Hi Stace,
Am 16.10.2017 um 14:56 schrieb Станислав Захаров:
Yes this is possible with the generic connetor system.You need to setup a connector similar to your LDAP Auth connector that delivers the requested information. Then add a new activity to your workflow using the class OpenXPKI::Server::Workflow::Activity::Tools::Connector::GetValueThis can be used to load information from the Connector into the workflow context. You can then modifiy the "notify" activities to access this information and map it into the templates or even use the given variable names.I can't find any information about "setup a connector" for workflow ;( Can you give me any example?
go to the workflow definition file (workflow/def/certificate_signing_request_v2), scroll down to the "action" block and add something like
load_userdata:
class: OpenXPKI::Server::Workflow::Activity::Tools::Connector::GetValue
param:
mode: map
config_prefix: metadata.userinfo
_map_config_key: "[% context.cert_subject_parts.email %]"
attrmap: user_email -> mail, user_name -> name
Have a look at the metadata.yaml file, this is a connector setup for
systemid, make a copy for "userinfo" and place connector of type
Connector::Proxy::Net::LDAP::Simple here (see the documentaton of the
Connector::Proxy::Net::LDAP how to set it up. You will get the value of
the email from the subject as "ARGS.0" as given in the sample config.
The "attrmap" has the LDAP properties on the right and the context
values on the left.
Finally add "load_userdata" before you call the "notify*" actions into the appropriate workflow steps.
2) How can I set up automatic sending of emails to users who have certificates that expire within two weeks? I upgraded my system to 1.18.1 and see new "cert_expiry" notification settings in smtp.yaml, but I can't find any information about its usage ;(Have a look at the notify_expiry which is provided with the sample config. You can call this e.g. from cron using the "openxpkicmd" command line tool.I started workflow, but get certificates in already renewed list ;( My users can have many certificates with same CN, but different UID.For example: Certificate with subject "UID=s60_may+CN=krasnikov,DC=npk,DC=ru" be expired soon, but "expiry_search_renewed" return it in "Certificates already renewed" list. Other certificate "UID=Krasnikov+CN=krasnikov,DC=npk,DC=ru" exists and valid, but this is certificate for other device.I use default "search_renewed:" action definition with "_map_cert_subject: "[% USE Certificate %][% Certificate.body( context.cert_identifier, 'subject') %]""How to modify it to match full certificate subject ?OpenXPKI::Server::Workflow::Activity::Tools::SearchCertificates manual does not contains any description of "_map_cert_subject" parameter ;(
The _map prefix just says that this parameter is expanded by evaluating the expression, it becomes "cert_subject" in the class. I dont know why this does not match - I think there is some normalization going on. You can start the inline debugger with
openxpkictl start --debug OpenXPKI::Server::Workflow::Activity::Tools::SearchCertificates:64
This will print out some useful information from the class to the "stderr.log"
Oliver -- Protect your environment - close windows and adopt a penguin!
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
