[cups.general] Require group directives not working

[Michael Sweet]

On May 5, 2011, at 12:51 PM, Logan Anteau wrote:
> I work for college computing for the College of Engineering at our University and I'm trying to migrate our printing server from the Solaris print server to CUPS. I want to use the CUPS web interface, and require authentication to use it. The problem is all of our users are not local users, they are LDAP users.
> 
> I tried to use a Require user @mygroup or Require group mygroup for the /admin location. My user is part of "mygroup" yet I get a 403 Forbidden error when I authenticate. I'm assuming this is because "mygroup" is an LDAP group, not a system group. However, what I find interesting is that 'Require user <myuser>" does work when I authenticate. So CUPS recognizes LDAP users but not LDAP groups?

First check your /etc/nsswitch.conf file to make sure that ldap is listed for the group: line.

Second check whether the named group is also a local group on the system; if so, there is a CUPS bug tracking this (currently not targeted for a release since we don't have a good fix). The workaround for this is to list ldap first for the groups, e.g.:

	group: ldap files

________________________________________________________________________
Michael Sweet, Senior Printing System Engineer, PWG Chair