LDAP Domain

Last Updated: April 07, 2026

To use Active Directory or Oracle for identity management in your organization, you need a Lightweight Directory Access Protocol (LDAP) A Lightweight Directory Access Protocol (LDAP) is a lightweight client-server protocol for accessing directory services, specifically X.500-based directory services. LDAP runs over TCP / IP or other connection-oriented transfer services. The most common use is to provide a central location for accessing and managing directory services. LDAP also functions as an identity- and access-management solution. domain connection to use certain functions, such as authenticating to the Admin Console or mobile app and Secure Release Print.

Key Points

Review the following key points:

  • CPA authentication requires an LDAP domain and Identity Sync service configuration.
  • Whenever Virtual Appliance requires LDAP authentication, the LDAP domain settings apply.

Requirements

Review the following requirement:

  • For real-time authentication to the Admin Console, Control Panel Application (CPA), and mobile app, the Virtual Appliance must communicate with the LDAP server.

LDAP Configuration

1. Select the LDAP Settings Template

  1. In the Admin Console, select Tools then Settings then General.
  2. Scroll down to the Identity Provider Settings section, and select LDAP.

  3. Select Add

    General settings showing Identity Provider Settings section with LDAP option and other options selected.

2. Enter Domain Information

  1. Enter the name of your LDAP domain in the Domain Name field, and press Tab to autopopulate the NETBIOS Domain Name and Base DN fields.

  2. Add additional information as listed below:

    1. Primary LDAP Server: The external (public) IP address or fully qualified domain name (FQDN) that is port forwarded to your primary LDAP server.
    2. Secondary LDAP Server: (Optional) The external (public) IP address or FQDN that is port forwarded to your secondary LDAP server.
    3. LDAP Port: Port 389 is for LDAP.
    4. LDAP Server requires secure sockets: Port 636 is for secure LDAP and LDAPS. After you select this setting, the port number automatically changes to 636.
    5. Domain Alias: (Optional) The domain alias.
    6. Bind User: Bind user name.
    7. Bind Password: Password for the bind user name.
    8. LDAP Email Attributes: Contains the Active Directory attribute in which the user's email address is stored.
    9. SSO Email Attributes: The attribute you enter here is used for multifunction printer (MFP) user functionality for features, such as scanning.
    10. SSO Home Directory Attributes: The attributes you enter here are used for MFP user functionality, such as scanning.

      Not all manufacturers support this functionality. Contact Vasion Product Support for a list of supported manufacturers.

    11. Server Type: For Active Directory or Oracle, select the server type that you are using.
  3. Select Apply.

LDAP Settings modal

3. Test Connection Settings

  1. Select the Test Settings button.
  2. After the test completes, the results display in a table with the following details:

    • Status: A successful test display a green checkmark, a failed test display a red "X," and a skipped test display a caution triangle.

      The Skipped status appears when a setting is left without a value or the value in the field cannot be found.
      LDAP test results showing skipped result.

    • Test: A description of the test.

    • Result: Displays the results of the test. If the test is skipped or failed, this section displays the reason.

      LDAP test results showing failed result.

  3. Adjust any settings as needed based on the test results.

LDAP General Settings

In the Admin Console, you can optionally configure the following in the LDAP Settings section of the General settings:

  • Default domain when logging in: Use the dropdown menu to select the default LDAP domain. The system uses this domain when an end user attempts to log in with only a username and does not specify a domain. For example, the user only needs to enter "john.smith" for the system to attempt to log them in as mydomain\john.smith. If multiple domains are configured, the end user still has to enter the non-default domain followed by the username. For example, xyzcorp\john.smith.

  • Enable advanced LDAP administrative authentication: Selecting this option lets you add users or groups without the Windows Active Directory interface. For example, macOS, Linux workstations, or when multiple domains are configured.

    LDAP Settings showing default domain and "Enable advanced LDAP administrative authentication" option.

When you finish configuring the LDAP Settings, select Save in the upper-right corner of the General settings.

Delete Provisioned LDAP Data

For legal reasons, Product Support cannot delete provisioned LDAP users and groups from the database. This action is at the discretion of the IT admin. This process requires your interaction to ensure that deletion is the desired outcome.

  1. In the Admin Console, select Tools then Settings then General.
  2. In the Identity Provider Settings section, select LDAP.
  3. In the LDAP Sync section, select the Delete Provisioned LDAP Data option.
  4. Enter "DELETE" in the text field.

  5. Select Delete.

    This action deletes all LDAP users and groups from the database for all configured Active Directory domains and requires you to provision them again. You cannot undo this action.

The Role-Based Access Control (RBAC), portal security, and printer deployment rules associated with these users and groups continue to function unless you delete them.

Delete LDAP Provisioning Data showing DELETE in text field.