[Pki-users] PKI Console - Publishing Acl Error

Frederic d'Huart fdh at x-zone.org
Fri Oct 15 08:49:35 UTC 2010 

Ade,

Thank you very much it works now :)

--
Frederic


On 10/14/2010 08:32 PM, Ade Lee wrote:
> This bug has been fixed in the latest versions.  See
> https://bugzilla.redhat.com/show_bug.cgi?id=621602 for details.
>
> Basically, there is a typo (one too many ||) in the acl entry:
> certServer.publisher.configuration 
>
> You can fix this in the acl.ldif file or even through the acl
> configuration in the pkiconsole.
>
> Ade
>
> On Sun, 2010-10-10 at 11:41 +0200, Frederic d'Huart wrote:
>   
>> Hello Pki Users,
>>
>> I have an problem to access the DogTAG Publishing tab of the
>> PKIConsole. 
>>
>> I want to enable a new CRL File publishing object as described into
>> the section 8.2.1 of the admin guide.
>> but I receive the error "You are not allowed to perform this
>> operation" anytime I'm trying to access the 
>> publishing tab and subObjects.
>>
>> The ca_log show this error 
>> ___
>>
>> /var/log/pki-ca/debug 
>>
>> [10/Oct/2010:11:06:52][http-9445-Processor24]:
>> LdapBoundConnFactory.java:391:returnConn() returnConn: mNumConns now 3
>> [10/Oct/2010:11:06:52][http-9445-Processor24]:
>> AAclAuthz.java:643:evaluateExpressions() evaluated expression:
>> group="Registration Manager Agents" to be true
>> [10/Oct/2010:11:06:52][http-9445-Processor24]:
>> SignedAuditEventFactory.java:78:create() SignedAuditEventFactory:
>> create()
>> message=[AuditEvent=AUTHZ_FAIL][SubjectID=admin][Outcome=Failure][aclResource=<null>][Op=<null>] authorization failure
>>
>> [10/Oct/2010:11:06:52][http-9445-Processor24]:
>> LdapBoundConnFactory.java:343:getConn() getConn: mNumConns now 2
>> [10/Oct/2010:11:06:52][http-9445-Processor24]:
>> LdapBoundConnFactory.java:391:returnConn() returnConn: mNumConns now 3
>> [10/Oct/2010:11:06:52][http-9445-Processor24]:
>> SignedAuditEventFactory.java:78:create() SignedAuditEventFactory:
>> create()
>> message=[AuditEvent=ROLE_ASSUME][SubjectID=admin][Outcome=Failure][Role=Certificate Manager Agents, Registration Manager Agents, Trusted Managers, Administrators, Security Domain Administrators, Enterprise CA Administrators, Enterprise KRA Administrators, Enterprise OCSP Administrators, Enterprise TKS Administrators, Enterprise RA Administrators, Enterprise TPS Administrators] assume privileged role
>>
>>
>> I have checked everywhere in the PKIConsole ACL's tab, but I didn't
>> find anything ...
>> Does somebody would have an idea how to fix it ?
>>
>>
>>
>> Thank you ..
>> _______________________________________________
>> Pki-users mailing list
>> Pki-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/pki-users
>>     
>

More information about the Pki-users mailing list