Article

(View Disclaimer)

Problem:

We were enabling our users to access iPrint from the outside (requires a firewall filter, but doable). However, we wanted to "Secure" access to the WEB page. Opened a SR with Novell since I couldn't find any TID on this issue. After working with the Tech I was able to accomplish this. This is how we did it.

Solution:

Firewall Filter:

Current BM Filters ServerID Source Interface Source Address Protocol Destination Port 
Source Port ackFilt stFilt Destination Interface Destination Address Comments 
1 PUBLIC  TCP 631  0 1 PRIVATE XXX.XXX.XXX.XXX To allow iPrint services

ConsoleOne Settings:

Properties of LDAP Server - IPrintServerName - SSL/TLS Configuration Tab -Uncheck the 
"Require TLS for all Operations".
                                             - Restrictions - Bind Restrictions is set
to "None" and all "Limit" and "Timeout" options are set to "0". 

Server Apache2 Settings:

Edit the \\ServerName\sys\Apache2\iprint\ipp.conf file and make the following changes. (Search for the "IfModule mod_ipp.c" section and edit.)

************************************************************
# Changed this to require login
# this is the default config for secure printing
<IfModule mod_ipp.c>
   <Location /ipp>
     #Require valid-user
     Order allow,deny
     #Allow from all
      #Type in the IP Segment for your Environment
     Allow from XXX.XXX
     Require valid-user
     Satisfy Any
     AuthType Basic
     AuthName "Tree_Name"
     AuthLDAPURL "ldaps://localhost:636/???(objectClass=user)"
     AuthLDAPRemoteUserIsDN on
     <IfModule mod_auth_ldap.c>
        AuthLDAPEnabled ON
     </IfModule>
     AuthLDAPDNAuthoritative On
     AuthLDAPAllowDNAuth On
   </Location>

   <Location /ipps>
      Require valid-user
      Order allow,deny
      #Type in the IP Segment for your Environment
      Allow from XXX.XXX 
      Require valid-user
      #Satisfy Any
      AuthType Basic
      AuthName "Tree_Name"
      AuthLDAPURL "ldaps://localhost:636/???(objectClass=user)"
      AuthLDAPRemoteUserIsDN on
      <IfModule mod_auth_ldap.c>
         AuthLDAPEnabled ON
  #Off
      </IfModule>
      AuthLDAPDNAuthoritative On
      AuthLDAPAllowDNAuth On
   </Location>
</IfModule>
*************************************************************

Stop and restart your Apache services. I used two NCFs to stop and then start Apache.

AP2WEBDN.NCF
***********************
# Shutdown for Apache Web Server for Netware

unload address space = os apache2
***********************

AP2WEBUP.NCF
***********************
# Startup for Apache Web Server for Netware
# This is called from autoexec.ncf

# Make sure that httpstk isn't listening on 80
httpcloseport 80 /silent

load apache2 -E sys:\apache2\logs\startup.err
************************

Now users who access our iPrint WEB Page from outside of our Network are prompted to log into NetWare via LDAP to access the page:

https://XXX.XXX.XXX.XXX/ipps 

They would use their NetWare login name and their NetWare password.

Environment:

NetWare 6.5 SP 5 and Apache2

Disclaimer: As with everything else at Cool Solutions, this content is definitely not supported by Novell (so don't even think of calling Support if you try something and it blows up).

It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.