Hi Daniel, this is mentioned in here: https://github.com/openxpki/openxpki-config/blob/master/UPGRADEv3.md#acl
Regards, Jeff On Sun, 8 Dec 2019 at 16:42, Daniel Berteaud <[email protected]> wrote: > Hi guys. > > I'm trying to upgrade my 2.5.5 installation to v 3.1.4. It's a manual > install on CentOS 7. I get an error when trying to login : > > Dec 08 16:16:20 openxpki (main) worker: connected[11429]: INFO - Login > successful using authentication stack 'User' (user: 'dani', role: 'RA > Operator') > Dec 08 16:16:20 openxpki (main) worker: connected[11429]: INFO - Login > successful using authentication stack 'User' (user: 'dani', role: 'RA > Operator') > Dec 08 16:16:20 openxpki perl[10993]: OpenXPKI-WebUI Authentication > successul - fetch session info > Dec 08 16:16:20 openxpki (main) worker: dani (RA Operator)[11429]: ERROR > - ACL does not permit call to API command; __caller__ => > /opt/openxpki/lib/perl5/x86_64-linux-thread-multi/OpenXPKI/Service/Default/CommandApi2.pm:77, > __command__ => get_session_info > Dec 08 16:16:20 openxpki (main) worker: dani (RA Operator)[11429]: ERROR > - ACL does not permit call to API command; __caller__ => > /opt/openxpki/lib/perl5/x86_64-linux-thread-multi/OpenXPKI/Service/Default/CommandApi2.pm:77, > __command__ => get_session_info > Dec 08 16:16:20 openxpki perl[10993]: OpenXPKI-WebUI ACL does not permit > call to API command > > Previously I was using the openxpki session driver, which is now > deprecated, so I'm switching to the default (file based). Maybe I'll switch > to the driver:openxpki later, but I'd like to get things working with the > simpler file based driver. Auth is handled by an external script (which > check bind against a samba4 DC), and this part seems to be working, as I'm > authentified, and get the correct "RA Operator" role. But I'm not sure what > the ACL error means. > > No file is created in the directory I've set in the session_driver section > (not sure if it should be created before or after the call to > get_session_info which is failing) > > Any idea where I should look to debug this ? > > -- > > [image: Logo%20FWS] <https://www.firewall-services.com> > *Daniel Berteaud* > FIREWALL-SERVICES SAS, La sécurité des réseaux > Société de Services en Logiciels Libres > Tél : +33.5 56 64 15 32 > Matrix: @dani:fws.fr > https://www.firewall-services.com > _______________________________________________ > OpenXPKI-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/openxpki-users >
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
