moments the following screen appears if the connections to the E-mail server were
successful. Click OK.
If they were not successful, go back and check your settings.
7
Configuration for LDAP using a Web Browser
Synchronize with SNTP server
2
If the LDAP server supports Kerberos Authentication, and if you choose Kerberos for the Authentication, you
must configure the SNTP protocol (network time server), or you must set the date, time and time zone
correctly on the control panel for Kerberos Authentication. The time must match the time on the server used
for the Kerberos Authentication.
2
SNTP is the protocol used to synchronize the time used by the machine for Authentication with the SNTP
time server (this time is not the time displayed on the LCD of the machine). You can synchronize the time
used by the machine on a regular basis with the Coordinated Universal Time (UTC) provided by the time
server.
Note
This function is not available in some countries.
a Start your web browser.
IP address of the machine or the print server name).
c No password is required by default. If you have previously set a password, enter it and press
d Click Network, and then click Protocol.
.
e Select the SNTP check box to activate the setting.
f Click Advanced Setting.
Status
Displays whether the SNTP server settings are enabled or disabled.
SNTP Server Method
Choose AUTO or STATIC.
• AUTO
If you have a DHCP server on your network, the SNTP server will automatically obtain the address
from that server.
• STATIC
Enter the address you want to use.
Primary SNTP Server Address, Secondary SNTP Server Address
Enter the server address (up to 64 characters).
The Secondary SNTP server address is used as a backup to the Primary SNTP server address. If the
Primary server is unavailable, the machine will contact the Secondary SNTP server. If you have a
Primary SNTP server, but no Secondary SNTP server, simply leave this field blank.
8
Configuration for LDAP using a Web Browser
Primary SNTP Server Port, Secondary SNTP Server Port
Enter the Port number (1 to 65535).
The Secondary SNTP server port is used as a backup to the Primary SNTP server port. If the Primary
port is unavailable, the machine will contact the Secondary SNTP port. If you have a Primary SNTP
port, but no Secondary SNTP port, simply leave this field blank.
2
Synchronization Interval
Enter the number of hours between server synchronization attempts (1 to 168 hours).
Note
• You must configure Date&Time to synchronize the time used by the machine with the time server. Click
Date&Time and then configure Date&Time on the General screen. You can also configure the Date &
Time from the machine’s control panel.
• Choose the Synchronize with SNTP server check box. You also need to verify your time zone settings
correctly. Choose the time difference between your location and UTC from the Time Zone pull-down list.
For example, the time zone for Eastern Time in the USA and Canada is UTC-05:00.
Synchronization Status
You can confirm the latest synchronization status.
g Click Submit to apply the settings.
9
Machine operation
3
3
After you configure the LDAP settings, you can use the LDAP search to find fax numbers or E-mail addresses
for the following features.
Fax sending
I-Fax sending
3
Scan to E-mail server
1
Not available for DCP-8250DN
LDAP operation using the control panel for MFC-8510DN,
MFC-8520DN, MFC-8710DW and MFC-8910DW
3
Fax or I-Fax sending
3
Note
• For more information on Fax sending: uu Basic User's Guide and Advanced User's Guide.
• For more information on I-Fax: uu Network User's Guide.
a Press
(FAX).
b Load your document.
c Do one of the following:
If you want to change the fax resolution, press b and press d or c to choose fax resolution. Press OK.
d (For MFC-8520DN and MFC-8910DW)
Do one of the following:
If you want to send a 2-sided document, press Duplex.
Note
• You can send 2-sided documents from the ADF.
• When the machine is ready to scan 2-sided documents the LCD shows
corner.
for Duplex in the lower right
e Press a to search.
10
Machine operation
f Enter the initial characters for your search by using the dial pad.
Note
You can enter up to 15 characters.
g Press a or OK.
The LDAP search result will be shown on the LCD before the local address book search result with c. If
there is no match on the server or the local address book, the LCD will show No Contact Foundfor
2 seconds.
3
h Press a or b to scroll until you find the name you are looking for.
To confirm details of the result information, highlight the result and press c.
i Press OK.
j If the result includes both a fax number and an E-mail address, the machine will prompt you to press a
or b to choose either a fax number or an E-mail address.
k Do one of the following:
If you are sending a fax, choose a fax number and then press OK.
If you are sending an I-Fax, choose an E-mail address and then press OK.
l Press Start.
11
Machine operation
Scan to E-mail server
3
Note
• If you choose Secure PDF, the machine will ask you to enter a 4 digit password using numbers 0-9 before
it starts scanning.
