Environment
iPrint for OES 2018
OES 2018 iPrint
Situation
After an upgrade from OES 2015 SP1 to OES 2018:
- Managing iPrint through iManager fails.
- SSL enabled iPrint printers fail with an authentication failure.
- The iPrint /ipp page won't load.
Resolution
- View the AuthLDAPDNURL parameter (server address) within the /etc/opt/novell/iprint/httpd/conf/iprint_ssl.conf.rpmsave file.
- Manually edit the /etc/opt/novell/iprint/httpd/conf/iprint_ssl.conf to show the address found in the .rpmsave version.
- Restart Apache
- rcapache2 restart
If iPrint is configured with an NSS cluster, then the /etc/opt/novell/iprint/httpd/conf/iprint_g.conf must also be modified.
- Find the following two lines within the iprint_g.conf file:
- Alias /ippdocs/ "/media/nss/<Volume name>/var/opt/novell/iprint/htdocs/"
- <Directory /media/nss/<Volume name>/var/opt/novell/iprint/htdocs>
- Replace the two <Volume name> entries with the actual iPrint volume name.
- For example, if the mounted iPrint volume name is /media/nss/PRINTVOL1, then the two lines should look like:
- Alias /ippdocs/ "/media/nss/PRINTVOL1/var/opt/novell/iprint/htdocs/"
- <Directory /media/nss/PRINTVOL1/var/opt/novell/iprint/htdocs>
- Restart Apache
- rcapache2 restart
Cause
When this file is customized while running OES 2015 SP1, the upgrade to OES 2018 changes both the iprint_ssl.conf and iprint_g.conf files. The changes are to accommodate requirements of the new version of Apache. (Apache 2.2 to Apache 2.4).
See the Additional Information section to learn more about those changes.
Additional Information
- OES 2015 SP1 Apache requirements:
LoadModule ipp_module /opt/novell/iprint/httpd/_LIBDIR_/mod_ipp.so
</IfModule>
<IfModule mod_ipp.c>
<LocationMatch
^/(ipps|idss|[Pp][Ss][Mm][Ss][Tt][Aa][Tt][Uu][Ss]|auth)($|/)>
SSLRequireSSL
Require valid-user
Order deny,allow----------------> OES 2015 SP1 specific
Allow from all---------------------> OES 2015 SP1 specific
AuthType Basic
AuthBasicProvider ldapdn
AuthName "iPrint_LDAP_Authentication"
AuthLDAPDNURL "ldaps://localhost/???(objectClass=user)"
AuthLDAPDNRemoteUserIsDN on
AuthzLDAPDNAuthoritative Off
AuthLDAPDNAllowDNAuth On
AuthLDAPDNDereferenceAliases never
</LocationMatch>
</IfModule>
- OES 2018 Apache requirements:
<LocationMatch
^/(ipps|idss|[Pp][Ss][Mm][Ss][Tt][Aa][Tt][Uu][Ss]|auth)($|/)>
SSLRequireSSL
Require valid-user
#Require all granted-------------------> syntax is not present here
AuthType Basic
AuthBasicProvider ldapdn
AuthName "iPrint_LDAP_Authentication"
AuthLDAPDNURL "ldaps://localhost/???(objectClass=user)"
AuthLDAPDNRemoteUserIsDN on
AuthzLDAPDNAuthoritative Off
AuthLDAPDNAllowDNAuth On
AuthLDAPDNDereferenceAliases never
</LocationMatch>
</IfModule>
If old iprint_ssl.conf is preserved with the OES 2018 server, Apache will return this error when loading:
Dec 17 15:40:29 blr8-119-161 server name[10135]: AH00526: Syntax error on line 14 of /etc/opt/novell/httpd/conf.d/iprint_ssl.conf:
Dec 17 15:40:29 blr8-119-161 server name[10135]: Invalid command 'Order', perhaps misspelled or defined by a module not included in the server configuration
Dec 17 15:40:29 blr8-119-161 systemd[1]: apache2.service: Main process exited, code=exited, status=1/FAILURE
Dec 17 15:40:29 blr8-119-161 server name[10144]: [Mon Dec 17 15:40:29.250146 2018] [:debug] [pid 10144] util_ldapdn.c(1585): LDAPDN: SSL trusted global cert - /etc/opt/novel... CA_BASE64)
Dec 17 15:40:29 blr8-119-161 server name[10144]: AH00526: Syntax error on line 14 of /etc/opt/novell/httpd/conf.d/iprint_ssl.conf:
Dec 17 15:40:29 blr8-119-161 server name[10144]: Invalid command 'Order', perhaps misspelled or defined by a module not included in the server configuration
Dec 17 15:40:29 blr8-119-161 systemd[1]: apache2.service: Control process exited, code=exited status=1