Understanding security setup configuration files for e-Task 5 printers

When setting up security for e-Task 5 printers, provide the security configuration data in specific XML tags of the UCF files that come with a solution.

The following tags enable LDD to do the following:

Parse and extract the content in the tags.

Pass inputs to the appropriate interface of the printer to configure the corresponding security settings.

Notes:

To configure non-security parameters for e-Task 5 printers, deploy UCF files by using the configuration_files_ldd or configuration_data_ldd tags.

LDD only passes these settings to the printer and does not validate them.

For e-Task 4 or earlier printers, set up security for LDD by deploying UCF files.

Node data	Settings	Location	Description
ldap	name address port anon_bind machine_dn machine_password userid_attr fax_attr email_attr fullname_attr search_base search_timeout ssl_tls require_cert follow_referrals use_obj_class_person obj_class1 obj_class2 obj_class3 user_input ab_cn ab_sn ab_givenname ab_samaccountname ab_uid ab_mail_attr ab_fax_attr ab_display_name size_limit ab_use_user_creds Group permissions	From the Embedded Web Server, click Settings > Security. In the Network Accounts section, click the LDAP network account.	Configures LDAP security blocks for the printer. Note: This section in the configuration file is similar to the ldap section in the security_settings.ucf file when exporting the printer configuration.
solution_ldd	N/A	From the Embedded Web Server, click Settings > Security. In the Additional Login Methods section, click Manage Permissions for a solution account. In the Group Name section, click All Users.	Configures specific Pluggable Authentication Modules (PAM) login permissions for the printer. Note: This section in the configuration file is similar to the solution section in the security_settings.ucf file when exporting the printer configuration.
public_permissions_ldd_clear	N/A	From the Embedded Web Server, click Settings > Security > Login Methods. In the Public section, click Manage Permissions.	Configures public permissions for the printer. Note: This section in the configuration file is similar to the public_permissions section in the security_settings.ucf file when exporting the printer configuration.
device_security	N/A	From the Embedded Web Server, click Settings > Security. From the Network Accounts section, in the Default Control Panel Login Method setting, click Change.	Configures the default control panel login method for the printer. Note: This section in the configuration file is similar to the default_login_method section in the security_settings.ucf file when exporting the printer configuration.
configuration_files_ldd	N/A	N/A	Deploys UCF files that contain non-security settings such as Embedded Solutions Framework (eSF) Instance strings, and specific eSF settings such as esf.mobileauth.settings.organizationid “12345”. Note: This section in the configuration file is similar to the default_login_method section in the security_settings.ucf file when exporting the printer configuration.
configuration_data_ldd	N/A	N/A	Embeds non-security eSF settings before deploying to the printer.
kerberos	N/A	N/A	Adds Kerberos configuration information that LDD extracts and sends to e-Task 5 printers.
kerberos_file	N/A	N/A
permissions	N/A	N/A

Checking the validity of the settings in the solution_ldd tag

Obtain the printer IP address. Do either of the following:

Locate the IP address on the top of the printer home screen.
View the IP address in the Network Overview section or TCP/IP section of the Network/Ports menu.

Open a web browser, and then type the printer IP address.

From the Embedded Web Server, set all printer permissions and settings manually.

Export the security settings UCF file.

Check the security settings UCF file for possible settings and values.

Sample configuration settings for the configuration_files_ldd tag

Note: The UCF file can contain either a subset of the settings or an entire configuration of the application.

<configuration_files_ldd> <file>\\10.252.2.151\lexmark\omnikey5427ckdriver_instance.ucf</file> <file>\\10.252.2.151\lexmark\IdleScreen_instance.ucf</file> </configuration_files_ldd> <configuration_files_ldd> <file>C:\Users\Administrator\Downloads\omnikey5427ckdriver.ucf</file> <file>C:\Users\Administrator\Downloads\IdleScreen.ucf</file> </configuration_files_ldd>

Sample configuration settings for the configuration_data_ldd tag

Note: The UCF file can contain either a subset of the settings or an entire configuration of the application.

omnikey5427ckdriver_instance.ucf: esf.version.omnikey5427ckdriver 1.2.1 esf.omnikey5427ckdriver.inst.1.settings.customproxformat.label "Dev2" esf.omnikey5427ckdriver.inst.1.settings.customproxformat.type "64" …… …… esf.omnikey5427ckdriver.inst.1.settings.customproxformat.adjust.mask "FF" esf.omnikey5427ckdriver.inst.1.universally.unique.identifier "5cb6e113-7f6a-4c87-8656-fdd181c4edf4" mobileAuth_config_v0.2.10_premise.ucf: esf.version.mobileAuth 0.2.10 esf.mobileAuth.settings.custom.text "To log in, hold your device to the label on the printer control panel." esf.mobileAuth.settings.custom.loginscrn.img "" esf.mobileAuth.settings.organizationid "12345" esf.mobileAuth.settings.identityserver.addr "https://10.199.64.254:8080/identity-gateway/info" esf.mobileAuth.settings.identityserver.ssl.cert "" esf.mobileAuth.settings.clientid "sampleclientid" esf.mobileAuth.settings.clientsecret "sampleclientsecret" esf.mobileAuth.settings.socket.timeout "15"

