Environment
Micro Focus iPrint Appliance 4.x
Situation
When using SSL printers, ACL's are assigned to the iPrint printer to control which users/groups/containers can use that printer.
In this case, an Access Denied message is presented to the end users. Viewing the iPrint printer's ACL shows that the users and groups are no longer listed (they used to be listed).
Resolution
Fix on iPrint Appliance 4.1 Patch 2 ( Appliance version 4.1.2)
Cause
If there are network connectivity issues during the user LDAP synchronization with the source LDAP server, the source LDAP server does not properly reply or the local eDir does not load the records properly. The LDAP sync process will mark these users/groups as non-existence in source LDAP server and process to remove them. Also, the users and groups will be removed the printer ACLs.
Minutes later, when the LDAP sync process completes with no errors, users/groups will be re-imported into the appliance. But, those re-imported users will have already been removed from the printer ACLs and will not be auto re-added. The end result is that the users will not have access to the printers.
Additional Information
The /var/opt/novell/log/iprintauth/iprint-auth.log will show a high number of deleted users within a sync:
2020-09-01 07:31:13 INFO LdapSyncResults:283 - ===========LDAP SYNC SUMMARY===========
2020-09-01 07:31:13 INFO LdapSyncResults:286 - Sync status: SUCCESS
2020-09-01 07:31:13 INFO LdapSyncResults:291 - Ldap Sync Start time: Tue Sep 01 07:30:00 CEST 2020
2020-09-01 07:31:13 INFO LdapSyncResults:292 - Ldap Sync End time: Tue Sep 01 07:31:13 CEST 2020
2020-09-01 07:31:13 INFO LdapSyncResults:302 - Total sync duration: 0:1:13
2020-09-01 07:31:13 INFO LdapSyncResults:304 - Number of users added: 0
2020-09-01 07:31:13 INFO LdapSyncResults:305 - Number of users modified: 15
2020-09-01 07:31:13 INFO LdapSyncResults:306 - Number of users deleted: 2200
2020-09-01 07:31:13 INFO LdapSyncResults:309 - Number of groups added: 0
2020-09-01 07:31:13 INFO LdapSyncResults:310 - Number of groups modified: 0
2020-09-01 07:31:13 INFO LdapSyncResults:311 - Number of groups deleted: 0
2020-09-01 07:45:00 INFO LdapSyncService:114 - STARTING auth-sync