Directories - Managing homonyms

Preamble

As Watchdoc allows the management of print jobs specific to each user of an entity, the specific case of homonymous user accounts can present a configuration difficulty.

Watchdoc integrates homonymity management based on the configuration of the META and CARDS directories and on the configuration of print queues.

Prerequisites

To enable homonyms to be managed, it is preferable for the device driver to be able to write the user's domain to the spool file;

  • If the domain is not written to the spool file, homonym management can be configured only for devices associated with the same domain;

  • A feasibility audit needs to be carried out, taking into account the technical and organisational context in which the homonymy issue arises (network architecture, device makes and models, number of directories, printing policy, etc.).

 

To analyse the spools and find out whether the user's domain is in them, you can use the tool LanguageTest.

Principe

Generally, when creating accounts in a directory (domain), the network administrator differentiates between users with the same name by adding the initial of their first name to the login (or email address). For example, John Smith has the login j.smith and Emma Smith has the login e.smith. And if the initials of the first names are identical, the administrator will find a way of distinguishing between the accounts (for example, Joana Smith, who arrives after John, will be assigned the jo.smith or j.smith2 account). Each user can therefore identify himself on a WES without being confused with a user with the same name. Sometimes, however, the homonymy has not been anticipated (rare) or, more frequently, it is necessary to merge several separate directories into a single directory. This is the case when several companies pool their IT resources. In this case, if it is not possible to modify the user accounts (SAMAccountName), merging the directories into the single Watchdoc META directory may generate homonyms. The homonymy referred to here is not a pure homonymy involving users with the same first names and surnames, but the homonymy of user accounts (SAMAccount Name). For example, John or Joana Smith, who are not homonyms, both have a similar account (SAMAccoutnName) j.smith.
If John Smith 's company A merges with Joana's company B, two j.smith accounts will be present in the META directory of the company C created by this merger. Ignoring the homonym would expose users to the risk of unblocking printouts belonging to a user with the same name. This would pose a problem for certain sensitive documents. To solve this problem, Watchdoc includes a function for adding a domain to the user account in the META directory in order to distinguish homonymous accounts.

Procedure

To activate homonym management in Watchdoc, you need to:

  1. configure the META directory to prepare it to manage homonyms (and in CARDS if you use this directory);

  2. configure the queues (or groups of queues) to specify the homonym management mode.

Configure the META directory

  1. From the Main Menu in Watchdoc, Configuration section, click on User directories,

  2. From the User directory list, click on the button for the META directory to edit its properties:

     

  1. From the User directory configuration interface, in the Sub-directories section, check the Remember the original domain of mapped users to not replace the initial domain with the META domain as this could create homonyms that would be impossible to discriminate between (so that CompA\j.doe and CompB\j.doe do not both become META\j.doe),

  2. Click on the button to validate the META directory configuration.

Configurer la file (ou groupe de files)

  1. From the Main Menu in Watchdoc, then from the Production section, click on Printing queues

  2. From the Printing queues list, choose a group of files or a specific file, depending on what you wish to configure

    3. If you configure a group of files, the settings will apply to all of the files included in the group, but you can still change the settings for each file later on.

  3. Click on the Edit properties button.

  4. In the Queue Properties (or Group Properties) interface, Expert Mode section, configure the Domain parameter. Five options are presented, depending largely on the context in which Watchdoc is installed and the driver's ability to register the domain in the spool:


    • Use same settings as the group (parameter only available for a queue): if the queue belongs to a group, select this option if you want the queue to inherit the domain assigned to this group.

       

    • Ignore the domain found in the spool file and always use the default domain: tick this box to ignore the initial domain. This is the default setting.

      In this case, as the accounts registered in the META directory all depend on the META domain, homonyms will not be detected.

       

    • Use the domain specified in the spool file if present, otherwise use default domain: With this option, Watchdoc gives priority to the initial domain (or the default domain if the initial domain does not exist). This option is therefore only useful if the domain is registered in the spool file. Accounts registered in the META directory keep their initial (or default) domain information, which is an important distinguishing feature.

      This is the preferred option when the device driver is able to write the domain to the spool file, but if the driver is unable to write the domain to the spool file, this option runs the risk of a user unblocking the print job of a user with the same name who started the print job.

       

    • Use the domain specified in the spool file if present, otherwise reject the job: With this option, Watchdoc takes into account the user's initial domain (or the default domain if the initial domain does not exist). This option is therefore only useful if the domain is entered in the spool file. Accounts registered in the META directory retain information about their initial (or default) domain, which is an important distinguishing feature; otherwise, Watchdoc considers that it does not have sufficient information to establish the identity of the print job owner at the time he or she logs in. As a result, Watchdoc does not print the print job.

      This option offers the maximum guarantee of distinguishing homonyms, but has the disadvantage of causing a print job to fail. In addition, information about the failed print job cannot be communicated to the user, since the user cannot be distinguished from his or her namesake(s).

     

    • Always use the following domain: tick this button and select a specific domain from the drop-down list to be given priority.

      The queue will then only authorise print jobs from users belonging to this domain.

  1. Click on the button to validate spool group or spool settings.

  2. Test printing from homonym accounts to ensure the effectiveness of the settings chosen.