iPrint Appliance LDAP imported users can't log into iManager

  • 7017933
  • 09-Aug-2016
  • 28-Nov-2016

Environment

Micro Focus iPrint Appliance

Situation

The users imported using the "Import Users" feature of the iPrint Appliance cannot log into iManager and therefore cannot administer iPrint.

Resolution

Solution 1: Locally create users
Instead of creating the iPrint Appliance administrative users with the LDAP "Import Users" feature, manually create the administrative users.
  1. Create the object
    • iManager -> Directory Administration -> Create User Object
  2. Add the created user to the admingroup object.
    • iManager -> Directory Administration -> Modify Object -> browse to the admingroup.iPrintAppliance object
    • Click the Members
    • Browse to the newly created user.
    • Click OK.
  3. Add the admingroup object to the Print Manager's ACL
    • iManager -> iPrint -> Manage Print Manager -> Access Control -> Add -> Browse to the admingroup.iPrintAppliance object -> Click OK
  4. Add the admingroup object to the Driver Store's ACL
    • iManager -> iPrint -> Manage Driver Store -> Access Control -> Add -> Browse to the admingroup.iPrintAppliance object -> Click OK
Solution 2: Add password to imported user

Same steps as above, but instead of doing the steps to the newly created user object, follow steps 2 through 4 for the imported user.  Also, add a password to the imported user:
  • Choose the "Restrictions" tab  click the "Set Password" link
  • Assign a password to the user.
  • Note: This password will not synchronize with the source user's password.

Cause

The "Import Users" feature does not import passwords.  This creates a scenario where that user can't log into iManager because iManager requires the user object to have a password to authenticate. 

Additional Information

iPrint authentications for secure printers, however, work even though users within the Appliance don't have passwords.  This works because the password validation is handed off to the source LDAP server (whether that be AD or eDir).  iManager authentications do not participate in that hand off authentication.