cups-browsed.conf(5) server configuration file for cups-browsed

DESCRIPTION

The cups-browsed.conf file configures the cups-browsed daemon. It is normally located in the /etc/cups directory. Each line in the file can be a configuration directive, a blank line, or a comment. Comment lines start with the # character.

DIRECTIVES

The "DebugLogging" directive determines how should debug logging be done. Into the file /var/log/cups/cups-browsed_log ("file"), to stderr ("stderr"), or not at all ("none").

        DebugLogging file
        DebugLogging stderr
        DebugLogging file stderr
        DebugLogging none
Only browse remote printers (via DNS-SD or CUPS browsing) from selected servers using the "BrowseAllow", "BrowseDeny", and "BrowseOrder" directives

This serves for restricting the choice of printers in print dialogs to trusted servers or to reduce the number of listed printers in the print dialogs to a more user-friendly amount in large networks with very many shared printers.

This only filters the selection of remote printers for which cups-browsed creates local queues. If the print dialog uses other mechanisms to list remote printers as for example direct DNS-SD access, cups-browsed has no influence. cups-browsed also does not prevent the user from manually accessing non-listed printers.

"BrowseAllow": Accept printers from these hosts or networks. If there are only "BrowseAllow" lines and no "BrowseOrder" and/or "BrowseDeny" lines, only servers matching at last one "BrowseAllow" line are accepted.

"BrowseDeny": Deny printers from these hosts or networks. If there are only "BrowseDeny" lines and no "BrowseOrder" and/or "BrowseAllow" lines, all servers NOT matching any of the "BrowseDeny" lines are accepted.

"BrowseOrder": Determine the order in which "BrowseAllow" and "BrowseDeny" lines are applied. With "BrowseOrder Deny,Allow" in the beginning all servers are accepted, then the "BrowseDeny" lines are applied to exclude unwished servers or networks and after that the "BrowseAllow" lines to re-include servers or networks. With "BrowseOrder Allow,Deny" we start with denying all servers, then applying the "BrowseAllow" lines and afterwards the "BrowseDeny" lines.

Default for "BrowseOrder" is "Deny.Allow" if there are both "BrowseAllow" and "BrowseDeny" lines.

If there are no "Browse..." lines at all, all servers are accepted.

        BrowseAllow All
        BrowseAllow 192.168.7.20
        BrowseAllow 192.168.7.0/24
        BrowseAllow 192.168.7.0/255.255.255.0
        BrowseDeny All
        BrowseDeny 192.168.1.13
        BrowseDeny 192.168.3.0/24
        BrowseDeny 192.168.3.0/255.255.255.0
        BrowseOrder Deny,Allow
        BrowseOrder Allow,Deny
Filtering of remote printers by other properties than IP addresses of their servers

Often the desired selection of printers cannot be reached by only taking into account the IP addresses of the servers. For these cases there is the BrowseFilter directive to filter by most of the known properties of the printer.

By default there is no BrowseFilter line meaning that no filtering is applied.

To do filtering one can supply one or more BrowseFilter directives like this:

        BrowseFilter [NOT] [EXACT] <FIELD> [<VALUE>]
The BrowseFilter directive always starts with the word "BrowseFilter" and it must at least contain the name of the data field (<FIELD>) of the printer's properties to which it should apply.

Avaialble field names are:

        name:    Name of the local print queue to be created
        host:    Host name of the remote print server
        port:    Port through which the printer is accessed on the server
        service: DNS/SD service name of the remote printer
        domain:  Domain of the remote print server
Also all field names in the TXT records of DNS-SD-advertised printers are valid, like "color", "duplex", "pdl", ... If the field name of the filter rule does not exist for the printer, the rule is skipped.

The optional <VALUE> field is either the exact value (when the option EXACT is supplied) or a regular expression (Run "man 7 regex" in a terminal window) to be matched with the data field.

If no <VALUE> filed is supplied, rules with field names of the TXT record are considered for boolean matching (true/false) of boolean field (like duplex, which can have the values "T" for true and "F" for false).

If the option NOT is supplied, the filter rule is fulfilled if the regular expression or the exact value DOES NOT match the content of the data field. In a boolean rule (without <VALUE>) the rule matches false.

Regular expressions are always considered case-insensitive and extended POSIX regular expressions. Field names and options (NOT, EXACT) are all evaluated case-insensitive. If there is an error in a regular expression, the BrowseFilter line gets ignored.

Especially to note is that supplying any simple string consisting of only letters, numbers, spaces, and some basic special characters as a regular expression matches if it is contained somewhere in the data field.

If there is more than one BrowseFilter directive, ALL the directives need to be fulfilled for the remote printer to be accepted. If one is not fulfilled, the printer will get ignored.

