Hi Michael,
Michael Konietzka wrote:
Configuration error: The xml path to the access control is missing (/usr/local/ra//OpenCA/etc/access_control/pub.xml: access_control/acl_config/map_role).
Configuration error: 6293005
I am a little confused about this error, because in the pub.xml I have map_role:
<acl_config>
<acl>no</acl>
<list>/usr/local/ra/OpenCA/etc/rbac/acl.xml</list>
<command_dir>/usr/local/ra//OpenCA/etc/rbac/cmds</command_dir>
<module_id>32</module_id>
<ca_cert>/usr/local/ra//OpenCA/var/crypto/cacerts/cacert.pem</ca_cert>
<map_role>no</map_role>
<map_operations></map_operations>
</acl_config>
I looked in AC.pm:
## should we map the user to a role?
$self->{acl}->{map_role} = $self->{cache}->get_xpath (
FILENAME => $self->{configfile},
XPATH => 'access_control/acl_config/map_role');
if (not $self->{acl}->{map_role}) {
$self->setError (6293005,
$self->{gettext} ("The xml path to the access control is missing (__FILENAME__: access_control/acl_config/map_role).",
"__FILENAME__", $self->{configfile}));
return undef;
}
1. Do there be any errormessages in xml-chache.log?
Yes, but now it is complaining about missing map_operation. So i change "map_operations" in "map_operation" in the above pub.xml.
<?xml version="1.0" encoding="iso-8859-1" ?>
<log_message>
<errno>6294005</errno>
<errval>the xml path to the access control is missing (":
access_control/acl_config/map_op
eration).</errval>
<id>109507262234092457461421126471913701550840</id>
<iso_timestamp>2004-09-13 10:50:22</iso_timestamp>
<message>loadconfig: entering function
loading channel configuration ...
channel type ... mod_ssl
security protocol ... ssl
source ... .*
asymmetric cipher ... .*
asymmetric keylength ... 0
symmetric cipher ... .*
asymmetric keylength ... 128
loadloginconfig: entering function
loadloginconfig: leaving function successfully
loadroleconfig: entering function
loadroleconfig: leaving function successfully
loadoperationconfig: entering function
</message>
<timestamp>2004-sep-13 10:50:22</timestamp>
</log_message>
But why is in errval "/usr/local/ra//openca/etc/access_control/pub.xml" and in stderr "/usr/local/ra//OpenCA/etc/access_control/pub.xml"?
2. Please run "xmllint -format pub.xml". If it outputs a correct XML file then all is ok.
xmllint doesn't complain.
3. map_role must always be "no" in pub.xml because user will never be authenticated (by default). This was wrong for one day after an ACL update.
BTW did you restart OpenCA after you updated the files?
Yes, of course. Hm, i will make a clean, new install this week, so maybe this behavioir will disappear. I guess it results from differnt cvs updates over an already installed system.
Regards
Michael
--
Dipl.-Inform. Michael Konietzka Schlund + Partner AG
- Development UNIX - Brauerstra�e 48
Webservices D-76135 Karlsuhe
http://www.schlund.de/ Germany-------------------------------------------------------
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 13. Go here: http://sf.net/ppc_contest.php
_______________________________________________
Openca-Users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-users
