The iPrint Appliance Configuration page displays the following options:
On the Mobile configuration page, you can configure Email printing, Printer Defaults, and Renderer Options.
iPrint Appliance can be configured to accept print jobs through email messages and attachments. When configured for email printing, iPrint Appliance becomes a client to an email server. Email account inbox(es) are polled for incoming print jobs, which are routed to the intended printer. Email accounts must be created and functional prior to their association with Novell iPrint Appliance.
Enable email-based printing: Select this option to enable email printing. A global email address can be assigned for all printers. The global email address feature requires access to an email account such as GroupWise, Exchange, Lotus Notes, or Gmail.
The following fields are used by iPrint Appliance to describe and access the global email account:
Email address: Specify the full email address for global print jobs. iPrint Appliance polls the inbox of this email address looking for print jobs. When an email-based job arrives, the subject line is parsed to determine the printer to which the job is sent. For example, print@example.com.
Account Username: Specify the user name for iPrint Appliance to log in to the email server to access the global email account. For example, iprint.
Account Password: Specify the password for iPrint Appliance to log in to the email server to access the global email account.
Re-type Password: Confirm the account password.
Incoming Mail Server: Specify the address of the incoming mail server for the email account. For example, imap.example.com.
Incoming Server Type: iPrint Appliance supports POP and IMAP protocols to poll for incoming print jobs. Select POP or IMAP depending on the protocol that your email server supports.
Outgoing (SMTP) Mail Server: Specify the address of the outgoing mail server for the email account. For example, smtp.example.com. iPrint Appliance uses the SMTP protocol to send email back to users who submit email-based print jobs to report their job status. In order to support iPrint Appliance, the email server you select must support the SMTP protocol.
Enable Mail-body Printing: With email-based printing, attachments are always printed. This option allows the email message body to also be printed. It is enabled by default.
Polling Interval: Configures the interval (in milliseconds) at which emails are fetched from mail servers.
NOTE:Each instance of iPrint Mobile service must be configured with a unique email address, which cannot be shared with other instances of mobile service. Similarly, an email address used for a particular printer (per printer email configuration) cannot be shared for any other printer or mobile service.
Printer features managed by iPrint Appliance can be enabled and disabled. The fields in this section are the default values for newly added printers. As each printer is added, these values can be modified.
Paper Size: Select
or .Orientation: Select between
or printing orientation.Enable Duplex Printing: Duplex printing allows automatic printing of a sheet of paper on both sides. Print devices without this capability can only print on a single side of paper (simplex printing).
Enable Color Printing: Color (or Colour) printing prints the documents in color, as opposed to monochrome (black and white) printing.
Print jobs arrive from iPrint clients in a variety of file formats. By default, these files are rendered to a format that can be printed (by the target printer) using the server renderer. However, there are several file formats that are not perfectly rendered by the server renderer. For more precise rendering, you must install and configure one or more remote renderers on a Windows 64-bit machine.
External renderers connect to iPrint Appliance and poll the un-rendered print jobs queue for files that the external renderer can more expertly render. The rendered jobs are then returned to iPrint Appliance for printing.
For the external renderer to connect to iPrint Appliance, an Authentication Key is required. If the external renderer's Authentication Key matches the Authentication Key specified in this field, the external renderer is granted access to poll the un-rendered print jobs.
The Authentication Key can be a combination of a string of characters. The key is used to authorize an external document renderer with iPrint Appliance.
Starting with iPrint Appliance 1.1, you can change the Drive Store post the initial configuration. The Driver Store Configuration page contains the following options:
Enable local driver store: Select this option to use the Driver Store located on the local machine
Enable remote driver store: Select this option to change the location of the Remote Driver Store. Specify the
, Username, and the of the new Remote Driver Store, then click .The Printers page lists all printers currently managed by iPrint Appliance (created using iManager). You can enable a printer for AirPrint, Email printing, and IPP printing. Select a printer, click the
or drop-down menu, then click .You can also assign a specific email address to each printer by clicking the
drop-down menu, then clicking . When configured for private email printing, iPrint Appliance becomes a client to an email server. You must provide the following information to enable a private email address for the printer:
Account |
|
Server |
|
NOTE:An email address used for a particular printer (per-printer email configuration) cannot be shared for any other printer or mobile service.
IMPORTANT:If you configure a printer for private email printing and then disable the printer for Mobile printing, the private email configuration settings are deleted. If you want to enable private email printing in future, you must specify the information manually.
