With Dimitris' help it turned out that the 'Authuser' ACL (let's call it
that) _must_not_ be the default ACL, but a regular one. Now the problem is
gone! Thanks once again Dimitris!
Szabolcs
On Wed, 10 Sep 2008, Hernath Szabolcs wrote:
> Dear List,
>
> we have upgraded a VOMS server from gLite 3.0 -> 3.1, using the 'upgrade'
> procedure of the gLite VOMS Server Installation & Configuration Guide
> (section 3). Voms runs fine and signs proxies all right, but voms-admin has
> issues.
>
> Although the default ACL has been set as per the guide ("Container rights:
> Read permission" and "Membership rights: Read permission" for the top group,
> see section 3.7), stil only VO Admins can get a memberlist, and as a
> consequence, relevant grid-mapfile sections cannot be generated.
>
> gLite security trustmanager acknowledges the authenticated entities, but
> clients get an internal server error:
>
> org.glite.security.voms.admin.common.VOMSAuthorizationException: Insufficient
> privileges to perform "ListMemberNamesOperation"
>
> Even extending the ACL with read permission to all rights did not help.
> Any help is appreciated. Thankyou,
> Regards
>
> Szabolcs Hernath
>
|