Hi All,
Oliver thanks for pointing out details that I was missing.
Here is what I am trying to do : allow automatic generation via Scep of
certificates in *.dev.mydomain.lan
eligible:
initial:
value@: connector:scep.scep-server-1.connector.initial
args:
- "[% context.cert_subject %]"
renewal:
value: 1
connector:
initial:
class: OpenXPKI::Connector::Regex
LOCATION: .*.dev.mydomain.lan
Problem is the Perl file for Regexp is not found by OpenxPki
==> /var/log/openxpki/openxpki.log <==
2019/03/11 11:58:53 ERROR Caught exception from action: Can't locate object
method "new" via package "OpenXPKI::Connector::Regex" (perhaps you forgot
to load "OpenXPKI::Connector::Regex"?) at
/usr/share/perl5/Connector/Multi.pm line 203.
; reset workflow to old state 'START_APPROVAL'
[pid=31472|sid=cg6U|wftype=certificate_enroll|wfid=22527|sceptid=166678366422AD7D7F5A0ADA007B99D8]
I found that I have one file Regex.pm on disk here :
/usr/lib/x86_64-linux-gnu/perl5/5.20/OpenXPKI/Server/Workflow/Validator/Regex.pm
So I tried to make a symbolic link in :
/usr/lib/x86_64-linux-gnu/perl/5.20.2/OpenXPKI/Connector/Regex.pm
/usr/lib/x86_64-linux-gnu/perl5/5.20/OpenXPKI/Connector/Regex.pm
that links to
/usr/lib/x86_64-linux-gnu/perl5/5.20/OpenXPKI/Server/Workflow/Validator/Regex.pm
But that does not work.
The perl Regexp Module of the Debian 8 is installed, I may be missing
something.
Thanks
Raphaël
Le sam. 2 mars 2019 à 08:18, Oliver Welter <[email protected]> a écrit :
> Hi Raphael,
>
> the docs of the EvaluateEligibilty Class should give you an idea of how
> to call the connector from the config:
>
>
> https://github.com/openxpki/openxpki/blob/master/core/server/OpenXPKI/Server/Workflow/Activity/Tools/EvaluateEligibility.pm
>
> And there is also a new connector that can perform a RegEx check:
>
> https://github.com/openxpki/openxpki/blob/master/core/server/OpenXPKI/Connector/Regex.pm
>
> So no need to write a single line of perl - its just config ;)
>
> Regarding the configuration of the workflow have a look here
>
> https://openxpki.readthedocs.io/en/latest/reference/configuration/workflows/scep.html
>
> The password should become active by juts setting it in the config.
>
> Oliver
>
> Am 27.02.19 um 13:12 schrieb Raphael Buquet:
> >
> > Hi all,
> >
> > I have a question regarding the SCEP eligibility step.
> > I have tested the process with 1 (unconditional generation) and 0 (no
> > generation of certificate), and this is working as expected.
> >
> > eligible:
> > initial:
> > value: 0
> >
> > I would like to write a connector to accept or deny more precisely, for
> > example with the subject CN. Imagine I want to generate certificates for
> > docker.mydomain.local (eligibility : 1) but not for the rest of domain
> > mydomain.local.
> > Would you have a simple connector that is working to make me start ? Can
> > I use a Regexp to do this ? Do we have to write a mini Perl or Bash
> > script that returns the resulting eligibility ?
> > I do not find a simple example to start with and I am not a Perl
> developper.
> >
> > I also tried the password for scep request, and the certificate gets
> > generated all the time :
> > - when I do not set a password in request,
> > - when I put the right password,
> > - and when I put another password.
> >
> > The password check does not seem to be active, is there an option to
> > activate or is it more complex ?
> >
> > challenge:
> > value: SecretChallenge
> >
> > Many thanks
> >
> > Raphaël Buquet
> >
> >
> > _______________________________________________
> > OpenXPKI-users mailing list
> > [email protected]
> > https://lists.sourceforge.net/lists/listinfo/openxpki-users
> >
>
>
> --
> Protect your environment - close windows and adopt a penguin!
>
> _______________________________________________
> OpenXPKI-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/openxpki-users
>
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