You can rename a printer from the Printers page. Select a printer you want to rename, click the
menu, then click .To refresh the printers list, click the
button in the upper right of the Available Printers window.You can bulk import printers into iPrint Appliance through a csv file. You must create a csv file, then import the csv file into iPrint Appliance by clicking the
button in the upper-right corner of the window.The csv file must contain the following fields:
#PrinterName, PrinterIP, Location, Description, Win95_98_Driver, Winnt_Driver, Win2k_Driver, Winxp_Driver, Linux_Driver, Mac_Driver, Vista32_Driver, Vista64_Driver, Win732_Driver, Win764_Driver, Win832_Driver, Win864_Driver, Enable DirectPrinting, Secure Printing, Enable Auditing, LPR/RAW, Raw Port.
For secure printing, auditing and direct printing, the fields must be populated with the options Yes or No.
The Renderers page allows you to download the remote renderer. The page also displays all document renderers registered with iPrint Appliance, and allows you to add, delete, and activate/deactivate a renderer.
The Services page displays the system services that are required for iPrint Appliance. To enable or disable a service, select a service on the page, click the
drop-down menu, then click , , or .You can set the
of the services to Automatic or Manual by clicking the drop-down menu, then clicking or .To refresh the information on the page, click
.The Export Configuration page allows you to create a backup of the iPrint Appliance configuration. The configuration information is exported to the iprintconfig.zip file. This file can be used when upgrading iPrint Appliance or installing a new copy.
NOTE:Log files are not backed up when exporting the configuration file. If you want to back up files and folders that are not backed up by default, you must add the path of those files manually into the additionalBackupList file located at /etc/opt/novell/iprintmobile/conf/additionalBackupList/.
On iPrint Appliance 1.0, the permissions for files/directories added to the additionalBackupList file are not retained during backup. You must manually assign the owners and permissions for these files and directories on the target machine after upgrade.
To export the configuration, provide the
, then click . When upgrading to a new iPrint Appliance, you must use the eDirectory administrator password. The eDirectory administrator is usually the admin user cn=admin,o=iPrintappliance.Any configuration change in iPrint Appliance takes at least 20 minutes to get updated to the configuration file. If you export the iPrint Appliance configuration file within 20 minutes of modifying the configuration settings, and then import the configuration file into another copy of iPrint Appliance, the changes are not captured. In this case, you might not be able to view the updated information in the iPrint Appliance. We recommend that you wait at least 20 minutes after the last configuration change before you export the configuration file.
For information on upgrading iPrint Appliance, see Section 5.1.2, Upgrade.
To create an iPrint Appliance user account, you can synchronize initial user information from your network directory service (NetIQ eDirectory or Microsoft Active Directory service) after you have installed the iPrint Appliance software. Over time, you can continue to synchronize user information from the LDAP directory to your iPrint Appliance.
When you synchronize user information into iPrint Appliance from a source LDAP directory service, the entire Base DN on the source is imported into iPrint Appliance. For example, if you sync the context o=users from an LDAP source, the same o=users context is created in iPrint Appliance.
IMPORTANT:
iPrint Appliance performs one-way synchronization from the LDAP directory. If you change user information in iPrint Appliance, the changes are not synchronized back to your LDAP directory. It is recommended that you do not change synced LDAP user information on iPrint Appliance.
iPrint Appliance does not support multi-value attributes. If your LDAP directory contains multi-value attributes, iPrint Appliance recognizes only the first attribute. For example, if your LDAP directory contains multiple email addresses for a given user, only the first email address is synchronized to iPrint Appliance.
LDAP import does not sync user passwords to iPrint Appliance. Authentication requests from the mobile app are redirected to the defined LDAP source. If a user password is changed on the LDAP source, you do not need to update the same password on iPrint Appliance.
The LDAP source IP or DNS name must be always active for iPrint Appliance to authenticate users.
You can configure multiple LDAP connections. To create a new LDAP connection, click
on the LDAP Import page.For information on importing certificates into iPrint Appliance when using LDAP, see the knowledge base article: How to enable SSL to Teaming LDAP Synchronization and Authentication.
Each connection requires the following configuration information:
In order to synchronize initial user information, iPrint Appliance must access an LDAP server where your directory service is running. You must provide the hostname of the server, using a URL with the following format:
ldap://hostname
If the LDAP server requires a secure SSL connection, use the following format:
ldaps://hostname
If the LDAP server is configured with a default port number (389 for non-secure connections or 636 for secure SSL connections), the port number is not required in the URL. If the LDAP server uses a different port number, use the following format for the LDAP URL:
ldap://hostname:port_number ldaps://hostname:port_number
If the LDAP server requires a secure SSL connection, additional setup is required. You must import the root certificate for your LDAP directory into the Java KeyStore (JVM Certificates) from
on the iPrint server, before you configure iPrint Appliance for LDAP synchronization.To sync users into iPrint Appliance, you must provide the user name and password of a user who has sufficient rights to access the user information on the LDAP server.
