Hi!
Will there be release 1.19 for ubuntu 14.04 or do I need to compile it
from the sources?
If it does, then when?
03.11.2017 13:31, Oliver Welter пишет:
Hi,
for the encoding issue, please try the new 1.19 release. We changed
the serialization format which will hopefully catch those issues.
You have two options to map the LDAP data into the profile. If you
want to keep the input forms, prefill the "cert_subj_parts" hash using
the class OpenXPKI::Server::Workflow::Activity::Tools::SetContextHash
If you dont need the profile forms, you can replace the
"render_subject" activity with a hardcoded action to set the
"cert_subject" context value to the expected string (using
Tools::SetContext).
Oliver
Am 30.10.2017 um 12:49 schrieb Станислав Захаров:
Good Day!
Thank you very much for the help!
I achieved partial success:
Now the system sent messages about the fact that the certificate will
soon expire in Russian, inserting the user name from LDAP into it.
Name has to be inserted in Latin letters, because about getting
Russian letters from LDAP, the system crashed with message: "FATAL
Uncaught exception: Wide character in subroutine entry at
/usr/lib/perl5/OpenXPKI/Transport/Simple.pm line 58.".
But I have not yet figured out how to change
"certificate_signing_request_v2.yaml" to get the fields "username"
and "email" from LDAP, instead of requesting their input by the user,
as it is implemented in "00_user_basic_style" of
"I18N_OPENXPKI_PROFILE_USER.yaml" ;(
Could you give me a hint?
I want to use "creator" of workflow as "username" (CN part of
certificate subject) and his email from LDAP as "email" part of SAN.
There are a couple of nuances that may be of interest:
1) Inverted logic in the default file notify_expiry.yaml:
----
condition:
is_renewed:
class: OpenXPKI::Server::Workflow::Condition::WFArray
param:
array_name: renewed_identifier
condition: is_empty
---
I changed his name to "is_not_renewed" and changed the processing in
the "CHECK_IF_RENEWED".
2) class:
OpenXPKI::Server::Workflow::Activity::Tools::Connector::GetValue does
not work in array mode.
It returns: " __ACTION__ => expiry_load_userdata; __ERROR__ => No
get_hash() me at /usr/lib/perl5/OpenXPKI/Server/API/Workflow.pm line
1225."
I configured separate scalar connectors for the user name and
emailand it works!
24.10.2017 23:52, Oliver Welter writes:
Hi Stace,
Am 16.10.2017 um 14:56 schrieb Станислав Захаров:
Yes this is possible with the generic connetor system.
You need to setup a connector similar to your LDAP Auth connector
that delivers the requested information. Then add a new activity
to your workflow using the class
OpenXPKI::Server::Workflow::Activity::Tools::Connector::GetValue
This can be used to load information from the Connector into the
workflow context. You can then modifiy the "notify" activities to
access this information and map it into the templates or even use
the given variable names.
I can't find any information about "setup a connector" for workflow ;(
Can you give me any example?
go to the workflow definition file
(workflow/def/certificate_signing_request_v2), scroll down to the
"action" block and add something like
load_userdata:
class:
OpenXPKI::Server::Workflow::Activity::Tools::Connector::GetValue
param:
mode: map
config_prefix: metadata.userinfo
_map_config_key: "[% context.cert_subject_parts.email %]"
attrmap: user_email -> mail, user_name -> name
Have a look at the metadata.yaml file, this is a connector setup for
systemid, make a copy for "userinfo" and place connector of type
Connector::Proxy::Net::LDAP::Simple here (see the documentaton of
the Connector::Proxy::Net::LDAP how to set it up. You will get the
value of the email from the subject as "ARGS.0" as given in the
sample config. The "attrmap" has the LDAP properties on the right
and the context values on the left.
Finally add "load_userdata" before you call the "notify*" actions
into the appropriate workflow steps.
2) How can I set up automatic sending of emails to users who have
certificates that expire within two weeks?
I upgraded my system to 1.18.1 and see new "cert_expiry"
notification settings in smtp.yaml, but I can't find any
information about its usage ;(
Have a look at the notify_expiry which is provided with the sample
config. You can call this e.g. from cron using the "openxpkicmd"
command line tool.
I started workflow, but get certificates in already renewed list ;(
My users can have many certificates with same CN, but different UID.
For example: Certificate with subject
"UID=s60_may+CN=krasnikov,DC=npk,DC=ru" be expired soon, but
"expiry_search_renewed" return it in "Certificates already renewed"
list.
Other certificate "UID=Krasnikov+CN=krasnikov,DC=npk,DC=ru" exists
and valid, but this is certificate for other device.
I use default "search_renewed:" action definition with
"_map_cert_subject: "[% USE Certificate %][% Certificate.body(
context.cert_identifier, 'subject') %]""
How to modify it to match full certificate subject ?
OpenXPKI::Server::Workflow::Activity::Tools::SearchCertificates
manual does not contains any description of "_map_cert_subject"
parameter ;(
The _map prefix just says that this parameter is expanded by
evaluating the expression, it becomes "cert_subject" in the class. I
dont know why this does not match - I think there is some
normalization going on. You can start the inline debugger with
openxpkictl start --debug
OpenXPKI::Server::Workflow::Activity::Tools::SearchCertificates:64
This will print out some useful information from the class to the
"stderr.log"
Oliver
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org!http://sdm.link/slashdot
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