3
• If you choose Signed PDF, you must install and then configure a certificate to your machine using Web
Based Management.
a Load your document.
b Press
(SCAN).
c Press a or b to choose Scan to E-mail.
Press OK.
d (For MFC-8520DN and MFC-8910DW)
Do one of the following:
If you want to send a 2-sided document, press a or b to choose 1sided, 2sided (L)edgeor 2sided
(S)edge. Press OK.
Note
• You can send 2-sided documents from the ADF.
• When the machine is ready to scan 2-sided documents the LCD shows
corner.
for Duplex in the lower right
e Press a or b to choose Change Setting. Press OK.
If you don’t want to change the quality, go to step j
f Press a or b to choose Color 100 dpi, Color 200 dpi, Color 300 dpi, Color 600 dpi,
Color Auto, Gray 100 dpi, Gray 200 dpi, Gray 300 dpi, Gray Auto, B&W 300 dpi,
B&W 200 dpior B&W 200x100 dpi. Press OK.
Do one of the following:
If you choose Color 100 dpi, Color 200 dpi, Color 300 dpi, Color 600 dpi,
12
Machine operation
g Press a or b to choose PDF, PDF/A, Secure PDF, Signed PDF, JPEGor XPS.
h Press a or b to choose PDF, PDF/A, Secure PDF, Signed PDF, JPEGor TIFF.
i Press a to choose the file size you want.
3
j The LCD prompts you to enter an address. Press a to search.
k Enter the initial characters for your search by using the dial pad.
Note
You can enter up to 15 characters.
l Press a or OK.
The LDAP search result will be shown on the LCD before the local address book search result with c. If
there is no match on the server or the local address book, the LCD will show No Contact Foundfor
2 seconds.
m Press a or b to scroll until you find the name you are looking for.
To confirm details of the result information, highlight the result and press c.
n Press OK.
o If the result includes both a fax number and an E-mail address, the machine will prompt you to press a
or b to choose either a fax number or an E-mail address.
p If the result includes both a fax number and an E-mail address,choose an E-mail address and then press
OK.
q Press Start.
13
Machine operation
LDAP operation using the control panel for DCP-8250DN and
MFC-8950DW(T)
3
Fax or I-Fax sending (For MFC-8950DW(T))
3
Note
3
• For more information on Fax sending: uu Basic User's Guide and Advanced User's Guide.
• For more information on I-Fax: uu Network User's Guide.
a Press Fax.
b Load your document.
c Set the scanner glass size, fax resolution or contrast if you want to change them.
d Do one of the following:
If you want to send a 2-sided document, press Duplex Faxand choose DuplexScan :LongEdgeor
DuplexScan :ShortEdge.
If you want to send a single-sided document, go to step f
Note
You can send 2-sided documents from the ADF.
e Press Address Book.
f Press
to search.
g Enter initial characters for your search by using the buttons on the LCD.
Note
You can enter up to 15 characters.
14
Machine operation
h Press OK.
The LDAP search result will be shown on the LCD with
result.
before the local address book search
If there is no match on the server or the local address book, the LCD will show Results cannot be
found.for about 60 seconds.
i Press a or b to scroll until you find the name you are looking for and then press the name.
To confirm the details of the name, press Detail.
3
j If the result includes more than one fax number or E-mail address, the machine will prompt you to choose
either a fax number or an E-mail address.
Do one of the following:
If you are sending a fax, choose a fax number and then press OK.
If you are sending an I-Fax, choose an E-mail address and then press OK.
k Press Send a fax.
l Press Start.
15
Machine operation
Scan to E-mail server
3
Note
• If you choose Secure PDF, the machine will ask you to enter a 4 digit password using numbers 0-9 before
it starts scanning.
3
• If you choose Signed PDF, you must install and then configure a certificate to your machine using Web
Based Management.
a Load your document.
b Press Scan.
c Press Scan to E-mail.
d Press
to search.
e Enter initial characters for your search by using the buttons on the LCD.
Note
You can enter up to 15 characters.
f Press OK.
The LDAP search result will be shown on the LCD with
before the local address book search
result.
If there is no match on the server and the local address book, the LCD will show Results cannot be
found.for about 60 seconds.
g Press a or b to scroll until you find the name you are looking for and then press the name.
To confirm the details of the name, press Detail.
h If the result includes more than one fax number or E-mail address, the machine will prompt you to choose
either a fax number or an E-mail address.
Choose an E-mail address and then press OK.
i Press Start.
16
Digital Certificate for Signed PDF
4
4
Configure certificate for Signed PDF
4
If you choose Signed PDF, you must configure a certificate to your machine using Web Based Management.