In your LDAP directory tree, you must provide the fully qualified, comma-delimited user name, along with its context, in the format expected by your directory service.
Directory Service |
Format for the User Name |
---|---|
eDirectory |
cn=username,ou=organizational_unit,o=organization |
Active Directory |
cn=username,cn=organizational_unit,dc=domain_component |
The LDAP attribute that uniquely identifies a user or group helps facilitate renaming and moving iPrint users and groups in the LDAP directory. If this attribute is not set and you rename or move a user in the LDAP source directory, iPrint Appliance assumes that the new name (or the new location of the same name) represents a new user rather than a modified user, and creates a new iPrint Appliance user.
For example, you have an iPrint user with a given name of William Jones. If William changes his name to Bill and you make that change in the LDAP directory, iPrint Appliance creates a new user named Bill Jones.
To ensure that iPrint Appliance modifies the existing user instead of creating a new user when the user is renamed or moved in the LDAP directory, you must specify the name of the LDAP attribute that uniquely identifies the user. For eDirectory, this value is GUID. For Active Directory, this value is objectGUID. This attribute always has a unique value that does not change when you rename or move a user in the LDAP directory. If you want to map users to a different attribute, you must ensure that the attribute that you use is a binary attribute. For example, the cn attribute cannot be used because it is not a binary attribute.
The setting
is used for two purposes:The value is used as the iPrint Appliance user name when the user is first provisioned from LDAP. The value of this attribute must be unique.
During iPrint Appliance login, iPrint Appliance uses this attribute to locate the user in the LDAP directory, and then tries to authenticate as that user.
LDAP directories differ in the LDAP attribute used to identify a User object. Both eDirectory and Active Directory might use the cn (common name) attribute. A more sure alternative for Active Directory is to use the sAMAccountName attribute. Other LDAP directories might use the uid (unique ID) attribute, depending on the structure and configuration of the directory tree.
Consult with your directory administrator in order to determine the best attribute to use. In some cases where not all users are being imported successfully, you must set up two LDAP sources pointing to the same LDAP server and have each source use a different value for the cn as the , and then set up a separate source to the same LDAP server and use sAMAccountName as the .
. For example, set up one LDAP source and useIn addition to the attributes already mentioned in this section, other LDAP attributes can be used for the mail LDAP attribute on User objects can be used to enable iPrint Appliance users to log in by using their email addresses.
, as long as the attribute is unique for each User object. For example, theiPrint Appliance can find and synchronize initial user information from User objects located in one or more containers in the LDAP directory tree. A container under which User objects are located is called a base DN (distinguished name). The format you use to specify a base DN depends on your directory service.
Directory Service |
Format for the User Container |
---|---|
eDirectory |
ou=organizational_unit,o=organization |
Active Directory |
cn=organizational_unit,dc=domain_component |
To identify potential iPrint users, iPrint Appliance by default filters on the following LDAP directory object attributes:
Person
orgPerson
inetOrgPerson
If you want to create iPrint groups based on information in your LDAP directory, iPrint Appliance filters on the following LDAP directory object attributes:
group
groupOfNames
groupOfUniqueNames
You can add attributes to the user or group filter list if necessary. You can use the following operators in the filter:
| OR (the default)
& AND
! NOT
You can choose whether you want iPrint Appliance to search for users (and optionally, groups) in containers below the base DN (that is, in subtrees).
You can create a group that consists of all the users that you want to set up in iPrint Appliance, regardless of where they are located in your LDAP directory. After you create the group, you can use the following filter to search for User objects that have the specified group membership attribute:
(groupMembership=cn=group_name,ou=organizational_unit,o=organization)
IMPORTANT:Ensure that you include parentheses in your filter.
Synchronization options apply to all LDAP configurations.
You can perform LDAP synchronization every day, or on specific days of the week. You can also perform a sync once a day at a specified time, or multiple times each day. The smallest time interval you can set is .25 hours (every 15 minutes).
To synchronize users and groups immediately, select
.NOTE:If you want to delete users that are synced from a particular LDAP source, you must delete the LDAP source connection then run an LDAP sync. When you delete an LDAP source, the users and groups from that context are deleted while the context itself is retained.
For information on iPrint Appliance Licensing, see Section 12.0, iPrint Appliance License Information.
On the License page, you can view the usage details of iPrint Appliance. The Usage Information box below the Current License Information box provides information about the number of printers configured, the number of mobile enabled printers, and the number of mobile print users in the last 180 days.