Since We Last Saw Each Other ….
After a long hiatus, I am back to conclude this series with the remaining articles over the next few weeks. Since we last met, OES 2018 has been released and, as expected, it contains even more functionality in the “iPrint for OES” offshoot. We will not cover that here as what we need to note was covered in Part V.
However, OES 2018 does bring one challenge with it. As of this writing, OES 2018 does not ship with the PHP extensions as those are part of the SLES 12 Web Add-On, which is not (yet) available as an OES channel. The printer lists code depend upon the PHP LDAP extension. Fortunately, getting what you need is not especially hard. You must first enable the SLES SDK Add-On (which OES does support) and then make sure that the Apache, libldap, php, and php-dev packages are installed.
From that point, one needs to download the source code for the exact version of PHP currently installed on OES. The version can be found by running “php -v” from a Terminal window. The official PHP website has a downloads page with every version. Once the source code is downloaded and uncompressed into a new folder, use the Terminal to navigate to the ext/ldap directory under that folder. From there, run the following commands to compile and install the LDAP module:
phpize ./configure --with-libdir=lib64 make make install rcapache2 restart
You should now have PHP with LDAP support installed and enabled, which is all the printer lists need.
For OES 2015 and below, the relevant packages (Apache, PHP, and PHP-LDAP) are already available from YaST.
Installing The Printer List PHP Files
We assume that, if you have gotten to this point, you already have an OES iPrint system, a printer list in eDirectory, and a webserver running PHP with the LDAP extension. Those requirements are given in more detail in the previous parts to this series. You may also optionally enable SSL on LDAP, iPrint, or Apache. SSL-enablement of these services is a separate topic that we will not be covering in these articles. If you want to use TLS for LDAP then some PHP code adjustment may be required.
This article includes two files: iprint.css and iprint_lists.php . These are all that you need to set up your printer lists website, although we will also show some ways of getting a bit fancier as we go on. The iprint.css file contains very plain CSS – there are no custom divs or classes. It is simply there to control the styling of the printer list page. You may alter it to fit your aesthetic tastes, and all your printer list pages may use the same iprint.css if you so desire.
The iprint_lists.php file is the meat of the printer list functionality. This file contains all the configuration and logic for displaying our lists on a webpage. To create multiple pages to display different lists, all you have to do is make a copy of this file under a different name and change the configuration settings within the copy. For users to access the printer lists, all they need to do is access the file on the web server with a web browser once you have saved the configuration.
In Part V we discussed the different modes that the lists page can use: printerlist , objectstatic , objectdynamic, userauth . The last two options require another simple webpage to be created for the user to send information to the PHP page. We will deal with these scenarios below, but for the first two options the php page is sufficient by itself.
Editing the configuration is accomplished by editing the iprint_lists.php file with your text editor of choice and then saving your changes.
Within the printer_lists.php file, there is a section clearly marked “ADMINISTRATOR CHANGE SECTION”, which is just what is says it is. It contains the following PHP variables that should be customized for your environment. If you need help understanding PHP variables, please consult the PHP documentation . Most of the following should be familiar to anyone who has worked with LDAP configurations previously.
- $eDirectoryProxyUser – The LDAP DN of an eDirectory user with read rights to the tree. Will be used to log into the tree to read printer lists, printers, users, groups, containers, and other objects as needed.
- $eDirectoryProxyPassword – Password for the $eDirectoryProxyUser .
- $eDirectoryServer – DNS name or IP of an eDirectory server running LDAP that will be used to read eDirectory info.
- $managerServer – DNS name or IP address of the server running an iPrint Manager and Apache web server such that the usual “/ipp” printer installation page is working. Can be the same as $eDirectoryServer above.
- $eDirectoryLdapSSL – Whether SSL is enabled for LDAP (can be true or false).
- $managerServerSSL – Whether SSL is enabled for the Apache web server on the print manager (can be true or false).
- $eDirectoryLdapPort – LDAP Port (Usually 389 for clear or 636 for SSL)
- $eDirectoryTimeout – Number of seconds to try to connect to an eDirectory server before giving up. */
- $eDirectorySearchRoot – DN for the LDAP search root. This will not be used for all modes, but it is used enough that you should probably set it.
