[OpenXPKI-users] openxpkiadm Unable to access table 'certificate'

Tue, 06 Feb 2024 10:22:10 -0800 

PostgreSQL-16
FreeBSd-13.2p9

I am trying to setup openxpki using PostgreSQL as the data store.  After
installing both postgresql16 and openxpki I completed the following steps
successfully using psql:

psql -U postgres -d postgres

CREATE USER openxpki;

CREATE DATABASE openxpki;

GRANT ALL PRIVILEGES ON DATABASE openxpki TO openxpki;

I altered config.d/system/database.yaml

    type: PostgreSQL
    name: openxpki
    user: openxpki
    passwd: openxpki

I checked for local connections in /var/db/postgres/data16/pg_hba.conf:

local   all             all                                     trust

I successfully loaded the openxpki schema for postgresql:

psql --username postgres  openxpki <
/usr/local/share/examples/openxpki/config/contrib/sql/schema-psql.sql

I created the vault key and certificate and moved them to
/usr/local/etc/openxpki/local/keys.

I then tried to load these into openxpki using openxpkiadm. This fails with a
databse permissions error:

sudo --user=openxpki openxpkiadm certificate import --file
/usr/local/etc/openxpki/local/keys/vault.crt
try/catch is experimental at
/usr/local/lib/perl5/site_perl/OpenXPKI/Server/Init.pm line 103.
try/catch is experimental at
/usr/local/lib/perl5/site_perl/OpenXPKI/Server/Init.pm line 107.
Starting import
2024/02/06 13:20:33 Database error: execution of SQL query failed;
__dbi_error__ => ERROR:  permission denied for table certificate, __dsn__ =>
dbi:Pg:database=openxpki;sslmode=allow, __query__ => SELECT identifier,
pki_realm, status, req_key FROM certificate WHERE ( identifier = ? ) LIMIT ?
OFFSET ?, __source__ => DBD::Pg::st::execute, __user__ => openxpki
Database error: execution of SQL query failed
   __dsn__: dbi:Pg:database=openxpki;sslmode=allow
   __dbi_error__: ERROR:  permission denied for table certificate
   __user__: openxpki
   __source__: DBD::Pg::st::execute
   __query__: SELECT identifier, pki_realm, status, req_key FROM certificate
WHERE ( identifier = ? ) LIMIT ? OFFSET ?

It also fails for both root and postgres users.

What step have I missed?

-- 
***          e-Mail is NOT a SECURE channel          ***
        Do NOT transmit sensitive data via e-Mail
   Unencrypted messages have no legal claim to privacy
 Do NOT open attachments nor follow links sent by e-Mail

James B. Byrne                mailto:byrn...@harte-lyne.ca
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3



_______________________________________________
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users

Reply via email to