Environment
Novell Distributed Print Services (NDPS)
Situation
NDPS printers set to Medium security don't enforce user ACLs when submitting jobs.
Note: The information in this TID applies to Printer Agents installed using the NDPS client. This information does not apply to Printer Agents installed with the iPrint client; for example, installed from a web page. If secure access to a printer is desired when using the iPrint client, then enable SSL on those Printer Agents. However, the enforceusracl won't change the security behavior.
Note: The information in this TID applies to Printer Agents installed using the NDPS client. This information does not apply to Printer Agents installed with the iPrint client; for example, installed from a web page. If secure access to a printer is desired when using the iPrint client, then enable SSL on those Printer Agents. However, the enforceusracl won't change the security behavior.
Resolution
Apply NDPSM.NLM dated 19JAN2006 or later. Search Novell's File Finder for NDPSM.NLM to obtain this version. With this version of NDPSM, load the manager with the /ENFORCEUSERACL switch. For example,
NDPSM /ENFORCEUSERACL
Additional Information
Read KB 10089134 to understand the default behavior of NDPSM.NLM and the way it handles the Access Control List with High, Medium, and Low security settings on printers. In short, when printer security is set to Medium, user ACLs are queried when installing a printer, but not when submitting a print job. Some administrators need the user ACL to be queried on job submission too. They accomplish this by setting the printer agent security to High. While this accomplishes the desired effect, setting a printer agent security to High creates overhead for NDPSM, resulting in performance problems.
NDPSM.NLM dated 19JAN2006 and later contains a feature enabled by a switch command that can be used when loading NDPSM.NLM that will enforce user ACL lookups on job submission when the printer agent security is set Medium.
Formerly known as TID# 10100342