Michael Bell schrieb:
[EMAIL PROTECTED] wrote:
Well..I have the following acl_config section in my pub.xml.template:
<acl_config> <acl>yes</acl> <list><OPENCADIR>/etc/rbac/acl.xml</list> <command_dir><OPENCADIR>/etc/rbac/cmds</command_dir> <module_id>@pub_module_id@</module_id> <ca_cert><OPENCADIR>/var/crypto/cacerts/cacert.pem</ca_cert> <map_role>no</map_role> <map_operation>no</map_operation> </acl_config>
I used openca-config to generate the pub.xml out of it and restarted openca.
If you activated the login then this should be enough. So I don't have an idea what's going on because your configuration works (means "Permission denied.") on my machine. I use CVS HEAD and openca_0_9_2 branch. Perhaps you should wait until monday. I will create the openca_0_9_2_0 tag in munich. We performed a lot of work after the RC5.
Perhaps the problem is map_role. Sometime ago there was a problem copying the login name to the role if the mapping was deactivated.
Michael
Ok..found the bug and a workaround. What was going on was the following: The access control system was having a tough time with the module_ids. Every permission, which was granted to the node interface (module_id=3), was granted to the public interface as well (module_id=32). I guess some comparison was buggy. No idea, whether this bug persists in the current cvs.
The workaround was to create a seperate acl-file for the public interface, where the node interface is not mentioned. So I created aclpub.xml with only permissions for the public interface in it and pointed the <list> sub entry of the <acl_config> entry in pub.xml.template to this new file. Everything is working as it should for me now :)
Regards Michael
-- accom GmbH & Co. KG Gr�ner Weg 100 52070 Aachen
Tel: +49 241 918 5228 Fax: +49 241 918 5299
------------------------------------------------------- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
