Re: [Ejbca-develop] Publisher problem

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Hi

I have now found a bug in the jsp page that made the first publisher not showing
up ('>' were missing). It's checked into the CVS.

But I don't experience the same behaivour as you of the seleced Publishers not
working when creating users. Are you sure you have configured everything
correctly, and that you create users using the right end entity and certificate
profiles?

// Philip

Thu...@ao... said:

>
> Philip, thanks for your input. To be clear, while this is an  annoyance, it
> would not be an issue if when the Publisher(s) that do appear  worked. In other
> words I was able to use either/any to publish my end-entities.  This is a
> much more important issue. Are you experiencing this behavior also? If  not I may
> have another problem I need to investigate.
>
> In a message dated 9/18/2004 1:01:11 AM Eastern Daylight Time,
> ph...@mu... writes:
>
>
> Hi
>
> I've just tested to setup a similar setup as you and I  experence similar
> problems. If I create several publishers, some of them  show up others don't.
> This have probably nothing to do with database or  ldap, it's likely a bug in
> the
> authorization checks.
>
> I will look at  this during the weekend and come back with a resolution.
>
> //  Philip
>
>
> Thu...@ao... said:
>
> >
> > I've dropped  the db and recreated. Reinstalled keyfile into browser.
> > Re-deployed  ejbca in jboss. Attempted the following steps while monitoring
>   the
> > Publisher entries in Certificate Profile and Certificate  Authorities.
> > .
> > 1) verified that the AdminCA1 ca was  created
> > 2) created one Publisher with necessary parameters.
> > 3)  verified the Publisher appears in the Certificate Authorites page.. it
> >  does.
> > 4) created a Certificate Profile.
> > 5) edit Cert Profile  to see if Publisher show in page ... IT DOES  NOT!
> > 6) removed  Cert Profile and Publisher thinking that the Cert Profile may
> > need to  exists before creating Publisher.
> > 7) created new Cert Profile and edit  to see if Publisher exists .. it
> > doesn't (as expected)
> > 8)  checked Cert Authorities page to see if Publishers listed ... it's not
> (
> > as expected)
> > 9) recreated Publisher. It shows in Cert  Authorities page but NOT on Cert
> > Profile page.
> > I'm finding it  hard to believe that I'm the only one who has seen this
> > problem. Is  there any issues of this kind with using either OpenLDAP or
> PostgreSQL?
> >
> >
> > In a message dated 9/17/2004 12:52:07  PM Eastern Daylight Time, Thuffman00
> > writes:
> >
> >
> >  Looked at the table PublisherData and all of the Publishers store look
> >  identical. Same size and, except for the name. same parameter settings.
> There  are
> > 3 Publishers defined in the table. I deleted all but  one. Verified it's
> > existence using "psql" and went back to Edit  Certificates Profile. No
> Publisher's
> > displayed, but I know one  exists in the DB. I can't drop all the
> Publishers
> > and start from  scratch because the root CA created is used by  users
> tomcat and
> >  superadmin and it needs at least one present. Only  alternative I have
> there
> > is to drop user tomcat and superadmin and recreate   them.
> >
> > Suggestions?
> >
> > tom
> >
> > In a  message dated 9/17/2004 9:51:10 AM Eastern Daylight Time,
> >  to...@pr... writes:
> >
> >
> > Certificates are stored to  the publisher after they are stored in  the
> > database,
> > but  only if the certificate profile says they should be.  So if you  can't
> > choos a
> > publisher in the certificate profile,  nothing  will be stored in ldap.
> >
> > The publisher  configuration is stored in  table PublisherData.
> >
> > Is there  any differences between the publishers  that show up when editing
> >  the
> > certificate profile and the ones that  don't? Amount of data  entered etc?
