Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn more

View all

Sign in to view all badges

SOLVED

Service User with Keystore - importing via a package half-fails

fionas76543059
Level 4
Level 4

Hi folks,

On the Author instance in the Stage environment, I created a Service User and added a Keystore that I created via open_ssl.

I used the ACL Packager program to build a package with my service user principal

and its permissions and keystore. I then replicated the package to the publish servers and it all worked fine. 

 

 

consult.png

 

However when I came to import the package on the Prod environment Author, I

was not so successful.

 

From the useradmin screen, it looked fine.

consult2.png

 

The system user was there with all the permissions and the keystore.

But, when I had a look at the security screen, no keystore was recognized...

 

 

consult3.png

 

So importing the service user and its keystore via package didn't work for me.

Unfortunately, I am supposed to use Packages exclusively on the Prod environment

so I'm a bit stumped.

Any suggestions ?

thanks

Fiona

1 Accepted Solution
fionas76543059
Correct answer by
Level 4
Level 4

I'll answer my own question as it got worked out eventually.

 

It seems that the service-user+keystore package that I created in the lower environments didn't import properly into the Prod environment Author due to security checks.

In the end, I created the system user manually using crx/explorer/index.jsp in the Prod Author environment, uploaded the keystore file (from security/users.html) , made sure  /home/users/system/blah...  directory was ticked for all permissions incl replications. (useradmin)

Then I created an ACL Packager packer with the system user, and its principal, built the package and replicated to publish servers. This seemed to work o.k. at  least the keystore information showed up correctly when I viewed it from (security/users.html)

View solution in original post

4 Replies
fionas76543059
Correct answer by
Level 4
Level 4

I'll answer my own question as it got worked out eventually.

 

It seems that the service-user+keystore package that I created in the lower environments didn't import properly into the Prod environment Author due to security checks.

In the end, I created the system user manually using crx/explorer/index.jsp in the Prod Author environment, uploaded the keystore file (from security/users.html) , made sure  /home/users/system/blah...  directory was ticked for all permissions incl replications. (useradmin)

Then I created an ACL Packager packer with the system user, and its principal, built the package and replicated to publish servers. This seemed to work o.k. at  least the keystore information showed up correctly when I viewed it from (security/users.html)

View solution in original post

kautuk_sahni
Community Manager
Community Manager
Thank you for sharing the answer with Community. This would help in posterity.
Ankur_Khare
Community Advisor
Community Advisor

Its because of the import , some time you need to delete the keystore from the user and recreate the key it works fine.