LDAP Domain

Last Updated: April 07, 2026

To use Active Directory or Oracle for identity management in your organization, you need a Lightweight Directory Access Protocol (LDAP) A Lightweight Directory Access Protocol (LDAP) is a lightweight client-server protocol for accessing directory services, specifically X.500-based directory services. LDAP runs over TCP / IP or other connection-oriented transfer services. The most common use is to provide a central location for accessing and managing directory services. LDAP also functions as an identity- and access-management solution. domain connection to use certain functions, such as authenticating to the Admin Console or mobile app and Secure Release Print.

Key Points

Review the following key points:

  • CPA authentication requires an LDAP domain and Identity Sync service configuration.
  • For LDAP attributes, such as badge information and email addresses, you can turn on Identity Sync on a local network Service Client that allows LDAP communication, which syncs with the cloud. You can use this option for some LDAP attributes, but you cannot use it for real-time authentication.
  • Whenever Vasion Print requires LDAP authentication, the LDAP domain settings apply.

Requirements

Review the following requirement:

  • For real-time authentication to the Admin Console, Control Panel Application (CPA), and mobile app, the source IP address must communicate with the LDAP server through your firewall.

An environment using an LDAP configuration needs to allow the LDAP server to communicate with the source IP address listed below, according to region, through the firewall to provide real-time username and password authentication for the Admin Console or CPA. We recommend forwarding TCP port 636 so that the LDAP traffic is secured using Transport Layer Security (TLS) Transport Layer Security (TLS) is the more secure version of SSL. TLS is a cryptographic protocol designed to provide communications security over a computer network..

LDAP Regional Connections

Location

Domain Name

IP Address

United States

printercloud

35.160.78.54

Frankfurt, Germany

printercloud5

35.156.186.96

Azure

printercloud6

20.93.57.100

Sydney, Australia

printercloud10

52.65.56.219

Canada

printercloud15

3.98.74.218

Singapore

printercloud20

18.140.176.85

LDAP Configuration

1. Select the LDAP Settings Template

  1. In the Admin Console, select Tools then Settings then General.
  2. Scroll down to the Identity Provider Settings section, and select LDAP.

  3. Select Add

    General settings showing Identity Provider Settings section with LDAP option and other options selected.

2. Enter Domain Information

  1. Enter the name of your LDAP domain in the Domain Name field, and press Tab to autopopulate the NETBIOS Domain Name and Base DN fields.

  2. Add additional information as listed below:

    1. Primary LDAP Server: The external (public) IP address or fully qualified domain name (FQDN) that is port forwarded to your primary LDAP server.
    2. Internal Primary IP: (Optional) The internal (private) IP address or FQDN of your primary LDAP server.
    3. Secondary LDAP Server: (Optional) The external (public) IP address or FQDN that is port forwarded to your secondary LDAP server.
    4. Internal Secondary IP: (Optional) The internal (private) IP address or FQDN of your secondary LDAP server.
    5. LDAP Port: Port 389 is for LDAP.
    6. LDAP Server requires secure sockets: Port 636 is for secure LDAP and LDAPS. After you select this setting, the port number automatically changes to 636. You need to create a firewall rule for the port used in the LDAP configuration unless the configuration uses Identity Sync through a Service Client.
    7. Domain Alias: (Optional) The domain alias.
    8. Bind User: Bind user name.
    9. Bind Password: Password for the bind user name.
    10. LDAP Email Attributes: Contains the Active Directory attribute in which the user's email address is stored.
    11. SSO Email Attributes: The attribute you enter here is used for multifunction printer (MFP) user functionality for features, such as scanning.
    12. SSO Home Directory Attributes: The attributes you enter here are used for MFP user functionality, such as scanning.

      Not all manufacturers support this functionality. Contact Vasion Product Support for a list of supported manufacturers.

    13. Server Type: For Active Directory or Oracle, select the server type that you are using.
  3. Select Apply.

LDAP Settings showing multiple fields.

3. Test Connection Settings

  1. Select the Test Settings button.
  2. After the test completes, the results display in a table with the following details:

    • Status: A successful test display a green checkmark, a failed test display a red "X," and a skipped test display a caution triangle.

      The Skipped status appears when a setting is left without a value or the value in the field cannot be found.
      LDAP test results showing skipped result.

    • Test: A description of the test.

    • Result: Displays the results of the test. If the test is skipped or failed, this section displays the reason.

      LDAP test results showing failed result.

  3. Adjust any settings as needed based on the test results.

LDAP General Settings

In the Admin Console, you can optionally configure the following in the LDAP Settings section of the General settings:

  • Default domain when logging in: Use the dropdown menu to select the default LDAP domain. The system uses this domain when an end user attempts to log in with only a username and does not specify a domain. For example, the user only needs to enter "john.smith" for the system to attempt to log them in as mydomain\john.smith. If multiple domains are configured, the end user still has to enter the non-default domain followed by the username. For example, xyzcorp\john.smith.

  • Enable advanced LDAP administrative authentication: Selecting this option lets you add users or groups without the Windows Active Directory interface. For example, macOS, Linux workstations, or when multiple domains are configured.

    LDAP Settings showing default domain and "Enable advanced LDAP administrative authentication" option.

When you finish configuring the LDAP Settings, select Save in the upper-right corner of the General settings.

Delete Provisioned LDAP Data

For legal reasons, Product Support cannot delete provisioned LDAP users and groups from the database. This action is at the discretion of the IT admin. This process requires your interaction to ensure that deletion is the desired outcome.

  1. In the Admin Console, select Tools then Settings then General.
  2. In the Identity Provider Settings section, select LDAP.
  3. In the LDAP Sync section, select the Delete Provisioned LDAP Data option.
  4. Enter "DELETE" in the text field.

  5. Select Delete.

    This action deletes all LDAP users and groups from the database for all configured Active Directory domains and requires you to provision them again. You cannot undo this action.

The Role-Based Access Control (RBAC), portal security, and printer deployment rules associated with these users and groups continue to function unless you delete them.

Delete LDAP Provisioning Data showing DELETE in text field.