Good Day!
Thank you very much for the help!
I achieved partial success:
Now the system sent messages about the fact that the certificate will
soon expire in Russian, inserting the user name from LDAP into it.
Name has to be inserted in Latin letters, because about getting Russian
letters from LDAP, the system crashed with message: "FATAL Uncaught
exception: Wide character in subroutine entry at
/usr/lib/perl5/OpenXPKI/Transport/Simple.pm line 58.".
But I have not yet figured out how to change
"certificate_signing_request_v2.yaml" to get the fields "username" and
"email" from LDAP, instead of requesting their input by the user, as it
is implemented in "00_user_basic_style" of
"I18N_OPENXPKI_PROFILE_USER.yaml" ;(
Could you give me a hint?
I want to use "creator" of workflow as "username" (CN part of
certificate subject) and his email from LDAP as "email" part of SAN.
There are a couple of nuances that may be of interest:
1) Inverted logic in the default file notify_expiry.yaml:
----
condition:
is_renewed:
class: OpenXPKI::Server::Workflow::Condition::WFArray
param:
array_name: renewed_identifier
condition: is_empty
---
I changed his name to "is_not_renewed" and changed the processing in the
"CHECK_IF_RENEWED".
2) class:
OpenXPKI::Server::Workflow::Activity::Tools::Connector::GetValue does
not work in array mode.
It returns: " __ACTION__ => expiry_load_userdata; __ERROR__ => No
get_hash() me at /usr/lib/perl5/OpenXPKI/Server/API/Workflow.pm line 1225."
I configured separate scalar connectors for the user name and emailand
it works!
24.10.2017 23:52, Oliver Welter writes:
Hi Stace,
Am 16.10.2017 um 14:56 schrieb Станислав Захаров:
Yes this is possible with the generic connetor system.
You need to setup a connector similar to your LDAP Auth connector
that delivers the requested information. Then add a new activity to
your workflow using the class
OpenXPKI::Server::Workflow::Activity::Tools::Connector::GetValue
This can be used to load information from the Connector into the
workflow context. You can then modifiy the "notify" activities to
access this information and map it into the templates or even use
the given variable names.
I can't find any information about "setup a connector" for workflow ;(
Can you give me any example?
go to the workflow definition file
(workflow/def/certificate_signing_request_v2), scroll down to the
"action" block and add something like
load_userdata:
class:
OpenXPKI::Server::Workflow::Activity::Tools::Connector::GetValue
param:
mode: map
config_prefix: metadata.userinfo
_map_config_key: "[% context.cert_subject_parts.email %]"
attrmap: user_email -> mail, user_name -> name
Have a look at the metadata.yaml file, this is a connector setup for
systemid, make a copy for "userinfo" and place connector of type
Connector::Proxy::Net::LDAP::Simple here (see the documentaton of the
Connector::Proxy::Net::LDAP how to set it up. You will get the value
of the email from the subject as "ARGS.0" as given in the sample
config. The "attrmap" has the LDAP properties on the right and the
context values on the left.
Finally add "load_userdata" before you call the "notify*" actions into
the appropriate workflow steps.
2) How can I set up automatic sending of emails to users who have
certificates that expire within two weeks?
I upgraded my system to 1.18.1 and see new "cert_expiry"
notification settings in smtp.yaml, but I can't find any
information about its usage ;(
Have a look at the notify_expiry which is provided with the sample
config. You can call this e.g. from cron using the "openxpkicmd"
command line tool.
I started workflow, but get certificates in already renewed list ;(
My users can have many certificates with same CN, but different UID.
For example: Certificate with subject
"UID=s60_may+CN=krasnikov,DC=npk,DC=ru" be expired soon, but
"expiry_search_renewed" return it in "Certificates already renewed"
list.
Other certificate "UID=Krasnikov+CN=krasnikov,DC=npk,DC=ru" exists
and valid, but this is certificate for other device.
I use default "search_renewed:" action definition with
"_map_cert_subject: "[% USE Certificate %][% Certificate.body(
context.cert_identifier, 'subject') %]""
How to modify it to match full certificate subject ?
OpenXPKI::Server::Workflow::Activity::Tools::SearchCertificates
manual does not contains any description of "_map_cert_subject"
parameter ;(
The _map prefix just says that this parameter is expanded by
evaluating the expression, it becomes "cert_subject" in the class. I
dont know why this does not match - I think there is some
normalization going on. You can start the inline debugger with
openxpkictl start --debug
OpenXPKI::Server::Workflow::Activity::Tools::SearchCertificates:64
This will print out some useful information from the class to the
"stderr.log"
Oliver
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
