On Thu, 22 Aug 2002, Andrew McNab wrote:
> Hi,
>
> Please send me the certificate host names of existing (or likely)
> SE machines so I can add them to the GridPP GDMP servers list.
> (eg /O=Grid/O=UKHEP/CN=host/gppse06.gridpp.rl.ac.uk )
Hi Andy,
/O=Grid/O=UKHEP/CN=host/pc30.hep.ucl.ac.uk
> The rest of this is going to be as clear as mud unless you're already
> worrying about the GDMP VO's, so please feel free to skip it for now.
I would, but I've been told not to :) Anyhow, I may possibly have found
the problem, or if not I have a problem I don't understand:
> (For the GridPP people list, you can use an auth line like
>
> auth ldap://vo.gridpp.ac.uk/ou=testbed,dc=gridpp,dc=ac,dc=uk
>
> and it will work ok. But our ou=gdmpservers one doesn't work as an auth
> list.)
It may be because we're still on 1.2beta9 but I don't seem (and never have
done) to be able to do that... it always only authorises the first
subject, which is "description:
subject=/O=Grid/O=UKHEP/OU=hep.man.ac.uk/CN=Sabah Salih"
From the mkgridmap source, I think this is because mkgridmap expects there
to be only one subject per LDAP entity, whereas the gridpp vo has lots of
subjects in a single entity:
dn: ou=testbed,dc=gridpp,dc=ac,dc=uk
description: subject=/O=Grid/O=UKHEP/OU=hep.man.ac.uk/CN=Sabah Salih
description: subject=/O=Grid/O=UKHEP/OU=phy.bris.ac.uk/CN=Owen Maroney
description: subject=/O=Grid/O=UKHEP/OU=hepgrid.clrc.ac.uk/CN=Steve
Traylen
description: subject=/O=Grid/O=UKHEP/OU=hep.ph.ic.ac.uk/CN=Dr D J Colling
<etc>
The Iteam auth server has a seperate entity in the directory structure for
each user (admittedly, there's an awful lot of other info in there,
snipped for brevity):
# Rod Walker, People, testbed, eu-datagrid, org
dn: cn=Rod Walker, ou=People, o=testbed, dc=eu-datagrid, dc=org
<blah>
description: subject=/O=Grid/O=UKHEP/OU=hep.ph.ic.ac.uk/CN=Rod Walker
# Linda Cornwall, People, testbed, eu-datagrid, org
dn: cn=Linda Cornwall, ou=People, o=testbed, dc=eu-datagrid, dc=org
<blah>
description: subject=/O=Grid/O=UKHEP/OU=hepgrid.clrc.ac.uk/CN=Linda
:
:
And Another Thing(R):
> That is, a /opt/edg/etc/mkgridmap.gdmp.conf that just says:
>
> group ldap://vo.gridpp.ac.uk/ou=gdmpservers,dc=gridpp,dc=ac,dc=uk gdmp
> auth ldap://vo.gridpp.ac.uk/ou=gdmpservers,dc=gridpp,dc=ac,dc=uk
but...
\/\/\/
> However, this does not currently work with the mkgridmap utility
> unless you remove all the auth lines from mkgridmap.conf.
/\/\/\
It doesn't work for me, in the same way that the one above doesn't work :/
Paul
--
Paul Mealor
--+-> [log in to unmask] <-+--
<-+-- www.hep.ucl.ac.uk/~pdm/ --+->
| +44 (0)20 7679 3044 <-+--
--+-> x33044 |
|