Symptom
When creating a RSA CA object, clicking the 'Retrieve' button next to the Jursdiction selection combo box results in a 'XrcNOTFOUND' error displayed at the top of the page.
Cause
The certificate credential does not have access to read the jurisdiction configuration in the RCM LDAP database.
Solution
Add an additional LDAP rule to the 'objectclass=xuda_domain_config' that grants the certificate credential used by Venafi TPP read access. In the following example, the Venafi certificate credential has a MD5 value of 10321795d551bd3b5ef6196d07cbc11f:
#
# Admin server can write the Jurisdiction Object
# all other RSA Certificate Management Products can read them.
#
access to filter="objectclass=xuda_domain_config"
by dn="md5=23f2c3ccc693bc8a4b078e14cc39ae14" write
by dn="md5=aa25292fc52115aaa4d4451da8a716ab" read
by dn="md5=c180c35d555b2fdecabeede4c049d142" read
by dn="md5=a8cf43d3b3da58280848ad35954572be" read
by dn="md5=10321795d551bd3b5ef6196d07cbc11f" read
by dn="rsakeon_products" read
by dn=".*" none
Comments