- $operationMode – This is the variable that determines how the printer list will behave. All the variables below it depend upon the mode. Possible values are printerlist , objectstatic , objectdynamic, and userauth . For descriptions, please see Part V.
- $printerlistOptionArray – Only used if the mode is “printerlist”. This variable is actually in the form of a PHP array so that multiple printer lists can be displayed on the page. Even if only one printer list is to be displayed, it should still be in PHP array format. The format is:
array("cn=firstlist1,ou=container,o=organization" , "cn=firstlist2,ou=container,o=organization");
although if only one list is in the array, the comma after the closing quote is not necessary and the format would be similar to:
- $objectOptionDN – Only used if the mode is “objectstatic”. This is the DN of a user, group, or container (OU) object in eDirectory. The page will print all the printer lists for which this object is a member.
- $followInheritance – Can be true or false. If this value is true, then user objects will have their groups and context chain (OUs and O) checked to see if any of those objects are in a printer list. If so, these printer lists will also be generated on this page. For groups and OUs only the context chain will be added. Duplicate lists will be filtered out. If the option is set to false, then only the original object will be checked for printer list membership.
- $debugLevel – Value is 1–3. If 1, no logging on the page. If 2, logging is turned on to the degree that users can report errors to technical support. If 3, lots of technical information will be printed when the page loads to help technical support diagnose issues. Level 3 should not be used in production.
Once all of these variables have been filled (or not filled) appropriately and the printer_lists.php file saved, configuration should be complete and users may access printer lists through their web browser. If there are problems, try setting the debug level to 3 and reading through the errors for guidance. The php file is extensively commented and should also give some clues as to any issues that you may encounter.
Setting Up Pages for Use With Objectdynamic and Userauth Modes
There are a couple of cases where we might want to show printer lists based on some dynamic information. One such case is the objectdynamic mode where we are given an object and then find all the printer lists that it is a member of. Where does that object come from? It is actually sent to the php page by a simple web form. The details of the page holding the form do not matter so long as it sends a form post to the php page with an element named “edirobject” that contains a string representing the DN of the object.
Here is a basic example of one such page:
<!DOCTYPE HTML> <!-- TTP iPrint Printer Lists ObjectDynamic Form Example. --> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <html> <head> <link rel="stylesheet" type="text/css" media="screen" href="iprint.css" /> <title>Object Dynamic Printer Lists Example</title> </head> <body> <p>Pick something you belong to:</p> <form action="iprint_lists.php" method="post" name="objectdynamic_form"> <select name="edirobject"> <option value="o=ttp">Tree Root</option> <option value="cn=emirman,ou=manchester,o=ttp">User Eugene Mirman</option> <option value="cn=studentgroup,ou=manchester,o=ttp">Student Group</option> </select> <input type="submit" value="Get Printer Lists"> </form> </body> </html>
This page would show a drop-down allowing the user to select one of several objects. When the user clicked “Submit” they would be redirected to the printer lists page and see a list of all the printer lists associated with that object.
Another case where we display lists based on dynamic information is the userauth mode. In this case a user will log into LDAP and then will receive a list of printer lists associated with them. If the $followInheritance variable is false, it will only show lists directly shared with the user. If the $followInheritance is true, it will show lists associated with the user, the user’s groups, and the user’s OU.
The code for a page to send this information is also fairly simple as all we really need to do is pass the username and password along in a form, which is perhaps the oldest usage of forms on the web. The elements should have the obvious names “username” and “password” respectively when posted to the php page. Here is the code for a basic userauth form.
<!DOCTYPE HTML> <!-- TTP iPrint Printer Lists ObjectDynamic Form Example. --> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <html> <head> <link rel="stylesheet" type="text/css" media="screen" href="iprint.css" /> <title>User Authentication Printer Lists Example</title> </head> <body> <p>Please log in to get your printers:</p> <form action="iprint_lists.php" method="post" name="userauth_form"> Username<br /> <input type="text" size="40" maxlength="100" id="username" name="username" placeholder="username" /><br /> Password<br /> <input type="password" size="40" maxlength="100" id="password" name="password" /><br /> <input type="submit" value="Get Printer Lists"> </form> </body> </html>
With the steps (and files) in this article and the preparations in the previous parts, you will now have a fully working TTP iPrint Printer Lists setup. In subsequent articles we will explain the code and show a couple of other tools that can be built on top of this work.