--- /dev/null
+#!/usr/bin/perl
+use warnings;
+use strict;
+use autodie;
+
+use Data::Dump qw(dump);
+use File::Slurp;
+use DBI;
+
+my ($file, $local_user, $remote_user) = @ARGV;
+
+my $job_id = $1 if ( $file =~ m/job_(\d+)/ );
+
+die "can't find job_id in [$file]" unless $job_id;
+
+my $c_file = sprintf "/var/spool/cups/c%05d", $job_id;
+
+my $blob = read_file $c_file;
+
+my (undef,$ip) = split(/job-originating-host-name\x00/, $blob, 2);
+my $len = ord(substr($ip,0,1));
+$ip = substr($ip,1,$len);
+
+my $database = 'pGinaDB';
+my $hostname = '10.60.4.9';
+my $port = 3306;
+my $user = 'pGina';
+my $password = 'secret';
+
+my $dsn = "DBI:mysql:database=$database;host=$hostname;port=$port";
+my $dbh = DBI->connect($dsn, $user, $password);
+
+my $sth = $dbh->prepare(qq{
+ select * from pGinaSession where ipaddress = ? and logoutstamp is null order by loginstamp desc
+}) or die "prepare statement failed: $dbh->errstr()";
+$sth->execute($ip) or die "execution failed: $dbh->errstr()";
+if ( $sth->rows < 1 ) {
+ die "can't find IP for job $job_id";
+} elsif ( $sth->rows > 1 ) {
+ warn "ERROR: found $sth->rows() rows for $job_id, usng first one\n";
+}
+my $row = $sth->fetchrow_hashref();
+warn "## row = ",dump($row);
+
+$sth->finish;
+
+my $username = $row->{username} || die "no username in row = ",dump($row);
+
+my $spool = '/var/spool/cups-pdf/';
+mkdir "$spool/$username" if ( ! -e "$spool/$username" );
+my $filename_only = $file;
+$filename_only =~ s/^.*\///; # basename
+
+rename $file, "$spool/$username/$filename_only";
+
+exit 0;
--- /dev/null
+We are using cups-pdf to create printer which is shared on windows using ipp.
+
+Since we are not getting users from windows in our setup, we need cups-pdf
+PostProcessing hook to look find user from pGinaSessions.
+
+
+sudo vi /etc/cups/cups-pdf.conf
+
+PostProcessing /srv/safeq/cups-pdf-find-owner.pl
+
+
+To make this work, you also have to edit apparmor:
+
+sudo vi /etc/apparmor.d/usr.sbin.cupsd
+
+edit end of file, under /usr/lib/cups/backend/cups-pdf {
+add permission for script execution:
+...
+ /var/spool/cups/** r,
+ /var/spool/cups-pdf/** rw,
+
+ # safeq ffzg -- added to allow execution of PostProcessing
+ /srv/safeq/cups-pdf-find-owner.pl uxr,
+}
+