> >
> > /Tomas
> >
> > Thu...@ao...   wrote:
> > >
> > > Special Database, no. Different database  from  what's delivered, yes. I'm
> > > using PostgreSQL. Here's  what the  jboss log shows. Best I can tell
> > everything
> >  > looks ok. While I  realize my base dn is not dcObject, there is no
> reason I
> > can
> > >  see why an attempt is not made to  contact LDAP server. BTW, when is  the
> > > information sent to  LDAP, after it is store in the data  store? Could
> there
> > be  a
> > > problem here? Also what table should  I look in to see in  the data is
> > correct?
> > >
> > > tom
> > > In a  message dated 9/17/2004 8:56:05 AM Eastern Daylight  Time,
> > >  to...@pr... writes:
> > >
> > > Ok, I   can't  reproduce your problem. I have create 5 publishers and they
> >  all
> > > show
> > > up when editing or creating new  certificate  profiles. Are you using any
> > > special
> >  > database? Any  hint what could cause the problem? Errors in  the  JBoss
> log?
> > >
> > > /Tomas
> > >
> >  > Thu...@ao... wrote:
> > >
> > >>
> > >>I  do create my Certificate Profile type as  End Entity. It wasn't a
> >  problem
> > >
> > >
> > >
> > >>with the  selections being grayed out, but them not  showing  at all.  In
> > fact
> > >
> > > I
> > >
> > >>have  three  publishers currently and  only 2 show in the list. Next, I
> log
> > >
> > > into
> > >
> > >>the admin-gui  with   superadmin. I'm not using any special priviledges
> that
> > >
> > >  I'm
> > >
> > >> aware  of.
> > >>
> > >>tom
> > >>
> > >>In a  message dated  9/17/2004  8:30:32 AM Eastern Daylight Time,
> >  >>to...@pr...   writes:
> > >>
> >  >>
> > >>I  create a publisher and  save it (I   don't even have to test the
> > >
> > > connection).
> >  >
> > >>
> > >>When I edit  or create a  certificate  profile after this, I can chose my
> > new
> >  >
> > >
> > >
> > >> publisher from the list. If  you create a SubCA or a RootCA  certificate
> >  >>profil
> > >>the publisher section  is greyed out, you  can only  select publishers
> for
> > >>end-entity  profiles.
> > >>Naturally if  you create an  end-entity  with a  certificate profile where
> > no
> > >>  publisher  is selected, nothing will be   published.
> >  >>
> > >>Do  you use any special CA/RA   administrator privileges? When  I test
> this
> > I
> >  >
> > >
> > >
> > >>run
> > >>everything  as   superadmin.
> > >>
> > >>   Cheers,
> > >>Tomas
> > >>
> >  >>Thu...@ao...   wrote:
> > >>
> >  >>
> > >>>   I have been  unsuccessfully  trying to create  an  end-entity thru
> > EJBCA.
> >  >
> > >
> > >
> > >>>I've created a new   Publisher to  use  with my ldap server. I've tested
> >  and
> > >>
> > >>saved
> > >>
> >  >>
> > >>>the configuration  and all  appears  fine ( I'm  running slapd in
> > diagnostic
> > >>
> >  >>and
> > >>
> > >>
> > >>>can   see the activity). I then created a  new CA that  uses  the
> Publisher
> > >
> > > to
> > >
> > >>
> >  >>
> > >>
> > >>>save  the CA  related  values to LDAP. Again, all appears to  work
> because
> >
> >  >
> > > I
> > >
> > >>can see
> >  >>
> > >>
> > >>>the activity from the   terminal  session for  slapd.  However, when I
> try
> >  to
> > >
> > >
> > >
> > >>>create a  Certificate Profile   which will use the   Publisher, I  don't
> > have
> > >>
> > >>the
> >  >>
> > >>
> > >>>ability  to  select  my  Publisher as an option.  In the section of the
> >  page
> > >>
> > >>that
> > >>
> >  >>
> > >>>display's the Publisher  list,   there's  nothing there. When I try  to
> > >
> > >  create
> > >
> > >>
> > >>an
> >  >>
> > >>
> > >>>end-entity using the new  profile,  I   don't get any  information sent
> to
> >  >>
> > >>LDAP. In
> > >>
> > >>
> >  >>>fact I get no activity at all.  I   know that  my  Publisher works
> because
> > of
> > >>
> >  >>the
> > >>
> > >>