To use Signed PDF, you must install a certificate to your machine and your computer.
a Start your web browser.
4
IP address of the machine or the print server name).
c No password is required by default. If you have previously set a password, enter it and press
d Click Administrator.
.
e Choose Signed PDF for a configuration.
f Choose the certificate from the Select the Certificate pull-down list.
g Click Submit.
17
Digital Certificate for Signed PDF
Supported Certificates
4
The Brother machine supports the following certificates.
Self-signed certificate
This print server issues its own certificate. Using this certificate, you can easily use the SSL/TLS
communication without having a certificate from a CA. (See Creating a self-signed certificate uu page 20.)
Certificate from a CA
There are two methods for installing a certificate from a CA. If you already have a CA or if you want to use
a certificate from an external trusted CA:
4
• When using a CSR (Certificate Signing Request) from this print server. (See Creating a Certificate
• When importing a certificate and a private key. (See Import and export the certificate and private key
CA certificate
If you use a CA certificate that identifies the CA (Certificate Authority) itself and owns its private key, you
must import a CA certificate from the CA, prior to the configuration. (See Import and export a CA certificate
18
Digital Certificate for Signed PDF
Digital Certificate Installation
4
Signed PDF requires a digital certificate to be installed on both the machine and device which is sending data
to the machine, e.g. a computer. In order to configure the certificate, the user needs to log onto the machine
remotely through a web browser using its IP address.
a Start your web browser.
IP address of the machine or the print server name).
4
c No password is required by default. If you have previously set a password, enter it and press
.
d Click Network.
e Click Security.
f Click Certificate.
g You can configure the certificate settings.
To create a self-signed certificate using Web Based Management, go to Creating a self-signed certificate
To create a Certificate Signing Request (CSR), go to Creating a Certificate Signing Request (CSR)
1
2
1 To create and install a self-signed certificate
2 To use a certificate from a Certificate Authority (CA)
Note
• The functions that are grayed and unlinked indicate they are not available.
• For more information on configuration, see the Help text in the Web Based Management.
19
Digital Certificate for Signed PDF
Creating a self-signed certificate
4
a Click Create Self-Signed Certificate.
b Enter a Common Name and a Valid Date.
Note
• The length of the Common Name can be up to 64 characters. The node name is displayed by default.
• A warning will pop-up if you use the IPPS or HTTPS protocol and enter a different name in the URL than
the Common Name that was used for the self-signed certificate.
4
c You can choose the Public Key Algorithm and Digest Algorithm settings from the pull-down list. The
default settings are RSA(2048bit) for Public Key Algorithm and SHA256 for Digest Algorithm.
d Click Submit.
e The self-signed certificate is created and saved in your machine's memory successfully.
20
Digital Certificate for Signed PDF
Creating a Certificate Signing Request (CSR)
4
A Certificate Signing Request (CSR) is a request sent to a CA in order to authenticate the credentials
contained within the certificate.
Note
We recommend that the Root Certificate from the CA be installed on your computer before creating the
CSR.
a Click Create CSR.
4
b Enter a Common Name and your information, such as Organization.
Your company details are required so that a CA can confirm your identity and attest to the outside world.
Note
• The length of the Common Name can be up to 64 characters. The Common Name is required.
• A warning will pop-up if you enter a different name in the URL than the Common Name that was used for
the certificate.
• The length of the Organization, the Organization Unit, the City/Locality and the State/Province can be
up to 64 characters.
• The Country/Region should be an ISO 3166 country code composed of two characters.
• If you are configuring X.509v3 certificate extension, choose the Configure extended partition check box
and then choose Auto (Register IPv4) or Manual.
21
Digital Certificate for Signed PDF
c You can choose the Public Key Algorithm and Digest Algorithm settings from the pull-down list. The
default settings are RSA(2048bit) for Public Key Algorithm and SHA256 for Digest Algorithm.
d Click Submit. The following screen will appear.
4
e After a few moments, you will be presented with the certificate, which can be saved into a small file or
copied and pasted directly into an online CSR form offered by a Certificate Authority. Click Save to save
the CSR file to your computer.
Note
Follow your CA policy regarding the method to send a CSR to your CA.
f The CSR is created. For instructions on how to install the certificate to your machine, go to How to install
22
Digital Certificate for Signed PDF
How to install the certificate to your machine
4
When you receive the certificate from a CA, follow the steps below to install it into the print server.
