Migration of iPrint services from NetWare to OES Linux
Novell Cool Solutions: Feature
By David Krotil
Digg This -
Posted: 11 Jan 2007
Migrate iPrint services from NetWare 6.5 to OES Linux in the same tree, to the same container, to the same DNS name.
NetWare NDPS Manager bound to DNS name printing.domain.com, with several printer agents in container OU=PRINTING.O=ORG
Versions of NDPS / iPrint components:
NetWare 6.5 SP5 , NDPSM 3.01t
OES Linux SP2, novell-iprint-server-5.1.20061109-3
Windows XP SP 2 with iPrint client 4.26
- Server Consolidation Migration Toolkit 1.1
- ConsoleOne 1.3.6e
- iManager 2.5 with iPrint plugin 22.214.171.12460626 on OES Linux server
On OES Linux, create Drivers Store ( needed for iPrint Printer Manager ) with iManager ( Linux ), create OU=TEMP under OU=PRINTING.O=ORG. This temporary placeholder for Printer Manager is needed when we want to migrate iPrint services to the same container, but there can be only one eDirectory object representing Printer Agent ( PA ).
I would like to share my experience with a problem I faced on OES Linux with iManager and iPrint services. These are tightly bounded to Apache. When you use a DNS name, you need to create a security certificate with this iPrint service DNS name.
In this temporary container you have to place new Printer Manager and use the IP of your OES Linux server.
With help of the Server Consolidation Utility 4.11 (NetWare to OES) migrate all PA's from NetWare NDPSM agent to the temporary iPrint Printer Manager on the OES Linux server. It is good practice not to migrate all PA's at once, but split migration process into smaller groups. In my case, when I migrated all agents at once, I got a "An untrapped error occurred in ApplyProcessedXmlFile(). Caught by exception handler in ApplyProcessedXMLThread." error.
Now review the success and error log of SCU utility. I have two problems with the migration process. Errors in migrating setting and errors in migrating drivers. In both cases it helped deleting problem PA and migrating one more time.
After a successful migration of all PA's to the OES Linux Printer Manager we need to delete all source PA's on NetWare NDPSM. With this operation, we make place for moving PA's from our temporary placeholder ( OU=TEMP,OU=PRINTING,O=ORG ).
After successfully removing of all PA's from NDPSM on the NetWare server we have to unload both NDPS Manager and Broker. Comment it out from AUTOEXEC.NCF and del(ete) the secondary ip address which represented the DNS name printing.domain.com.
Now, we add the secondary IP address from above to the OES Linux server via YAST > Network devices > Network Card, under Already configured devices we choose Change, then Edit on Network Card to which will be bounded to the secondary IP address. Under Detailed settings we choose Advanced > Virtual Aliases > Add.
Stop iPrint Printer Manager on the OES Linux server with:
Move the iPrint Printer Manager object and all PA's objects with ConsoleOne to source OU=PRINTING.O=ORG.
While we are binding iPrint Printer Manager to the DNS printing.domain.com name, we need to change Apache config. We create a virtual host with the help of the config file /etc/apache2/vhosts.d/vhost-ssl.conf which can be used as a template.
Another problem that is bound to SSL and Apache on OES Linux platform for NetWare administrators is, that we need to create SSL certificate files because we can't use eDir for retrieving SSL certificates for Apache.
For Linux newbies I'm attaching a short manual for creating SSL certificates:
On terminal prompt:
cd /tmp/ mkdir ssl cd ssl openssl genrsa -out server.key 1024 openssl req -new -key server.key -out server.csr
While creating a certificate request, the last entry should be a Common Name, in our case printing. In ConsoleOne, Issue Certificate and save certificate in DER format.
openssl x509 -inform DER -in server.der -out server.crt -outform PEM
This way we convert from DER to PEM format our issued certificate.
openssl x509 -inform DER -in rootcert.der -out rootcert.crt -outform PEM
This way we convert Root Certificate rootcert.der from the NetWare server to PEM format.
On the temporary copy of the server certificate we can create a CA bundle which is useful when we want our Apache server not to display security warning, that the company which issued this certificate we don't trust.
cp server.crt server2.crt
cat rootcert.crt >p>p server2.crt
ren server2.crt ca-bundle.crt
These certificates need to be placed in the /etc/apache2/ssl... folders. The right folder placement is self explained. Certificates will need to be renamed when there is a name conflict.
After restarting Apache with the terminal command rcapache2 restart we are now ready for the next step.
Now we edit the eDir object representing iPrint Printer Manager which we moved from the temporary placeholder in the previous step.
Change the attribute:
Network Address ( to IP address representing printing.domain.com ) iPrintManagerDBPath ( /var/opt/novell/iprint/iPrintManager.TEMP.PRINTING.ORG.psm to /var/opt/novell/iprint/iPrintManager.PRINTING.ORG.psm ) iPrintManagerIPURI (https://192.168.1.1/ipps/iPrintManager.TEMP.PRINTING.ORG to https://printing.domain.com/ipps/iPrintManager.PRINTING.ORG )
Then rename folder
/var/opt/novell/iprint/iPrintManager.TEMP.PRINTING.ORG.psm to /var/opt/novell/iprint/iPrintManager.PRINTING.ORG.psm.
/etc/opt/novell/iprint/conf/iPrintManager.TEMP.PRINTING.ORG.ipsmd.conf to iPrintManager.PRINTING.ORG.ipsmd.conf , in same folder should be symlink for this file ipsmd.conf.
Then modify the above file /etc/opt/novell/iprint/conf/ iPrintManager.PRINTING.ORG.ipsmd.conf
DSServer1 server.domain.com PSMObjectDN CN=iPrintManager,OU=TEMP,OU=PRINTING,O=ORG PSMObjectPasswd xxxxxxxxxxxxxxxxxxxxx PSMHostAddress 192.168.1.1
DSServer1 server.domain.com PSMObjectDN CN=iPrintManager,OU=PRINTING,O=ORG PSMObjectPasswd xxxxxxxxxxxxxxxxxxxxx PSMHostAddress printing.domain.com
Start iPrint Printer Manager with:
In iManager, we should be at the end of the review if the previous operations were successfull.
When all previous operations where successful we migrated iPrint services from NetWare to OES Linux without any changes needed to be done on the users workstations. This is good start of a painless move from NetWare to OES Linux.
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com