On large complicated networks such as a university campus, the in-built user and group sync option might not meet user and group syncing requirements. Some operating environments use proprietary software system as the primary handler of authentication and user records. Such systems can include proprietary industry-specific ERP and workflow systems that entire companies centralize around and can be difficult to interface with because they do not support AD or LDAP integration. In these types of environements Papercut MF/NG can make use of a custom plugin.
This type of integration utilizes PaperCut’s support for custom user directory and authentication programs. More information on this can be found in the PaperCut help centre . For technical information on how to develop your own custom plugin please see the GitHub repository .
It’s also possible to manage shared accounts and internal users via the PaperCut MF/NG web services API as explained here .
PaperCut NG/MF hands off user, group, and user authentication tasks to a separate executable (program or process). The executable must accept a set of commands as command-line arguments and return the answer in a tab-delimited prescribed format on standard output.
For more information on the format, see Custom user directory information providers .
The source code for the standard PaperCut NG/MF-supplied User Directory Information Provider is also supplied as part of the installation, as a reference implementation. The source code is provided in ~/server/examples/providers/
.
We encourage organizations that want to build a custom User Directory Information Provider to contact the PaperCut NG/MF development team. They are more than happy to help.
Summary of configuring custom user and authentication programs
In summary, there are two things to configure for the custom programs to work with PaperCut NG/MF. We recommend the following order.
- In the
security.properties
file configure the security.custom-executable.allowed-directory-list key. - Restart the PaperCut Application Server .
- In the PaperCut NG/MF Web admin interface, in Options > User/Group Sync page, set the primary sync source and type the executable names .
After the configuration is complete, PaperCut NG/MF will search the directory(s) listed in the security.properties
file for the executable name you specified in the admin interface.
Configure the security.custom-executable.allowed-directory-list key
For security reasons the directory where custom authentication programs are stored needs to be granted and approved by editing the security.properties
file.
-
In any operating system, open the
[app-path]/server/security.properties
file.Windows
a. In the Start menu, right-click Notepad and select Run as administrator.
b. From the File menu select Open.
c. Browse to and open the security.properties file.
macOS/Linux
We recommend using
sudo
orsu
to open the file in your favorite editor as root. -
Find the
security.custom-executable.allowed-directory-list
key. -
At the end of the key, type the full path, or multiple full paths separated by semicolons, to the directory(s) that the executable file(s) are saved in.
- Do not use relative paths.
- Do not include the name of the executable. (That’s set in the admin UI .)
For Windows paths using backslashes, enter each backslash as a double backslash (\). Spaces are OK. Always add slashes to the end of the path.
Examples:
- Linux: /custom/;/custom/subfolder/;
- Windows: C:\\folder\\;c:\\apps\\
-
Save the
security.properties
file.
Set the primary sync source and custom program executable names in the admin interface
-
Go to Options > Users/Group Sync.
-
In the Sync Source section, in the Primary sync source dropdown select Custom program (Advanced).
-
In the Custom user program field, type the name of the executable including the extension, that is saved in the directory you specified in the
security.user-source-custom-program.allowed-directory-list
key.Example:
userDir.bat
-
In the Custom auth program field, type the name of the executable including the extension, that is saved in the directory you specified in the
security.auth-source-custom-program.allowed-directory-list
key.Example:
externalAuth.bat
-
Click Apply.
-
Test your user sync and authentication and ensure they work as expected.
FAQ
Q If “Delete users that do not exist in the selected source” is disabled, what happens if User is missing from selected custom source? Is account disabled?
The account will be left and not deleted from PaperCut. To delete these accounts, run a sync with the delete option selected, or manually delete the user via the interface (or via server-command.exe
).
Q What happens when “Enable internal users” is disabled?
Internal users are disabled by default. Internal users are mutually exclusive from the sync source and only exist in the PaperCut database. PaperCut will not call custom plugin operations on any internal users if defined.
Q Do groups still need to be added manually through “Add/Remove Groups”?
Yes. In many environments there are often thousands of groups in the user directory. Most are defined for purposes such as file permissions, etc. and are not relevant to printing. Each group added into PaperCut adds some sync overhead as users and groups are matched up in the database. For this reason the administrators must select the groups appropriate for printing (e.g. rules, reports, filters, …). Automatically importing all groups would cause performance problems.
Comments