Sample security setup configuration file

<?xml version="1.0" encoding="UTF-8"?> <auth version="1"> <ldap> <ab_cn>1</ab_cn> <ab_custom_attr1></ab_custom_attr1> <ab_custom_attr2></ab_custom_attr2> <ab_custom_attr3></ab_custom_attr3> <ab_display_name>0</ab_display_name> <ab_fax_attr>1</ab_fax_attr> <ab_givenname>1</ab_givenname> <ab_mail_attr>1</ab_mail_attr> <ab_samaccountname>1</ab_samaccountname> <ab_sn>1</ab_sn> <ab_uid>1</ab_uid> <ab_use_user_creds>0</ab_use_user_creds> <address>directory.lex.lexmark.com</address> <anon_bind>1</anon_bind> <email_attr>mail</email_attr> <fax_attr>facsimiletelephonenumber</fax_attr> <follow_referrals>0</follow_referrals> <fullname_attr>cn</fullname_attr> <homedir_attr>homeDirectory</homedir_attr> <machine_dn></machine_dn> <machine_realm></machine_realm> <name>Upasana</name> <obj_class1></obj_class1> <obj_class2></obj_class2> <obj_class3></obj_class3> <port>389</port> <require_cert>0</require_cert> <search_base>ou=employees,o=lexmark</search_base> <search_timeout>30</search_timeout> <size_limit>50</size_limit> <ssl_tls>0</ssl_tls> <use_ad_creds>0</use_ad_creds> <use_gssapi>0</use_gssapi> <use_kerberos_server>0</use_kerberos_server> <use_kerberos_ticket>1</use_kerberos_ticket> <use_obj_class_person>1</use_obj_class_person> <user_input>1</user_input> <userid_attr>uid</userid_attr> <machine_password></machine_password> <groups> <group> <name>All Users</name> <dn></dn> <is_all_users_group>1</is_all_users_group> <permissions> <name>esf.IdleScreen.chgBkgndFAC</name> <name>esf.IdleScreen.ChgBkgnd</name> <name>esf.IdleScreen.Idle</name> <name>esf.IdleScreen.showroomFAC</name> </permissions> </group> </groups> </ldap> <solution_ldd> <name>Card Authentication</name> <groups> <group> <name>All Users</name> <is_all_users_group>1</is_all_users_group> <permissions> <name>esf.IdleScreen.chgBkgndFAC</name> <name>esf.IdleScreen.ChgBkgnd</name> <name>esf.IdleScreen.Idle</name> <name>esf.IdleScreen.showroomFAC</name> </permissions> </group> </groups> </solution_ldd> <public_permissions_ldd_clear> <name>esf.IdleScreen.chgBkgndFAC</name> <name>esf.IdleScreen.ChgBkgnd</name> <name>esf.IdleScreen.Idle</name> <name>esf.IdleScreen.showroomFAC</name> </public_permissions_ldd_clear> <device_security> <default_control_panel_login_method>Card Authentication</default_control_panel_login_method> </device_security> <configuration_files_ldd> <file>\\ip address\shared location\ mobileAuth_config_v0.2.10_premise.ucf</file> <file>\\ip address\shared location\ omnikey5427ckdriver_instance.ucf</file> </configuration_files_ldd> <configuration_data_ldd> <configuration>--Put the eSF configuration here--</configuration> </configuration_data_ldd> <kerberos> <kerberos_file> <![CDATA[[libdefaults] default_realm = SOLUTIONS.LEXMARK.COM [realms] SOLUTIONS.LEXMARK.COM = { kdc = tis-dc1.solutions.lexmark.com kdc = tis-dc2.solutions.lexmark.com } NA.DS.LEXMARK.COM = { kdc = USLEXDCT06.na.ds.lexmark.com kdc = USLEXDCT05.na.ds.lexmark.com } ]]> </kerberos_file> <krb_disable_reverse_ip1 or 0</krb_disable_reverse_ip> <kerberos_permissions> <name>copy</name> <name>email</name> </kerberos_permissions> </kerberos> </auth>