The following eSF applications are frequently used with the LDD Print Release solution. For more information on the supported eSF application versions, see Supported Embedded Solutions Framework (eSF) applications.
Depending on the printer model, the BadgeAuth and CardAuth eSF applications require different versions. The installation and configuration of the applications also vary by printer model.
eSF application and version | Supported printers |
|---|---|
CardAuth version | e-Task 5 |
BadgeAuth version | e-Task 4 and e-Task 3 |
BadgeAuth version | e-Task 2 (Not supported) |
To prevent errors during deployment, do the following:
Make sure that the existing CardAuth application is running during the upgrade.
When applicable, configure the following:
User authentication settings
Web Service settings
Identity Service Provider settings
PIN settings
LDAP settings
LDAP Server Setup
LDAP Attributes
Login Screen settings
Lock Screen settings
Custom Profile
Advanced Settings
Setting | Description |
|---|---|
Card Validation | This setting determines how cards are validated. Possible values
|
Card Registration | The login method for registering using cards. If this setting is not specified, or if the text does not match the printer security settings, then this setting is set to Disabled. |
Manual Login | The login method for logging in manually. If this setting is not specified, or if the text does not match the printer security settings, then this setting is set to Disabled. |
Realm | The location of the user account. Configure this setting when using Active Directory, Kerberos, or LDAP+GSSAPI. |
Admin Login | The login method for the administrator login. Make sure that you have configured a local administrator account for the printer and that you have configured the permissions for the Device Admin Group. By default, some functions, and administrative and device management menus are permitted for this group. However, this setting is disabled by default. |
Authorized Group | The group that can use the administrator login feature. This feature is applicable only to user name, and user name and password accounts. |
Show on Screen Saver | Shows the Admin Login button on the screen saver. |
If Card Validation is set to Web Service, then the following are used to communicate to the web server:
Setting | Description |
|---|---|
Server URL | The web service address used to register and to validate the badge ID. Notes:
|
Timeout (seconds) | The timeout in seconds used for connecting to the web service. The default value is seconds. To disable the timeout, set the value to . |
Registration Interface | Possible values
The default value is Version 1. Version 2 adds tracking to the IP address and host name of the printer used to register the badge. Note: Version 2 is applicable only to Print Release version 2.3 or later. |
Lookup Interface | Possible values
The default value is Version 1. Version 2 adds tracking to the last time the badge is used and from what printer. Note: Version 2 is applicable only to Print Release version 2.3 or later. |
From the Embedded Web Server, navigate to the configuration page for the application.
From the User Authentication section, set Card Validation to Identity Service.
From the Identity Service Settings section, set the identity service provider address to , where is the IP address of the LPM server.
If the LPM server is configured with SSL, then set the badge service provider address to either of the following:
Where is the IP address of the LPM server.
Set Client ID to .
Set Client Secret with the value from <install-Dir>\Lexmark\Solutions\apps\idm\WEB-INF\classes\idm-production-config.properties file, where <install-Dir> is the installation folder of LDD.
Set Card Registration to Identity Service.
Set Manual Login to Identity Service.
Click Save.
