Hi,for the encoding issue, please try the new 1.19 release. We changed the serialization format which will hopefully catch those issues.
You have two options to map the LDAP data into the profile. If you want to keep the input forms, prefill the "cert_subj_parts" hash using the class OpenXPKI::Server::Workflow::Activity::Tools::SetContextHash If you dont need the profile forms, you can replace the "render_subject" activity with a hardcoded action to set the "cert_subject" context value to the expected string (using Tools::SetContext).
Oliver Am 30.10.2017 um 12:49 schrieb Станислав Захаров:
Good Day! Thank you very much for the help! I achieved partial success:Now the system sent messages about the fact that the certificate will soon expire in Russian, inserting the user name from LDAP into it. Name has to be inserted in Latin letters, because about getting Russian letters from LDAP, the system crashed with message: "FATAL Uncaught exception: Wide character in subroutine entry at /usr/lib/perl5/OpenXPKI/Transport/Simple.pm line 58.".But I have not yet figured out how to change "certificate_signing_request_v2.yaml" to get the fields "username" and "email" from LDAP, instead of requesting their input by the user, as it is implemented in "00_user_basic_style" of "I18N_OPENXPKI_PROFILE_USER.yaml" ;(Could you give me a hint?I want to use "creator" of workflow as "username" (CN part of certificate subject) and his email from LDAP as "email" part of SAN.There are a couple of nuances that may be of interest: 1) Inverted logic in the default file notify_expiry.yaml: ---- condition: is_renewed: class: OpenXPKI::Server::Workflow::Condition::WFArray param: array_name: renewed_identifier condition: is_empty ---I changed his name to "is_not_renewed" and changed the processing in the "CHECK_IF_RENEWED".2) class: OpenXPKI::Server::Workflow::Activity::Tools::Connector::GetValue does not work in array mode. It returns: " __ACTION__ => expiry_load_userdata; __ERROR__ => No get_hash() me at /usr/lib/perl5/OpenXPKI/Server/API/Workflow.pm line 1225."I configured separate scalar connectors for the user name and emailand it works!24.10.2017 23:52, Oliver Welter writes:Hi Stace, Am 16.10.2017 um 14:56 schrieb Станислав Захаров:Yes this is possible with the generic connetor system.You need to setup a connector similar to your LDAP Auth connector that delivers the requested information. Then add a new activity to your workflow using the class OpenXPKI::Server::Workflow::Activity::Tools::Connector::GetValueThis can be used to load information from the Connector into the workflow context. You can then modifiy the "notify" activities to access this information and map it into the templates or even use the given variable names.I can't find any information about "setup a connector" for workflow ;( Can you give me any example?go to the workflow definition file (workflow/def/certificate_signing_request_v2), scroll down to the "action" block and add something likeload_userdata:class: OpenXPKI::Server::Workflow::Activity::Tools::Connector::GetValueparam: mode: map config_prefix: metadata.userinfo _map_config_key: "[% context.cert_subject_parts.email %]" attrmap: user_email -> mail, user_name -> nameHave a look at the metadata.yaml file, this is a connector setup for systemid, make a copy for "userinfo" and place connector of type Connector::Proxy::Net::LDAP::Simple here (see the documentaton of the Connector::Proxy::Net::LDAP how to set it up. You will get the value of the email from the subject as "ARGS.0" as given in the sample config. The "attrmap" has the LDAP properties on the right and the context values on the left.Finally add "load_userdata" before you call the "notify*" actions into the appropriate workflow steps.2) How can I set up automatic sending of emails to users who have certificates that expire within two weeks? I upgraded my system to 1.18.1 and see new "cert_expiry" notification settings in smtp.yaml, but I can't find any information about its usage ;(Have a look at the notify_expiry which is provided with the sample config. You can call this e.g. from cron using the "openxpkicmd" command line tool.I started workflow, but get certificates in already renewed list ;( My users can have many certificates with same CN, but different UID.For example: Certificate with subject "UID=s60_may+CN=krasnikov,DC=npk,DC=ru" be expired soon, but "expiry_search_renewed" return it in "Certificates already renewed" list. Other certificate "UID=Krasnikov+CN=krasnikov,DC=npk,DC=ru" exists and valid, but this is certificate for other device.I use default "search_renewed:" action definition with "_map_cert_subject: "[% USE Certificate %][% Certificate.body( context.cert_identifier, 'subject') %]""How to modify it to match full certificate subject ?OpenXPKI::Server::Workflow::Activity::Tools::SearchCertificates manual does not contains any description of "_map_cert_subject" parameter ;(The _map prefix just says that this parameter is expanded by evaluating the expression, it becomes "cert_subject" in the class. I dont know why this does not match - I think there is some normalization going on. You can start the inline debugger withopenxpkictl start --debug OpenXPKI::Server::Workflow::Activity::Tools::SearchCertificates:64This will print out some useful information from the class to the "stderr.log"Oliver ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org!http://sdm.link/slashdot _______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
-- Protect your environment - close windows and adopt a penguin!
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
