Choose your language

Choose your login

Support

Synchronize Card/Identity Numbers from a directory

This page applies to:

Card and ID numbers are used as an alternative to usernames/passwords for authentication at software Release Stations, or at hardware terminals attached to photocopiers.

Often Card/ID Number are already assigned by other systems, in which case you must import these numbers into PaperCut NG/MF from Active Directory or LDAP. Unlike other fields, such as full-name and email address, there is no standard field used exclusively for card numbers. For this reason, PaperCut NG/MF let’s you specify the field from which to import the Card/ID Number.

Below we explain how to import Card/ID Numbers from a user directory, as well as how to use regular expressions to modify the number if needed.

Import Card/ID Numbers from a Directory

User Directories like Active Directory and LDAP have a number of user fields that can store the user’s Card/ID Number. Some of these fields are editable in the user’s properties in the Active Directory Users and Computer tool, but others can be updated only with other tools.

  1. Log in to the PaperCut admin interface.
  2. Go to Options > User/Group Sync > Sync Source.
  3. In Primary number, select Sync from AD/LDAP field.
  4. AD/LDAP field name, enter the name of the field containing the Card/ID Numbers.
    • Active Directory: PaperCut NG/MF uses the pager field to retrieve the primary card number. This field was chosen because it is rarely used and is also editable in the Windows user interface. If this field is not suitable, you can choose any valid Active Directory user field.
    • LDAP: PaperCut NG/MF uses the employeeNumber field to retrieve the primary card number. This is a standard LDAP field, but if this is not suitable, you can choose any valid LDAP user field. This is a standard LDAP field, but if this is not suitable, you can choose any valid LDAP user field.
  5. If required, import the secondary Card/ID Numbers.
    1. In Secondary number, select Sync from AD/LDAP field.
    2. In AD/LDAP field name, enter the name of the field containing the Card/ID Numbers.
  6. Scroll down and click Apply for the changes to take effect on the next synchronization.

Extract the Card/ID Number from a directory field using a regular expression

The vast majority of sites store the full card number in a single field in Active Directory, LDAP, or Entra ID. In this situation, you do not need to use a regular expression (regex) to extract the card number. A regular expression is required only under some specific circumstances, including:

  • The field contains leading or trailing numbers that should be removed to make it easier for users to type in their ID number manually (for example: 00012345).
  • The multi-valued LDAP/AD field contains multiple values and only one representing the card number. For example, some third-party authentication management systems store external IDs (like card numbers) in a single multi-valued LDAP field. For example, if the field contained a card number and student number separated by a comma (for example: 12345678,0003456).
  • To sync Card/ID Numbers from Entra ID’s onPremisesExtensionAttributes . These attributes are commonly used in scenarios where an organization’s on-premises Active Directory is synchronized with Entra ID (formerly called Azure Active Directory). To sync the Card/ID Number from ExtensionAttribute3, use this example regex: (?<=extensionattribute3=)([a-zA-z0-9]+).

To use a regular expression to extract the Card/ID Number:

  1. In the Sync Source area, select the Apply regular expression to extract primary/secondary card number from AD/LDAP check box.

  2. Enter the regular expression used to extract the card number. The regular expression must contain a capture group (represented by parentheses) that represents the part of the field that the card number is extracted from.

    The simplest way to create a regular expression is to start with one of the following examples.

Regular ExpressionDescription
([\d]+)Extracts the first sequence of digits. e.g. if the field contains 12345678,005678 then 12345678 is extracted.
([\d]{5})Extracts the first sequence of 5 digits. e.g. if the field contains 12345678 then 12345 is extracted.
=([\d]+)Extracts the sequence of digits after the = character. e.g. if the field contains 12345678=56789" then 56789 is extracted.
([\d]+)::abcExtracts the sequence of digits preceding the text ::abc. This is a common notation when storing identities in a multi-valued field in LDAP. The ::abc notation is used to indicate the different identity types. In this example, if the field contains 1234::xyz 5678:qrs 9876::abc then 9876 is extracted.

For more information on regular expressions and a test tool, see http://www.fileformat.info/tool/regex.htm . If you need assistance, please contact support.

Comments