Setting | Description |
|---|---|
PIN Validation | Triggers PIN validation using LDAP or a web service. Note: LDAP validation is applicable only when Required Credentials is set to PIN Only. |
Required Credentials | Determines whether the following are required when a user logs in to the printer:
|
PIN Registration/Update | Authenticates the user account before registering or updating the PIN. When disabled, this setting does not allow PIN registration or PIN update. If this setting is not specified, or if the text does not match the printer security settings, then this setting is set to Disabled. |
Web Server Address | The server address where PIN is stored. Use the following format for its value: Where is the host name or IP address of the LDD load balancer server. Note: is used for the LPM server to determine whether the Card Authentication PIN feature is used. |
PIN Login Text | The custom message in the PIN Login screen. The minimum number of characters is 0, and the maximum number of characters is 100. |
Minimum PIN Length | The minimum required PIN length for registration or update. The default value is , but the supported range of value is from to . Make sure that the value is consistent with the LPM administrator portal PIN settings. |
Invalid PIN Length Error Message | The custom error message that appears when the PIN entered does not meet the PIN length requirement during PIN registration or update. The minimum number of characters is 0, and the maximum number of characters is 256. |
Invalid PIN Error Message | The custom error message that appears when an invalid PIN is entered. The minimum number of characters is 0, and the maximum number of characters is 256. |
Network Timeout | The length of time before connection with the server is established. The default value is , but the supported range of value is from to . To disable the timeout, set the value to . |
Socket Timeout | The length of time before response data from the server is received. The default value is , but the supported range of value is from to . To disable the timeout, set the value to . |
PIN Notification | When a user registers, this setting lets you show the PIN on the printer display, e-mail it to the user, or both. |
Setting | Description |
|---|---|
Use Address Book | Uses the LDAP settings configured in Address Book. For printers running on eSF version 5 or later, the LDAP settings in Network Accounts are used. If there are multiple network accounts, then the first in alphabetical order is selected. Notes:
|
Setting | Description |
|---|---|
Server Address | The host name or IP address of the LDAP server. |
Server Port | The port number used to communicate with the LDAP server. Common possible values
|
Use SSL | Uses SSL for communication. |
Search Base | The directory where the LDAP search begins. |
Login Username | The service account name used for logging in to the LDAP server. If this setting is not specified, then anonymous bind is performed. |
Login Password | The service account password used for logging in to the LDAP server. |
The following LDAP attributes must be specified:
Setting | Description |
|---|---|
User ID | The user’s Windows user ID. For Active Directory, this setting corresponds to . |
Badge ID | The user’s badge ID. This setting is used only when Card Validation is set to LDAP. |
User Information | A comma-separated list of user attributes. This list is queried after the user has authenticated. |
Group Membership Attribute | The groups where the user is a member of. |
Group List | The groups shown in Manage Permission where the administrator can define permissions at a group level. If multiple groups are used, then the group names must be comma-separated. |
User PIN | The LDAP attribute where the PIN validation is looked up against. |
The following settings determine how the login screen is shown to the user:
Setting | Description |
|---|---|
Use Custom Login Text | Shows the custom login text. To avoid redundancy, disable this setting when the text is included in the login screen image. |
Custom Login Text | The text shown on the login screen. If this setting is not specified, then the default text is used. |
Text Color | The color of the custom login text. Possible values
To maximize usability, select a color that contrasts with the color of the login screen image. |
Use Custom Image for Login Screen | Uses the custom image background on the login screen. |
Login Screen Image | The image shown on the login screen. The image can be in a GIF, PNG, or JPG format that is 800 x 480 pixels and does not exceed 100KB. If this setting is not specified, then the default image is used. |
Manual Login Text | The text shown on the login screen for manual login. If this setting is not specified, then the default text is used. The minimum number of characters is 0, and the maximum number of characters is 100. |
Allow Copy Without Login | Lets users perform a copy job without authenticating. Note: This setting is applicable only to printers that support the copy function. |
Allow Fax Without Login | Lets users perform a fax job without authenticating. Note: This setting is applicable only to printers that support the fax function. |
The following settings determine how the lock screen is shown to the user:
Setting | Description |
|---|---|
Text Location | The location of the login text on the lock screen. Possible values
|
Login Profile | The profile that is launched automatically after a successful login. Possible value
|
Setting | Description |
|---|---|
Name or ID | The application or printer function that users can access from the lock screen. The application name is case sensitive. |
Icon Text | The custom name for the icon that is shown on the lock screen. |
Use Custom Icon | Shows the custom icon. |
Icon upload field | The custom icon image that is shown on the lock screen for Custom Profile. The image can be in a GIF, PNG, or JPG format that is 140 x 140 pixels and does not exceed 40KB. |
Setting | Description |
|---|---|
Badge Logout Delay (seconds) | The length of time before the printer registers a succeeding tap as a logout. The default value is . To disable the timeout, set the value to . The minimum time in seconds is , and the maximum time in seconds is . |
