"Access Denied" printing to SSL iPrint printer

  • 7024805
  • 07-Sep-2020
  • 13-Jan-2021

Environment

Micro Focus iPrint Appliance 4.x

Situation

When using SSL printers, ACL's are assigned to the iPrint printer to control which users/groups/containers can use that printer.
 
In this case, an Access Denied message is presented to the end users.  Viewing the iPrint printer's ACL shows that the users and groups are no longer listed (they used to be listed).

Resolution

Fix on iPrint Appliance 4.1 Patch 2 ( Appliance version 4.1.2)

Cause

If there are network connectivity issues during the user LDAP synchronization with the source LDAP server, the source LDAP server does not properly reply or the local eDir does not load the records properly. The LDAP sync process will mark these users/groups as non-existence in source LDAP server and process to remove them.  Also, the users and groups will be removed the printer ACLs.

Minutes later, when the LDAP sync process completes with no errors, users/groups will be re-imported into the appliance. But, those re-imported users will have already been removed from the printer ACLs and will not be auto re-added. The end result is that the users will not have access to the printers.

Additional Information

The /var/opt/novell/log/iprintauth/iprint-auth.log will show a high number of deleted users within a sync:

2020-09-01 07:31:13 INFO  LdapSyncResults:283 - ===========LDAP SYNC SUMMARY===========
2020-09-01 07:31:13 INFO  LdapSyncResults:286 - Sync status: SUCCESS
2020-09-01 07:31:13 INFO  LdapSyncResults:291 - Ldap Sync Start time: Tue Sep 01 07:30:00 CEST 2020
2020-09-01 07:31:13 INFO  LdapSyncResults:292 - Ldap Sync End time: Tue Sep 01 07:31:13 CEST 2020
2020-09-01 07:31:13 INFO  LdapSyncResults:302 - Total sync duration: 0:1:13
2020-09-01 07:31:13 INFO  LdapSyncResults:304 - Number of users added: 0
2020-09-01 07:31:13 INFO  LdapSyncResults:305 - Number of users modified: 15
2020-09-01 07:31:13 INFO  LdapSyncResults:306 - Number of users deleted: 2200
2020-09-01 07:31:13 INFO  LdapSyncResults:309 - Number of groups added: 0
2020-09-01 07:31:13 INFO  LdapSyncResults:310 - Number of groups modified: 0
2020-09-01 07:31:13 INFO  LdapSyncResults:311 - Number of groups deleted: 0
2020-09-01 07:45:00 INFO  LdapSyncService:114 - STARTING auth-sync