hello all :
I study OpenCA for a long time painfully , so I need help now .
RBAC in OpenCA is confused to me,and I can't get encough guide in
OpenCA Guides for 0.9.2+. Besides, I also can't find the result in
openca-users mail list.
Environment: OpenCA 0.9.3-RC ,
CA and RA installed in one machine.
Red hat 9 is the Operation System
Mysql is Database.
I can run the workflow successfully both request certificate and revoke
certificate. however , I don't understand the role and right of OpenCA.
question 1: when I login in ca department by passwd way, General ->
Configuration ->Right->Add new right.
ERROR:
*
...............................................................................................................................
*
...............................................................................................................................
I check the file opencaDirectory/etc/access_control/ca.xml,it has below
configuration
............................................................................................................................
<acl_config>
<acl>yes</acl>
<list>/usr/local/openca/ca/etc/rbac/acl.xml</list>
<command_dir>/usr/local/openca/ca/etc/rbac/cmds</command_dir>
<module_id>0</module_id>
<map_role>yes</map_role>
<map_operation>yes</map_operation>
</acl_config>
............................................................................................................................
also I check the opencaDirectory/etc/rbac/acl.xml,it has below configuration
for access control configuration
.............................................................................................................................
<permission>
<module>0</module>
<role>.*</role>
<operation>access control configure</operation>
<owner>.*</owner>
</permission>
...........................................................................................
check the opencaDirectory/etc/rbac/cmds/*,I found "add_right" "add_role"
"delete_right" "delete_module" all belong to "access control configure",they
have the content like belows
........................................................................................................................
<openca>
<command_config>
<command>
<name>delete_module</name>
<operation>access control configure</operation>
<owner_method></owner_method>
<owner_argument></owner_argument>
</command>
</command_config>
</openca>
...................................................................................................................
but in my system,I can delete Modules and add roles,but can't "add new
right" and "delete right",when delete right has below error,
..................................................................................................................................
Error 700
*General Error* The compilation of the command cmdDelete_right failed.
Can't call method "get_xpath" on an undefined value at (eval 125) line 20.
..................................................................................................................................
when add right has below error:
..................................................................................................................................
Error 690
*Configuration Error*. The access control configuration was not
initialized..
.................................................................................................................................
How to solve the problem ?
question 2: how the RBAC to work in OpenCA ? I can find out the
configuration in opencaDirectory/etc/rbac/cmds/*,
opencaDirectory/etc/rbac/acl.xml,opencaDirectory/etc/access_control/ca.xml.But,
for example, I assgin a role to a new user ,the OpenCA how to kown which
role the new user is?
Thank you very much !
lampa mao
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Openca-Users mailing list
Openca-Users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openca-users