Use Selected Realm | Adds the selected realm during registration and when users log in manually. For example, userid@realm. The feature is applicable only if the login methods for card registration and manual login are Kerberos, Active Directory, or LDAP+GSSAPI. For card registration, if this feature is enabled, then the badge ID that is registered is in username@realm format. For manual login, if this feature is enabled, then the user name shown in the printer control panel is in username@realm format. Note: This setting is not applicable when logging in or registering using a PIN. |
Enable Beep for Successful Login | Enables a sound when the badge reader reads a badge successfully. |
Beep Frequency | The sound frequency of the printer beep when a badge is read successfully. The default value is . The minimum frequency in Hertz is , and the maximum frequency in Hertz is . |
The following settings determine how the login screen is shown to the user:
Setting | Description |
|---|---|
Background Transparency | Determines the transparency of the banner background. |
Display Login Text | Shows the custom login text. To avoid redundancy, disable this setting if the text is included in the login screen image. |
Login Screen Text | The text shown on the login screen. If this setting is not specified, then the default text is used. |
Login Screen Image | The image shown on the login screen. The image must be in GIF format that is 800 x 320 pixels and does not exceed 40KB. If this setting is not specified, then the default image is used. |
Login Method | Determines how users can log in to the printer. Possible values
Note: If a badge is not available, then Manual Login lets users enter their credentials. |
Allow Copy without Login | Lets users perform a copy job without authenticating. Note: This setting is applicable only to printers that support the copy function. |
Allow Fax without Login | Lets users perform a fax job without authenticating. Note: This setting is applicable only to printers that support the fax function. |
Custom Profile | The application or printer function that users can access from the lock screen. The application name is case-sensitive. |
Icon Text | The custom name for the image on the lock screen. |
Icon | The image shown on the lock screen. The image must be in GIF that is 120 x 75 pixels. |
Icon when Pressed | The image shown while the icon on the lock screen is pressed. The image must be in GIF that is 120 x 75 pixels. |
Login Text Placement | The location of the login text. Possible values
|
Icon or Text Placement | The location of the text or icon. Possible values
|
Setting | Description |
|---|---|
Card Validation | Determines how cards are validated. Possible values
Note: Selecting None lets all users with valid card use the printer. |
Card Registration Access Control | Determines the access control that is used for card registration. Note: Select None to restrict all users from registering their badge at the specific printer. To configure access controls, do the following:
For more information on configuring access controls, see the Card Authentication Administrator’s Guide. |
Manual Login Access Control | Determines the access control that is used for manual login. The access control configuration for this method is the same as Card Registration Access Control. Note: Selecting None allows users to log in without a badge. |
Session Access Control | Determines the access control that is used for a user’s session data. Another printer function, such as Copy, may be set to the same access control, and then get the user information. Select the solution or application number that corresponds to the BadgeAuth or CardAuth security template that is defined when creating an access control. |
Admin Login Access Control | Determines the access control that is used to authenticate administrators. Note: Selecting Disabled prevents the Admin Login button from appearing on the lock screen. |
Setting | Description |
|---|---|
Show Registration Intro Message | Prompts users to register their badge before prompting them to enter their user ID. If disabled, then this setting prompts users to enter their user ID automatically. |
Show Registration Finished Message | Informs users whether the badge registration is successful before redirecting them to the printer home screen. If disabled, then this setting redirects users to the home screen automatically. |
Enable Beep for Successful Login | Enables a sound when the badge reader reads a badge successfully. |
Beep Frequency | The sound frequency of the printer beep when a badge is read successfully. |
Login Profile | The profile that is launched automatically after a successful login. |
Use Selected Realm | Adds the selected realm during registration and when users log in manually. For example, userid@realm. The feature is applicable only if the login methods for card registration and manual login are Kerberos, Active Directory, or LDAP+GSSAPI. For card registration, if this feature is enabled, then the badge ID that is registered is in username@realm format. For manual login, if this feature is enabled, then the username shown in the printer control panel is in username@realm format. Note: This setting is not applicable when logging in or registering using a PIN. |
If Card Validation is set to Web Service, then the following are used to communicate to the web server:
Setting | Description |
|---|---|
Server URL | The web service address used to register and to validate the badge ID. Notes:
|
Registration Interface | Determines the Web Service call version to use for badge registration. Possible values
The default value is Version 1. Version 2 adds tracking to the IP address and host name of the printer used to register the badge. Note: Version 2 is applicable only to Print Release version 2.3 and later. |
Lookup Interface | Determines the Web Service call version to use for badge lookup. Possible values
The default value is Version 1. Version 2 adds tracking to the last time that the badge is used and from what printer. Note: Version 2 is applicable only to Print Release version 2.3 and later. |
From the Embedded Web Server, navigate to the configuration page for the application.
