iprint_ssl.conf settings not retained after upgrade to OES 2018

  • 7023593
  • 17-Dec-2018
  • 17-Dec-2018

Environment

iPrint for OES 2018
OES 2018 iPrint

Situation

After an upgrade from OES 2015 SP1 to OES 2018:
  • Managing iPrint through iManager fails. 
  • SSL enabled iPrint printers fail with an authentication failure.
  • The iPrint /ipp page won't load.

Resolution

  1. View the AuthLDAPDNURL parameter (server address) within the /etc/opt/novell/iprint/httpd/conf/iprint_ssl.conf.rpmsave file.
  2. Manually edit the /etc/opt/novell/iprint/httpd/conf/iprint_ssl.conf to show the address found in the .rpmsave version. 
  3. Restart Apache
    • rcapache2 restart
If iPrint is configured with an NSS cluster, then the /etc/opt/novell/iprint/httpd/conf/iprint_g.conf must also be modified.
  1. Find the following two lines within the iprint_g.conf file:
    • Alias /ippdocs/ "/media/nss/<Volume name>/var/opt/novell/iprint/htdocs/"
    • <Directory /media/nss/<Volume name>/var/opt/novell/iprint/htdocs>
  2. Replace the two <Volume name> entries with the actual iPrint volume name. 
    • For example, if the mounted iPrint volume name is /media/nss/PRINTVOL1, then the two lines should look like:
      • Alias /ippdocs/ "/media/nss/PRINTVOL1/var/opt/novell/iprint/htdocs/"
      • <Directory /media/nss/PRINTVOL1/var/opt/novell/iprint/htdocs>
  3. Restart Apache
    • rcapache2 restart

Cause

When this file is customized while running OES 2015 SP1, the upgrade to OES 2018 changes both the iprint_ssl.conf and iprint_g.conf files. The changes are to accommodate requirements of the new version of Apache.  (Apache 2.2 to Apache 2.4). 

See the Additional Information section to learn more about those changes.

Additional Information

- OES 2015 SP1 Apache requirements:

<IfModule !mod_ipp.c>
   LoadModule ipp_module /opt/novell/iprint/httpd/_LIBDIR_/mod_ipp.so
</IfModule>

<IfModule mod_ipp.c>
      <LocationMatch
^/(ipps|idss|[Pp][Ss][Mm][Ss][Tt][Aa][Tt][Uu][Ss]|auth)($|/)>
        SSLRequireSSL
        Require valid-user
        Order deny,allow----------------> OES 2015 SP1 specific
        Allow from all---------------------> OES 2015 SP1 specific
        AuthType Basic
        AuthBasicProvider ldapdn
        AuthName "iPrint_LDAP_Authentication"
        AuthLDAPDNURL "ldaps://localhost/???(objectClass=user)"
        AuthLDAPDNRemoteUserIsDN on
        AuthzLDAPDNAuthoritative Off
        AuthLDAPDNAllowDNAuth On
        AuthLDAPDNDereferenceAliases never
      </LocationMatch>
</IfModule>

- OES 2018 Apache requirements:

<IfModule mod_ipp.c>
      <LocationMatch
^/(ipps|idss|[Pp][Ss][Mm][Ss][Tt][Aa][Tt][Uu][Ss]|auth)($|/)>
        SSLRequireSSL
        Require valid-user
        #Require all granted-------------------> syntax is not present here
        AuthType Basic
        AuthBasicProvider ldapdn
        AuthName "iPrint_LDAP_Authentication"
        AuthLDAPDNURL "ldaps://localhost/???(objectClass=user)"
        AuthLDAPDNRemoteUserIsDN on
        AuthzLDAPDNAuthoritative Off
        AuthLDAPDNAllowDNAuth On
        AuthLDAPDNDereferenceAliases never
      </LocationMatch>
</IfModule>

If old iprint_ssl.conf is preserved with the OES 2018 server, Apache will return this error when loading:

Dec 17 15:40:29 blr8-119-161 server name[10135]: AH00526: Syntax error on line 14 of /etc/opt/novell/httpd/conf.d/iprint_ssl.conf:
Dec 17 15:40:29 blr8-119-161 server name[10135]: Invalid command 'Order', perhaps misspelled or defined by a module not included in the server configuration
Dec 17 15:40:29 blr8-119-161 systemd[1]: apache2.service: Main process exited, code=exited, status=1/FAILURE
Dec 17 15:40:29 blr8-119-161 server name[10144]: [Mon Dec 17 15:40:29.250146 2018] [:debug] [pid 10144] util_ldapdn.c(1585): LDAPDN: SSL trusted global cert - /etc/opt/novel... CA_BASE64)
Dec 17 15:40:29 blr8-119-161 server name[10144]: AH00526: Syntax error on line 14 of /etc/opt/novell/httpd/conf.d/iprint_ssl.conf:
Dec 17 15:40:29 blr8-119-161 server name[10144]: Invalid command 'Order', perhaps misspelled or defined by a module not included in the server configuration
Dec 17 15:40:29 blr8-119-161 systemd[1]: apache2.service: Control process exited, code=exited status=1