Thanks Scott, as a test I've set <param name="ENFORCE-MODE" value="permit-all-requests"/> and can now ingest both via cli and web. I'll learn more about tweaking the policies (thanks Alan for the kickstart on that).
Mark ----- Original Message ----- > More than likely, you're being blocked by the default policies, which > only allow certain API-M functions to the admin via localhost. > > This page should be able to help you out: > > https://wiki.duraspace.org/display/FEDORA34/XACML+Policy+Enforcement#XACMLPolicyEnforcement-DEFAULTPOLICIES > > You'll need to either turn off policy enforcement in fedora.fcfg, or > put > a policy in place that allows API-M access via your host. > > -- Scott > > On 11/09/2011 12:56 PM, Mark Jordan wrote: > > Hello, > > > > I am setting up a new install of Fedora Repository 3.4.2 (as > > required by Islandora) and cannot ingest objects directly into FR. I > > have verified that the fedoraAdmin credentials I am using when I try > > to ingest the demo objects using the CLI and objects using the web > > administrator are correct, as per fedora-users.xml. I can also > > connect to the mysql database successfully. I include my > > install.properties at the end of this message (fesl off, xacml on). > > I am not using localhost as the fedora.serverHost, I am using the > > public hostname for my test server (represented below as > > myhost.tld). > > > > Here's what happens: > > > > 1) When I try to ingest the demo objects using the following: > > > > sudo -i /usr/local/fedora/client/bin/fedora-ingest-demos.sh > > myhost.tld 8080 fedoraAdmin xxxxxx http > > > > I am told "WARNING: 41 of 41 objects failed. Check log.", which > > contains 41 errors like this: > > > > <failed > > > > file="/usr/local/fedora/client/demo/foxml/local-server-demos/document-transform-demo/demo_XML_TO_HTMLDOC.xml"> > > org.fcrepo.server.errors.authorization.AuthzDeniedException: > > </failed> > > > > 2) When I go to http://myhost.tld:8080/fedora, I am asked to > > authenticate using HTTP basic from tomcat. I can do so using the > > fedoraAdmin credentials. When I then go to > > http://myhost.tld:8080/fedora/admin, I see the Connect to Repository > > dialog and can click through. I can search, but when I try to ingest > > an object, I get a 401 error. > > > > Anybody got any suggestions as to why fedoraAdmin is not able to > > authenticate? > > > > TIA, > > > > Mark > > > > #Install Options > > #Tue Nov 08 19:59:40 PST 2011 > > ri.enabled=true > > messaging.enabled=false > > apia.auth.required=false > > database.jdbcDriverClass=com.mysql.jdbc.Driver > > ssl.available=false > > database.jdbcURL=jdbc\:mysql\://localhost/fedora3?useUnicode\=true&characterEncoding\=UTF-8&autoReconnect\=true > > database.password=XXXXX > > database.mysql.driver=included > > database.username=fedoraAdmin > > fesl.authz.enabled=false > > tomcat.shutdown.port=8005 > > deploy.local.services=true > > xacml.enabled=true > > database.mysql.jdbcDriverClass=com.mysql.jdbc.Driver > > tomcat.http.port=8080 > > fedora.serverHost=myhost.tld > > database=mysql > > database.driver=included > > fedora.serverContext=fedora > > llstore.type=akubra-fs > > tomcat.home=/usr/local/fedora/tomcat > > fesl.authn.enabled=false > > fedora.home=/usr/local/fedora > > database.mysql.jdbcURL=jdbc\:mysql\://localhost/fedora3?useUnicode\=true&characterEncoding\=UTF-8&autoReconnect\=true > > install.type=custom > > servlet.engine=included > > fedora.admin.pass=XXXXX > > > > ------------------------------------------------------------------------------ > > RSA(R) Conference 2012 > > Save $700 by Nov 18 > > Register now > > http://p.sf.net/sfu/rsa-sfdev2dev1 > > _______________________________________________ > > Fedora-commons-users mailing list > > Fedora-commons-users@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/fedora-commons-users > > > -- > Scott Prater > Library, Instructional, and Research Applications (LIRA) > Division of Information Technology (DoIT) > University of Wisconsin - Madison > pra...@wisc.edu > > ------------------------------------------------------------------------------ > RSA(R) Conference 2012 > Save $700 by Nov 18 > Register now > http://p.sf.net/sfu/rsa-sfdev2dev1 > _______________________________________________ > Fedora-commons-users mailing list > Fedora-commons-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/fedora-commons-users ------------------------------------------------------------------------------ RSA(R) Conference 2012 Save $700 by Nov 18 Register now http://p.sf.net/sfu/rsa-sfdev2dev1 _______________________________________________ Fedora-commons-users mailing list Fedora-commons-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fedora-commons-users
