Cybersecurity
DevOps Cloud
IT Operations Cloud
We were enabling our users to access iPrint from the outside (requires a firewall filter, but doable). However, we wanted to "Secure" access to the WEB page. Opened a SR with Novell since I couldn't find any TID on this issue. After working with the Tech I was able to accomplish this. This is how we did it.
Firewall Filter:
Current BM Filters ServerID Source Interface Source Address Protocol Destination Port
Source Port ackFilt stFilt Destination Interface Destination Address Comments
1 PUBLIC TCP 631 0 1 PRIVATE XXX.XXX.XXX.XXX To allow iPrint services
ConsoleOne Settings:
Properties of LDAP Server - IPrintServerName - SSL/TLS Configuration Tab -Uncheck the
"Require TLS for all Operations".
- Restrictions - Bind Restrictions is set
to "None" and all "Limit" and "Timeout" options are set to "0".
Server Apache2 Settings:
Edit the \\ServerName\sys\Apache2\iprint\ipp.conf file and make the following changes. (Search for the "IfModule mod_ipp.c" section and edit.)
************************************************************
# Changed this to require login
# this is the default config for secure printing
<IfModule mod_ipp.c>
<Location /ipp>
#Require valid-user
Order allow,deny
#Allow from all
#Type in the IP Segment for your Environment
Allow from XXX.XXX
Require valid-user
Satisfy Any
AuthType Basic
AuthName "Tree_Name"
AuthLDAPURL "ldaps://localhost:636/???(objectClass=user)"
AuthLDAPRemoteUserIsDN on
<IfModule mod_auth_ldap.c>
AuthLDAPEnabled ON
</IfModule>
AuthLDAPDNAuthoritative On
AuthLDAPAllowDNAuth On
</Location>
<Location /ipps>
Require valid-user
Order allow,deny
#Type in the IP Segment for your Environment
Allow from XXX.XXX
Require valid-user
#Satisfy Any
AuthType Basic
AuthName "Tree_Name"
AuthLDAPURL "ldaps://localhost:636/???(objectClass=user)"
AuthLDAPRemoteUserIsDN on
<IfModule mod_auth_ldap.c>
AuthLDAPEnabled ON
#Off
</IfModule>
AuthLDAPDNAuthoritative On
AuthLDAPAllowDNAuth On
</Location>
</IfModule>
*************************************************************
Stop and restart your Apache services. I used two NCFs to stop and then start Apache.
AP2WEBDN.NCF
***********************
# Shutdown for Apache Web Server for Netware
unload address space = os apache2
***********************
AP2WEBUP.NCF
***********************
# Startup for Apache Web Server for Netware
# This is called from autoexec.ncf
# Make sure that httpstk isn't listening on 80
httpcloseport 80 /silent
load apache2 -E sys:\apache2\logs\startup.err
************************
Now users who access our iPrint WEB Page from outside of our Network are prompted to log into NetWare via LDAP to access the page:
https://XXX.XXX.XXX.XXX/ipps
They would use their NetWare login name and their NetWare password.
NetWare 6.5 SP 5 and Apache2