dslpaccess(1M)

dslpaccess -- allow/deny non-directory enabled users and systems access to print queue

Synopsis

dslpaccess -q queue-name [-C directory-context] -a allow-list | -d deny-list

Description

The dslpaccess utility either allows or denies conventional UNIX (that is, not directory-enabled) users and systems access to a directory-enabled print queue. It is modeled on the lpadmin(1M) utility's -u option. Setting this does not control the access permissions of directory-enabled UNIX users, which is done using appropriate directory server-specific tools such as ACL management systems.

Allow and deny lists consist of a comma-separated list of entries, each of which may specify a login ID, or a system name and login ID, as follows:

[[login-ID]|[system!login-ID]],[[login-ID]|[system!login-ID]],...

login_ID or system, or both, can be set to the wildcard all, allowing or denying all appropriate entries. Use all with care. When the all entry is added to one list, all non-all entries are removed from the other list, for the appropriate value of login_ID or system. The default for system is the local host.

The user of this utility must be directory-enabled and have permissions set for write, modify, search and read on the directory, in the directory context in which they are administrator.

Options

The utility has the following command line options:

-a allow-list: Specifies a list of users to add to the allow list. If present, these are deleted from the deny list. This option can not be used with the -d option.
-C directory-context: Specifies the directory context for the command. This is the root Distinguished Name (DN) to which the Relative Distinguished Name (RDN) of the printer queue is added. If this is not given, the current directory context is used.
-d deny-list: Specifies a list of users to add to the deny list. If present, these are deleted from the allow list. This option can not be used with the -a option.
-q queue-name: The queue-name parameter is the RDN of the print queue. If the print queue name does not exist in the directory context (see the -C option), the command fails.

Exit codes

On success, dslpaccess returns 0, otherwise one of the following exit codes is returned:

1: invalid options
2: specified print queue is unknown
3: the administrator does not have appropriate access control permissions
4: invalid DN supplied
5: value is already set
6: other error

Examples

The following grants user fredb access to print queue printq1 on host systemX:

dslpaccess -q printq1 -a systemX!fredb

The following performs the same operation, but for a specified directory context:

dslpaccess -q printq1 -C "ou=mygroup,o=sco" -a systemX!fredb

The following denies access to print queue printq1 to user tomt for all hosts:

dslpaccess -q printq1 -d all!tomt

References

dslpaccept(1M), dslpadmin(1M), dslpenable(1M), dslpprotocol(1M), dslpprinter(1M), dslpsearch(1), lpadmin(1M)