Examples:

Rules for standard data items which are supplied with any remote printer advertised via DNS-SD:

Print queue name must contain "hum_res_", this matches "hum_res_mono" or "hum_res_color" but also "old_hum_res_mono":

        BrowseFilter name hum_res_
This matches if the remote host name contains "printserver", like "printserver.local", "printserver2.example.com", "newprintserver":

        BrowseFilter host printserver
This matches all ports with 631 int its number, for example 631, 8631, 10631,...:

        BrowseFilter port 631
This rule matches if the DNS-SD service name contains "@ printserver":

        Browsefilter service @ printserver
Matches all domains with "local" in their names, not only "local" but also things like "printlocally.com":

        BrowseFilter domain local
Examples for rules applying to items of the TXT record:

This rule selects PostScript printers, as the "PDL" field in the TXT record contains "postscript" then. This includes also remote CUPS queues which accept PostScript, independent of whether the physical printer behind the CUPS queue accepts PostScript or not.

        BrowseFilter pdl postscript
Color printers usually contain a "Color" entry set to "T" (for true) in the TXT record. This rule selects them:

        BrowseFilter color
This is a similar rule to select only duplex (automatic double-sided printing) printers:

        BrowseFilter duplex
Rules with the NOT option:

This rule EXCLUDES printers from all hosts containing "financial" in their names, nice to get rid of the 100s of printers of the financial department:

        BrowseFilter NOT host financial
Get only monochrome printers ("Color" set to "F", meaning false, in the TXT record):

        BrowseFilter NOT color
Rules with more advanced use of regular expressions:

Only queue names which BEGIN WITH "hum_res_" are accepted now, so we still get "hum_res_mono" or "hum_res_color" but not "old_hum_res_mono" any more:

        BrowseFilter name ^hum_res_
Server names is accepted if it contains "print_server" OR "graphics_dep_server":

        BrowseFilter host print_server|graphics_dep_server
"printserver1", "printserver2", and "printserver3", nothing else:

        BrowseFilter host ^printserver[1-3]$
Printers understanding at least one of PostScript, PCL, or PDF:

        BrowseFilter pdl postscript|pcl|pdf
Examples for the EXACT option:

Only printers from "printserver.local" are accepted:

        BrowseFilter EXACT host printserver.local
Printers from all servers except "prinserver2.local" are accepted:

        BrowseFilter NOT EXACT host prinserver2.local
The BrowsePoll directive polls a server for available printers once every 60 seconds. Multiple BrowsePoll directives can be specified to poll multiple servers. The default port to connect to is 631. BrowsePoll works independently of whether CUPS browsing is activated in BrowseRemoteProtocols.

        BrowsePoll 192.168.7.20
        BrowsePoll 192.168.7.65:631
        BrowsePoll host.example.com:631
The BrowseLocalProtocols directive specifies the protocols to use when advertising local shared printers on the network. The default is "none". Control of advertising of local shared printers using dnssd is done in /etc/cups/cupsd.conf.

        BrowseLocalProtocols none
        BrowseLocalProtocols CUPS
The BrowseRemoteProtocols directive specifies the protocols to use when finding remote shared printers on the network. Multiple protocols can be specified by separating them with spaces. The default is "dnssd cups".

        BrowseRemoteProtocols none
        BrowseRemoteProtocols CUPS dnssd
        BrowseRemoteProtocols CUPS
        BrowseRemoteProtocols dnssd
        BrowseRemoteProtocols ldap
The BrowseProtocols directive specifies the protocols to use when finding remote shared printers on the network and advertising local shared printers. "dnssd" and "ldap" are ignored for BrowseLocalProtocols. Multiple protocols can be specified by separating them with spaces. The default is "none" for BrowseLocalProtocols and "dnssd cups" for BrowseRemoteProtocols.

        BrowseProtocols none
        BrowseProtocols CUPS dnssd
        BrowseProtocols CUPS
        BrowseProtocols dnssd
        BrowseProtocols ldap
The configuration for the LDAP browsing mode define where the LDAP search should be performed. If built with an LDAP library that supports TLS, the path to the server's certificate, or to a certificates store, can be specified. The optional filter allows the LDAP search to be more specific, and is used in addition to the hardcoded filter (objectclass=cupsPrinter).

        BrowseLDAPBindDN cn=cups-browsed,dc=domain,dc=tld
        BrowseLDAPCACertFile /path/to/server/certificate.pem
        BrowseLDAPDN ou=printers,dc=domain,dc=tld
        BrowseLDAPFilter (printerLocation=/Office 1/*)
        BrowseLDAPPassword s3cret
        BrowseLDAPServer ldaps://ldap.domain.tld
The DomainSocket directive specifies the domain socket through which the locally running CUPS daemon is accessed. If not specified the standard domain socket of CUPS is used. Use this if you have specified an alternative domain socket for CUPS via a Listen directive in /etc/cups/cupsd.conf. If cups-browsed is not able to access the local CUPS daemon via a domain socket it accesses it via localhost.

        DomainSocket /var/run/cups/cups.sock
Set IPBasedDeviceURIs to "Yes" if cups-browsed should create its local queues with device URIs with the IP addresses instead of the host names of the remote servers. This mode is there for any problems with host name resolution in the network, especially also if avahi-daemon is only run for printer discovery and already stopped while still printing. By default this mode is turned off, meaning that we use URIs with host names.

If you prefer IPv4 or IPv6 IP addresses in the URIs, you can set IPBasedDeviceURIs to "IPv4" to only get IPv4 IP addresses or IPBasedDeviceURIs to "IPv6" to only get IPv6 IP addresses.

