Hi John,
I did look at myself before writing to the list and I could see my two
entries. For Ewan, in atlas, there was only one associated to the old CA
DN. When I selected the new CA DN and his DN it reported nothing there.
It seems to me that this is a different problem.
I'm not sure about the primary certificate problem surely querying
directly the database rather than through preselected queries from the
API gives more information. I can only trust what I see on the WEB
interface. :-|
cheers
alessandra
Gordon, JC (John) wrote:
> Alessandra, when you look at Ewan (the way you told me offline) you only
> see his primary certificate DN and CA. Take a look at yourself in
> Certificates/Change Primary Certificate. You should see two certs, the
> old one expired. For me, the primary one is the one that shows up in the
> member (and Groups) lists. Steve Traylen looked at the database and told
> me that this is true for others too.
>
> VOMS seems to take the secondary if the primary has expired so VOMRS
> isn't telling the truth (to VO admins). We could advise everyone to
> change their primary to the new one but this is a lot of work. It seems
> to work for most now. I suggest we discuss with VOMRS/VOMS people
> whether they can do a global change - when Maria is back.
>
> John
>
>
>> -----Original Message-----
>> From: Testbed Support for GridPP member institutes
>> [mailto:[log in to unmask]] On Behalf Of Alessandra Forti
>> Sent: 04 August 2008 16:57
>> To: [log in to unmask]
>> Subject: Re: Certifcate problem
>>
>> I checked for atlas and you appear only under the old CA DN.
>> I can't check for dteam.
>>
>> cheers
>> alessandra
>>
>> Ewan MacMahon wrote:
>>
>>>> -----Original Message-----
>>>> From: Testbed Support for GridPP member institutes [mailto:TB-
>>>>
>>>> I've been waiting for a little extra information before writing to
>>>> the users list since many of us have had the expiry notification.
>>>> What the notification does not tell you is that after the last CA
>>>> event all (minus a few!) UK users were registered via
>>>>
>> VOMRS with both
>>
>>>> their now expired certificate and the new one (which you have
>>>> recently started using). I suspect in your case you are one of the
>>>> "minus a few" who
>>>>
>>>>
>>> got
>>>
>>>
>>>> overlooked in one of the registrations (for ATLAS).
>>>>
>>>>
>>>>
>>> I wonder if this is a matter of timing - I've only been
>>>
>> registered in
>>
>>> the atlas VO since the end of April this year, so if the change was
>>> made before that, then I subsequently registered with my old
>>> certificate and the change process wasn't re-run we'd have
>>>
>> got to this situation.
>>
>>>
>>>
>>>> If the old certificate had not yet expired you could do the update
>>>> via VOMRS yourself. The easiest way to fix it now
>>>>
>> (assuming this is
>>
>>>> the
>>>> reason) is to contact the VO admin directly and explain
>>>>
>> that you are
>>
>>>> now using a certificate with the new CA DN.
>>>>
>>>>
>>>>
>>> Right-o. I'll GGUS them.
>>>
>>>
>>>
>>>> -----Original Message-----
>>>> On Behalf Of Alessandra Forti
>>>>
>>>> Maybe Ewan updated his certificate (and therefore the
>>>>
>> issuer DN) with
>>
>>>> dteam but not with atlas.
>>>>
>>>>
>>>>
>>> Of the three VOs I'm in I've done a full from-scratch
>>>
>> re-registration
>>
>>> for vo.southgrid.ac.uk on the gridpp VOMS, and done nothing
>>>
>> at all for
>>
>>> the two hosted at CERN.
>>>
>>>
>>> Ewan
>>>
>>>
>> --
>> Well you'll still need a tray
>>
>>
--
Well you'll still need a tray
|