[Pki-users] PKI Console - Publishing Acl Error
Ade Lee
alee at redhat.com
Thu Oct 14 18:32:42 UTC 2010
This bug has been fixed in the latest versions. See
https://bugzilla.redhat.com/show_bug.cgi?id=621602 for details.
Basically, there is a typo (one too many ||) in the acl entry:
certServer.publisher.configuration
You can fix this in the acl.ldif file or even through the acl
configuration in the pkiconsole.
Ade
On Sun, 2010-10-10 at 11:41 +0200, Frederic d'Huart wrote:
> Hello Pki Users,
>
> I have an problem to access the DogTAG Publishing tab of the
> PKIConsole.
>
> I want to enable a new CRL File publishing object as described into
> the section 8.2.1 of the admin guide.
> but I receive the error "You are not allowed to perform this
> operation" anytime I'm trying to access the
> publishing tab and subObjects.
>
> The ca_log show this error
> ___
>
> /var/log/pki-ca/debug
>
> [10/Oct/2010:11:06:52][http-9445-Processor24]:
> LdapBoundConnFactory.java:391:returnConn() returnConn: mNumConns now 3
> [10/Oct/2010:11:06:52][http-9445-Processor24]:
> AAclAuthz.java:643:evaluateExpressions() evaluated expression:
> group="Registration Manager Agents" to be true
> [10/Oct/2010:11:06:52][http-9445-Processor24]:
> SignedAuditEventFactory.java:78:create() SignedAuditEventFactory:
> create()
> message=[AuditEvent=AUTHZ_FAIL][SubjectID=admin][Outcome=Failure][aclResource=<null>][Op=<null>] authorization failure
>
> [10/Oct/2010:11:06:52][http-9445-Processor24]:
> LdapBoundConnFactory.java:343:getConn() getConn: mNumConns now 2
> [10/Oct/2010:11:06:52][http-9445-Processor24]:
> LdapBoundConnFactory.java:391:returnConn() returnConn: mNumConns now 3
> [10/Oct/2010:11:06:52][http-9445-Processor24]:
> SignedAuditEventFactory.java:78:create() SignedAuditEventFactory:
> create()
> message=[AuditEvent=ROLE_ASSUME][SubjectID=admin][Outcome=Failure][Role=Certificate Manager Agents, Registration Manager Agents, Trusted Managers, Administrators, Security Domain Administrators, Enterprise CA Administrators, Enterprise KRA Administrators, Enterprise OCSP Administrators, Enterprise TKS Administrators, Enterprise RA Administrators, Enterprise TPS Administrators] assume privileged role
>
>
> I have checked everywhere in the PKIConsole ACL's tab, but I didn't
> find anything ...
> Does somebody would have an idea how to fix it ?
>
>
>
> Thank you ..
> _______________________________________________
> Pki-users mailing list
> Pki-users at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users
More information about the Pki-users
mailing list