> >  >>>ability  to send the CA   data.  I just can't  figure out why I have no
> > >>
> > >>Publisher
> >  >>
> > >>
> > >>>selection  when I  create   my  Certificate Profile and subsequently, no
> >  data
> > >>>published  to the LDAP  server. I suspect  there is  a configuration
> option
> >
> > >
> >  >
> > >
> > >>I  missed,
> > >>
> >  >>
> > >>>I've just not  been  able  to find  it. Any help would be    appreciated.
> > >>>
> >  >>>tom
> > >>>By:  TLH -   _thuffman00_   (https://sourceforge.net/users/thuffman00/)
> >  >>>_RE: No  Publisher listed  for Certificate   Profile_
> >  >>>(https://sourceforge.net/forum/message.php?msg_id=2763613)
> >  >>>2004-09-17 11:05
> > >>>I seem to have    found a work around  for the non-exsitence of a
> > Publisher
> >  >>
> > >>
> > >>in
> > >>
> >  >>
> > >>>the Certificate  Profile. I   created  another one and it  appears. When
> I
> >  >>
> > >>create a
> > >>
> > >>
> >  >>>third, both the second and original appears  as   Publisher  options.
> But
> > >>
> > >>I'm
> >  >>
> > >>
> > >>>still having a  problem  sending  the info to  LDAP. Am I not
> > understanding
> >  >>
> > >>
> > >>the
> > >>
> >  >>
> > >>>purpose of Certificate profile   and   somewhere  off in left field
> here? I
> >
> >  >>
> > >>thought
> > >>
> > >>
> >  >>>Certificate Profile needs a    publisher for when  your  create an
> > >
> > > end-entity,
> >  >
> > >>with
> > >>
> > >>
> >  >>>a   Certificate  Profile  it will attempt to  store the newly formed
> data
> > >
> > > into
> >  >
> > >>>LDAP. What am  I  missing?
> >  >>>
> > >>>tom
> > >>>
> >  >>>
> > >>
> > >>
> > >>
> >  >>
> > >>   -------------------------------------------------------
> >  >>This    SF.Net email is sponsored by: YOU BE THE JUDGE. Be  one of 170
> > >>  Project  Admins to receive an Apple  iPod Mini FREE for your  judgement
>  on
> > >>who  ports  your project to Linux PPC the  best. Sponsored by   IBM.
> > >>Deadline: Sept. 24.  Go  here:    http://sf.net/ppc_contest.php
> > >>   _______________________________________________
> >  >>Ejbca-develop    mailing   list
> >  >>Ejb...@li...
> > >>   https://lists.sourceforge.net/lists/listinfo/ejbca-develop
> >  >>
> > >>
> > >>
> > >>
> >  >>
> > >
> > >
> > >
> > >
> > >  -------------------------------------------------------
> > >   This  SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of   170
> > > Project  Admins to receive an Apple iPod Mini FREE for  your  judgement on
> > > who ports  your project to Linux PPC  the best.  Sponsored by IBM.
> > > Deadline: Sept. 24.  Go  here:   http://sf.net/ppc_contest.php
> > >   _______________________________________________
> > >  Ejbca-develop   mailing  list
> > >  Ejb...@li...
> > >   https://lists.sourceforge.net/lists/listinfo/ejbca-develop
> >  >
> > >
> > >
> > >
> >  >
> >
> >
> >
> >  -------------------------------------------------------
> > This   SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
> >  Project  Admins to receive an Apple iPod Mini FREE for your judgement  on
> > who ports  your project to Linux PPC the best. Sponsored by  IBM.
> > Deadline: Sept. 24.  Go here:   http://sf.net/ppc_contest.php
> >  _______________________________________________
> > Ejbca-develop   mailing  list
> > Ejb...@li...
> >  https://lists.sourceforge.net/lists/listinfo/ejbca-develop
> >
> >
> >
> >
> >
> >
> >
> >
> >
>
>
>
>
>
> -------------------------------------------------------
> This  SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
> Project  Admins to receive an Apple iPod Mini FREE for your judgement on
> who ports  your project to Linux PPC the best. Sponsored by IBM.
> Deadline: Sept. 24.  Go here:  http://sf.net/ppc_contest.php
> _______________________________________________
> Ejbca-develop  mailing  list
> Ejb...@li...
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>
>
>
>
>