Note
Only a certificate issued with this machine’s CSR can be installed. When you want to create another CSR,
make sure that the certificate is installed before creating another CSR. Create another CSR after installing
the certificate to the machine. Otherwise the CSR you have made before installing will be invalid.
a Click Install Certificate on the Certificate page.
4
b Specify the file of the certificate that has been issued by a CA, and then click Submit.
c Now the certificate has been created successfully and saved in your machine memory successfully.
23
Digital Certificate for Signed PDF
Import and export the certificate and private key
4
You can store the certificate and private key on the machine and manage them by importing and exporting.
How to import the self-signed certificate, the certificate issued by a CA, and the
private key
4
a Click Import Certificate and Private Key on the Certificate page.
b Specify the file that you want to import.
4
c Enter the password if the file is encrypted, and then click Submit.
d Now the certificate and private key are imported to your machine successfully.
How to export the self-signed certificate, the certificate issued by a CA, and the
private key
4
a Click Export shown with Certificate List on the Certificate page.
b Enter a password if you want to encrypt the file.
Note
If a blank password is used, the output is not encrypted.
c Enter the password again for confirmation, and then click Submit.
d Specify the location where you want to save the file.
e Now the certificate and private key are exported to your computer.
24
Digital Certificate for Signed PDF
Import and export a CA certificate
4
You can store a CA certificate on the machine by importing and exporting.
How to import a CA certificate
4
a Click CA Certificate on the Security page.
b Click Import CA Certificate and choose the certificate. Click Submit.
4
How to export a CA certificate
4
a Click CA Certificate on the Security page.
b Choose the certificate you want to export and click Export. Click Submit.
c Click Save to choose the destination folder.
d Choose the destination you want to save the exported certificate and then save the certificate.
25
Troubleshooting
5
5
Overview
5
This chapter explains how to resolve typical network problems you may encounter when using the Brother
machine. If, after reading this chapter, you are unable to resolve your problem, please visit the Brother
Please go to the Brother Solutions Center at (http://solutions.brother.com/) and click Manuals on your model
page to download the other manuals.
Identifying your problem
5
5
Make sure that the following items are configured before reading this chapter.
First check the following:
The power cord is connected correctly and the Brother machine is turned on.
All protective packaging has been removed from the machine.
The toner cartridges and drum unit are installed correctly.
The front and back covers are fully closed.
Paper is inserted correctly in the paper tray.
Go to the page for your solution from the lists below
Error messages when using the LDAP operation
5
26
Troubleshooting
Error messages when using the LDAP operation
Error Message
Cause
Action
No LDAP Server
The Brother machine cannot connect to the Make sure your access point (for
LDAP server. However, the LDAP server
configuration of the machine is correct.
wireless), router or hub are turned on
and its link button is blinking.
Make sure your local area network is
running correctly.
Contact your network administrator for
the information on the current network
problems.
Confirm settings
The Brother machine cannot connect to the Enter the correct LDAP server information
LDAP server due to the wrong LDAP server on the LDAP configuration page of the Web
5
configuration of the machine.
Based Management. See Changing the
The Kerberos Authentication error.
Make sure you have entered a correct user
name and a password for the Kerberos
server. For more information on the
Kerberos server settings, contact your
network administrator.
The date, time and time zone settings of the Confirm your machine's date, time and time
Brother machine is not correct.
zone settings. See Synchronize with SNTP
The DNS server configuration is not correct. Contact your network administrator for the
information on the DNS server settings.
The Kerberos Authentication configuration Contact your network administrator for the
is correct. However, the user is not allowed information on your access rights.
to connect to the LDAP server.
No Kerberos
The Brother machine cannot connect to the Contact your network administrator for the
Kerberos server.
information on the Kerberos server settings.
Kerberos Error
27
Troubleshooting
Network terms and PDF file format
5
Network terms
5
LDAP
The Lightweight Directory Access Protocol (LDAP) allows the Brother machine to search for information
such as fax numbers and E-mail addresses from an LDAP server.
SNTP
The Simple Network Time Protocol is used to synchronize computer clocks on a TCP/IP network. You can
configure the SNTP settings using Web Based Management (web browser).
5
PDF file format
5
PDF/A
PDF/A is a PDF file format intended for long-term archiving. This format contains all the necessary
information for reproducing the document after long-term storage.
Secure PDF
Secure PDF is a PDF file format that has been password-protected.
Signed PDF
Signed PDF is a PDF file format that helps prevent data tampering and the impersonation of an author by
including a digital certificate within the document.
If you choose Signed PDF, you must install and then configure a certificate to your machine using Web
Based Management.
28
|