Hi Marten,
> The idea is that you potentially asked for special privileges (e.g. sgm
> or prd), so the service must not silently map you to an ordinary account.
>
> Instead it must signal that your primary FQAN is not supported (usually
> this means the service has not been configured correctly).
I do not get an error message that something went wrong with the
mapping.
> So, to allow for "/desy/test" you either need to have explicit patterns
> for that, or you can define a wildcard as you did.
OK, if I introduce a wildcard, the roles (sgm or prd) are ignored. Could
that be a bug, or did I misconfigure anything?
It should be possible to have a correct mapping without specifying all
groups from within a VO.
Best
Yves
--------------------------------------------
Yves Kemp
[log in to unmask] Desy IT 2b/312
Fon: +49-(0)40-8998-2318 Notkestr. 85
Fax: +49-(0)40-8994-2318 D-22607 Hamburg
--------------------------------------------
|