        IPBasedDeviceURIs No
        IPBasedDeviceURIs Yes
        IPBasedDeviceURIs IPv4
        IPBasedDeviceURIs IPv6
Set CreateRemoteRawPrinterQueues to "Yes" to let cups-browsed also create local queues pointing to remote raw CUPS queues. Normally, only queues pointing to remote queues with PPD/driver are created as we do not use drivers on the client side, but in some cases accessing a remote raw queue can make sense, for example if the queue forwards the jobs by a special backend like Tea4CUPS.

        CreateRemoteRawPrinterQueues Yes
The CreateIPPPrinterQueues directive specifies whether cups-browsed should discover IPP printers (via Bonjour) and if they understand a known page description language (PWG Raster, PDF, PostScript, PCL XL, PCL 5c/e) create PPD-less print queues (using a System V interface script to control the filter chain). Clients have to IPP-poll the capabilities of the printer and send option settings as standard IPP attributes. We do not poll the capabilities by ourselves to not wake up the printer from power-saving mode when creating the queues. Jobs have to be sent in one of PDF, PWG Raster, or JPEG format. Other formats are not accepted. This functionality is primarily for mobile devices running CUPS to not need a printer setup tool nor a collection of printer drivers and PPDs.

        CreateIPPPrinterQueues Yes
If cups-browsed is automatically creating print queues for native IPP network printers ("CreateIPPPrinterQueues Yes"), the type of queue to be created can be selected by the "IPPPrinterQueueType" directive. The "PPD" setting makes always queues with PPD file being created and no queue if the printer does not supply sufficient information for creating a PPD. With "NoPPD" the queue is always created with a System V interface script as filter, also when creatig a PPD would be possible. "Auto" (the default) lets a PPD being created if the printer supplies sufficient information and a System V interface script otherwise.

        IPPPrinterQueueType Auto
        IPPPrinterQueueType PPD
        IPPPrinterQueueType NoPPD
The LoadBalancing directive switches between two methods of handling load balancing between equally-named remote queues which are represented by one local print queue making up a cluster of them (implicit class).

The two methods are:

Queuing of jobs on the client (LoadBalancing QueueOnClient):

Here we queue up the jobs on the client and regularly check the clustered remote print queues. If we find an idle queue, we pass on a job to it.

This is also the method which CUPS uses for classes. Advantage is a more even distribution of the job workload on the servers (especially if the printing speed of the servers is very different), and if a server fails, there are not several jobs stuck or lost. Disadvantage is that if one takes the client (laptop, mobile phone, ...) out of the local network, printing stops with the jobs waiting in the local queue.

Queuing of jobs on the servers (LoadBalancing QueueOnServers):

Here we check the number of jobs on each of the clustered remote printers and send an incoming job immediately to the remote printer with the lowest amount of jobs in its queue. This way no jobs queue up locally, all jobs which are waiting are waiting on one of the remote servers.

Not having jobs waiting locally has the advantage that we can take the local machine from the network and all jobs get printed. Disadvantage is that if a server with a full queue of jobs goes away, the jobs go away, too.

Default is queuing the jobs on the client as this is what CUPS does with classes.

        LoadBalancing QueueOnClient
        LoadBalancing QueueOnServers
With the DefaultOptions directive one or more option settings can be defined to be applied to every print queue newly created by cups-browsed. Each option is supplied as one supplies options with the "-o" command line argument to the "lpadmin" command (Run "man lpadmin" for more details). More than one option can be supplied separating the options by spaces. By default no option settings are pre-defined.

Note that print queues which cups-browsed already created before remember their previous settings and so these settings do not get applied.

        DefaultOptions Option1=Value1 Option2=Value2 Option3 noOption4
The AutoShutdown directive specifies whether cups-browsed should automatically terminate when it has no local raw queues set up pointing to any discovered remote printers or no jobs on such queues depending on AutoShutdownOn setting (auto shutdown mode). Setting it to "On" activates the auto-shutdown mode, setting it to "Off" deactiivates it (the default). The special mode "avahi" turns auto shutdown off while avahi-daemon is running and on when avahi-daemon stops. This allows running cups-browsed on-demand when avahi-daemon is run on-demand.

        AutoShutdown Off
        AutoShutdown On
        AutoShutdown avahi
The AutoShutdownOn directive determines what event cups-browsed considers as inactivity in auto shutdown mode. "NoQueues" (the default) means that auto shutdown is initiated when there are no queues for discovered remote printers generated by cups-browsed any more. "NoJobs" means that all queues generated by cups-browsed are without jobs.

        AutoShutdownOn NoQueues
        AutoShutdownOn NoJobs
The AutoShutdownTimeout directive specifies after how many seconds without local raw queues set up pointing to any discovered remote printers or jobs on these queues cups-browsed should actually shut down in auto shutdown mode. Default is 30 seconds, 0 means immediate shutdown.

        AutoShutdownTimeout 20

AUTHOR

The authors of cups-browsed are listed in /usr/share/doc/cups-browsed/AUTHORS.

This manual page was written for the Debian Project, but it may be used by others.