From the User Authentication section, set Card Validation to Identity Service.
From the Identity Service Settings section, set the identity service provider address to , where is the IP address of the LPM server.
If the LPM server is configured with SSL, then set the badge service provider address to either of the following:
Where is the IP address of the LPM server.
Set Client ID to .
Set Client Secret with the value from <install-Dir>\Lexmark\Solutions\apps\idm\WEB-INF\classes\idm-production-config.properties file, where <install-Dir> is the installation folder of LDD.
Set Card Registration to Identity Service.
Set Manual Login to Identity Service.
Click Save.
Setting | Description |
|---|---|
Web Server Address | The server address where the PIN is stored. Use the following format for its value: Where is the host name or IP address of the LDD load balancer server. Note: is used for the LPM server to determine whether the Card Authentication PIN feature is used. |
Minimum PIN Length | The minimum required PIN length for registration or update. The default value is , but the supported range of values is from to . Make sure that the value is consistent with the LPM administrator portal PIN settings. |
Invalid PIN Length Error Message | The custom error message that appears when the PIN is entered does not meet the PIN length requirement during PIN registration or update. The minimum number of characters is 0, and the maximum number of characters is 256. |
Invalid PIN Error Message | The custom error message that appears when an invalid PIN is entered. The minimum number of characters is 0, and the maximum number of characters is 256. |
Setting | Description |
|---|---|
Use Address Book | Uses the LDAP settings configured in Address Book. The LDAP settings must be specified for single-function printers. |
Server Address | The host name or IP address of the LDAP server. |
Server Port | The port number used to communicate with the LDAP server. Common possible values
|
Use SSL | Uses SSL for communication. |
Search Base | The directory where the LDAP search begins. |
Login username | The service account name used for logging in to the LDAP server. If this setting is not specified, then anonymous bind is performed. |
Login Password | The service account password used for logging in to the LDAP server. |
The following LDAP attributes must be specified:
Setting | Description |
|---|---|
User ID | The user’s Windows user ID. For Active Directory, this setting corresponds to . |
Badge ID | The user’s badge ID. This setting is used only when Card Validation is set to LDAP. |
User Information | A comma-separated list of user attributes. This list is queried after the user has authenticated. |
The following settings determine how BadgeAuth interacts with the printer home screen after a user has logged in:
Setting | Description |
|---|---|
Display username | The format of the username. Possible values
Note: The User ID LDAP attribute must match the results of the badge lookup. |
Username Format | If Display username is set to None, then this setting determines how the format of the username is shown in the status window. Type for the username. |
Use Home Screen Logout | Shows an icon for logging out on the printer home screen. |
Badge Logout Delay | The length of time in seconds before the printer registers a succeeding tap as a logout. The default value is seconds. |
The Device Usage eSF application does not require a license. The following shows the configuration data for Device Usage for use with the LDD Print Release.
