Restricting browsable printers

[Heath Kehoe]

> I'm looking at using the cups printer browsing/directory service system
> to enable various branches of my organisation (on different subnets) to
> print to each other's invoice printers. I expect the topology to look a
> little like this:
>
>  - Each branch LAN will have client machines with printers and
>  a server with printers, and every cups server will know about
>  the local printers via broadcast on a 30 second interval. The
>  main server's cups instance will also relay any printer information
>  it recieves from the WAN.
>
>  - A central cups server will poll each of the branch servers for
>  information about their local printers, and will relay this
>  information to all the other branches.
>
> The problem with this model is that 100 branches with an average of four
> printers each will result in the central cups server sending
> out a half meg of browse data to each of a hundread servers, each over
> 256k pipes. Even if it polled and relayed once a night, it would still
> add up to a lot of traffic.
>
> I'd like to be able to configure each of the branch servers to only
> expose one printer to the central polling server, however it looks as
> though the browsing code is uninterested in using access control to
> printers as a means of deciding if some other server should see a given
> printer at all.
>
> Any ideas?
>

You could use SLP instead for CUPS browsing, assuming your network supports multicast traffic.  You'd have to run SLP daemons on each CUPS server.  OpenSLP works great for this, and it'll work with its default configuration (though you'll want to make at least one server a DA with "net.slp.isDA = true" in slp.conf.

-heath