Blank page or "The page cannot be displayed" when managing Linux iPrint objects.

  • 7001424
  • 05-Mar-2009
  • 02-Jul-2021

Environment

Novell iPrint for Linux

Situation

Symptoms within Firefox:
iPrint -> Manage Print Manager through iManager shows all the tabs, but a blank white page below the tabs.
 
iPrint -> Manage Print Manager through iManager  shows the following error:
Authorization Required
IPP Error: 0xF0191
HTTP Error: 401 

iPrint -> Manage Driver Store shows same symptoms, although the "Drivers" page loads without issue.  The buttons to upload drivers will not work because that feature does not work with Firefox.

Symptoms within Internet Explorer:
iPrint -> Manage Print Manager and Manage Driver Store through iManager shows all the tabs, but below the tab reads "The page cannot be displayed".  None of the tabs are accessible.

Resolution

Cause:
iPrint is unable to query LDAP.    This could be caused by a LDAP's inability to connect due to anonymous bind restrictions, inappropriate configuration of the iprint_ssl.conf, or a general failure in LDAP.  

Resolution #1 (if dissallow anonymous binds is set):
See the Resolution steps in TID 7025185


Resolution #2 (if dissallow anonymous binds is set):
Do not disallow anonymous binds by following steps:
iManager -> LDAP -> LDAP Options -> General -> Connections -> Bind Restrictions  -> change this value from "Disallow anonymous simple bind" to "None".  Click OK.

 
Resolution #3 (Inappropriate configuration of AuthLDAPDNURL)
Change the server name address in the AuthLDAPDNURL to match the certificate's 'subject' name.   Restart Apache for the change to take effect (rcapache2 restart).
 
See the Addtional Information section of this TID titled "How to determine if the AuthLDAPDNURL address matches the 'subject' name address" to see how to do this and to determine if this resolution is the correct step to take for your server's situation.

Resolution #4 (if a general failure in LDAP is suspected):
Change the AuthLDAPDNURL address within the /etc/opt/novell/iprint/httpd/conf/iprint_ssl.conf to a different LDAP server.  Restart Apache (rcapache2 restart).
 
After resolving this issue, you may see the symptom described in KB 7000757.

Additional Information

Bind Restrictions of None is the default configuration. 

OES 1 iPrint iManager administration allows for the Bind Restrictions to be set to None if the workaround documented in this Cool Solution is implemented.   If the Cool Solution is implemented, be sure to restart Apache after modifying the iprint_ssl.conf.  (rcapache2 restart)

This same workaround does not work with OES 2.
 
How to determine if the AuthLDAPDNURL address matches the 'subject' name address
  1. Note the address in the AuthLDAPDNURL line of the /etc/opt/novell/iprint/httpd/conf/iprint_ssl.conf .
    • For purposes of this document, this address will be known as AddressX.  If AddressX is a DNS name (not an IP address), continue with the investigative steps below.
  2. From the server which has assigned AddressX's name, execute this command:
    • echo -n | SSL_CERT=/no_dir openssl s_client -connect localhost:636 -CAfile /etc/opt/novell/certs/SSCert.pem -verify 255
      • From the output of the above command, note the server address which follows CN= in the following line:
        • subject=/O=MYTREENAME/CN=myservername.mydomain.com
          • For purposes of this document, this address will be known as AddressY
  3. If AddressX and AddressY are not equal, the symptom documented above is caused by using an innappropriate server name in the iprint_ssl.conf file.  The server name used for the AuthLDAPDNURL must match the name of the server assigned to a certificate.