Notes:
eSF application and version | Supported printers |
|---|---|
Device Usage version 1.10 | e-Task 5, e-Task 4, and e-Task 3 |
Device Usage version 1.6 |
|
Setting | Description |
|---|---|
Site ID | The site ID that the printer uses for reports. If this setting is not specified, then the default site code in LDD is used. |
Server Type | Determines the server type that the usage data is being reported to. Possible values
|
Server URL | The text shown on the login screen. If this setting is not specified, then the default text is used. This setting is the URL used to send data to the server. Use the following format for the LDD Server Type value: Where is the host name or IP address of the LDD load balancer server. |
Track Copy | When enabled, copy jobs on the printer are tracked. We recommend this method for tracking copies when Print Release quotas are not used. If quotas are enabled, then LDD tracks copy jobs and the Track Copy setting must not be enabled. Note: During the Copy or Copy Cancel workflow, the Track Copy and Track Copy Cancel settings must not be enabled at the same time on a printer. Enabling these settings together causes duplicate entries in the PR_STATS report. |
Track Copy Cancel | When enabled, canceled copy jobs on the printer are tracked. We recommend this method to track regular copies and when quotas are enabled when using LDD. Only the actual pages printed are tracked when using this setting. Canceled copy jobs are sent immediately to the server for a real-time user quota update. Note: During the Copy or Copy Cancel workflow, the Track Copy and Track Copy Cancel settings must not be enabled at the same time on a printer. Enabling these settings together causes duplicate entries in the PR_STATS report. |
Track Email | When enabled, emails sent from the printer are tracked. If LDD Print Release is used, then the From field shows the email address of the logged in user, and the Track Email setting must not be enabled. |
Track Fax Send | When enabled, faxes sent from the printer are tracked. We recommend this method for tracking fax jobs. If Print Release (Fax + Profile) is used, then the Track Fax Send setting must not be enabled. |
Track Fax Receive | When enabled, faxes sent to the printer are tracked. |
Track FTP | When enabled, FTP scans sent from the printer are tracked. |
Track Print | When enabled, print jobs from the printer are tracked. When you use LDD Print Release, we recommend this method to track only print jobs that are not sent using Print Release. Make sure that the Ignore Print Jobs From setting is enabled. |
Ignore Print Jobs From | A comma-separated list of IP addresses that does not generate print tracking data. When using LDD Print Release, we recommend this method to avoid duplicate tracking entries when sending jobs using Print Release. If Track Print is enabled, then this list must include all the LDD application server addresses. Including LDD servers to this list results in duplicate tracking entries. |
Track Internal Print | When enabled, print jobs such as fax confirmations, email confirmations, and menu settings are tracked. The report does not include user-initiated print jobs. |
Track Other Scans | When enabled, jobs that generate a scan job are tracked. The report includes any other eSF application or LDD profile that is not part of the Print Release package. |
Include Profile Name in Data | When enabled, the profile name that initiated the workflow or scan job is tracked. Note: We recommend enabling this setting only when necessary. |
Setting | Description |
|---|---|
Client ID | The client credentials that are obtained from the identity service provider used with the client ID. |
Client Secret | The client credentials that are obtained from the identity service provider used with the client secret. |
SSL Certificate | The certificate used for secure connection. |
Job Submission Interface | Determines the Web Service call version to use for sending job reports. The default value is Version 1. |
Report Sending Mode | Determines how the application sends reports. Possible values
The default value is Send Immediately. |
Send by Batch: Maximum Records for Every Batch | Determines the number of tracked records the application collects before sending the reports by batch. The default value is , but the supported range of value is from to . |
Maximum Wait Time to Form a Batch (in Minutes) | The length of time before the application sends the report by batch. The default value is , but the supported range of value is from to . Note: Specifying disables this setting. |
Send By Batch: Resend Delay (in seconds) | The length of time before the application sends the report by batch. The default values are . |
Send By Schedule: Maximum Records for Every Batch | Determines the number of tracked records the application collects before sending the reports by schedule. The default value is , but the supported range of value is from to . |
Send by Schedule: Resend Delay (in Seconds) | The length of time before the application sends the report by schedule. The default values are . |
Report Sending Interval | The interval for sending tracked jobs by batch. Possible values
The default value is Minutes. |
Minutes | Determines when to send reports in minutes. The default value is , but the supported range of value is from to . |
Daily | Determines when to send reports within the day. Use the (HH:MM) time format. To add separate times, use commas. |
Day of the Week | Determines when to send reports by selecting a day of the week. The default value is Sunday. |
Time of Day (in 24-hour format) | Determines when to send reports during the selected day of the week. Use the (HH:MM) time format. To add separate times, use commas. |