Hi Richard, sorry for the late reply, the mail got burried in the wrong folder :(
This looks like your roles yaml file is not properly formated: > requested value is not a scalarindicates that we get a hash or list instead of a scalar value which causes the connector to die.
Check your yaml file for proper identing (spaces, not tabs). Oliver Am 13.12.2016 um 11:16 schrieb Richard Franks:
Hi Oliver I have added that, however now the main daemon won’t start, with the following error messages. My perl is lacking, so I’m struggling to see what it is complaining about! Exception during server initialization: I18N_OPENXPKI_SERVER_INIT_TASK_INIT_FAILURE; __EVAL_ERROR__ => Can't locate object method "message" via package "requested value is not a scalar at /usr/share/perl5/Connector/Proxy/YAML.pm line 78. " (perhaps you forgot to load "requested value is not a scalar at /usr/share/perl5/Connector/Proxy/YAML.pm line 78. "?) at /usr/lib/x86_64-linux-gnu/perl5/5.20/OpenXPKI/Server/Authentication.pm line 145. ; __task__ => authentication (I18N_OPENXPKI_SERVER_INIT_TASK_INIT_FAILURE; __EVAL_ERROR__ => Can't locate object method "message" via package "requested value is not a scalar at /usr/share/perl5/Connector/Proxy/YAML.pm line 78. " (perhaps you forgot to load "requested value is not a scalar at /usr/share/perl5/Connector/Proxy/YAML.pm line 78. "?) at /usr/lib/x86_64-linux-gnu/perl5/5.20/OpenXPKI/Server/Authentication.pm line 145. ; __task__ => authentication Trace begun at /usr/lib/x86_64-linux-gnu/perl5/5.20/OpenXPKI/Server/Init.pm line 155 OpenXPKI::Server::Init::init('HASH(0x3e61750)') called at /usr/lib/x86_64-linux-gnu/perl5/5.20/OpenXPKI/Server.pm line 72 eval {...} at /usr/lib/x86_64-linux-gnu/perl5/5.20/OpenXPKI/Server.pm line 71 OpenXPKI::Server::new('OpenXPKI::Server', 'SILENT', 0) called at /usr/lib/x86_64-linux-gnu/perl5/5.20/OpenXPKI/Control.pm line 216 eval {...} at /usr/lib/x86_64-linux-gnu/perl5/5.20/OpenXPKI/Control.pm line 212 OpenXPKI::Control::start('HASH(0x1a97e78)') called at /usr/bin/openxpkictl line 104 ) at /usr/lib/x86_64-linux-gnu/perl5/5.20/OpenXPKI/Server.pm line 966. Thanks, RichardOn 13 Dec 2016, at 07:15, Oliver Welter <[email protected] <mailto:[email protected]>> wrote: Hi Richard, that stuff is unfortunately not documented very well. The roles file is just a key/value file with username: role, e.g. Richard: RA Operator Using the sample config, the username is the CN part of the certificate, you can also set "serial" or "subject". Have a look at the documentation of OpenXPKI::Server::Authentication::X509 Oliver Am 12.12.2016 um 14:15 schrieb Richard Franks:Hi I have got OpenXPKI up and running, and I can perform CA operations with the user/password combinations that I have set up. I would like to do certificate based authentication, however I am unsure how to assign roles to specific users. Within the realm configuration is connector.yaml, which seems to imply that you should define roles in /home/pkiadm/ca-one-x509-roles.yaml, however I am unable to find an example for the syntax of the file. Does one exist? If not, please could someone provide some guidance on how to format the file in order to provide role-based access using certificates? Thanks, Richard ------------------------------------------------------------------------------ Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today.http://sdm.link/xeonphi _______________________________________________ OpenXPKI-users mailing list [email protected] <mailto:[email protected]> https://lists.sourceforge.net/lists/listinfo/openxpki-users-- Protect your environment - close windows and adopt a penguin! ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org <http://SlashDot.org>! http://sdm.link/slashdot_______________________________________________ OpenXPKI-users mailing list [email protected] <mailto:[email protected]> https://lists.sourceforge.net/lists/listinfo/openxpki-users------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
-- Protect your environment - close windows and adopt a penguin!
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
