JISCMail - LCG-ROLLOUT Archives

Hi,

On Wed, 10 Sep 2008, Dimitris Zilaskos wrote:
> What other groups and ACLs are there?

Copypasting from the VOMS-Admin webinterface:

________________________________________________________________________
Admin DN & CA		Container  Membership  ACL  Attributes  Requests
------------------------------------------------------------------------
Hernath Szabolcs HUNGRID
KFKI RMKI CA 		rw	   rw	        rwd	rw	rw

host
KFKI RMKI CA 		rw	   rw	 	rwd	rw	rw

/hungrid/Role=VO-Admin
VOMS Role 		rw	   rw		rwd	rw	rw
_______________________________________________________________________

i.e. three more ACLs. First is my VO Admin DN, second seemed to be there 
by default, third as well...


Szabolcs



>
>
> Hernath Szabolcs wrote:
>>  Hi Dimitris,
>>
>>  On Wed, 10 Sep 2008, Dimitris Zilaskos wrote:
>> >  In your top group ACL, do you have
>> > 
>> >  Any Authenticated User
>> >  Dummy Certificate Authority
>> >          listed?
>>
>>  Yes, right now with read permission for all categories. Previosly with
>>  read for 'Container' & 'Membership'. No difference, clients seem to have
>>  insufficient rights to list members...
>>
>>
>> 
>> > 
>> >  Hernath Szabolcs wrote:
>> > >   Dear List,
>> > > 
>> > >  we have upgraded a VOMS server from gLite 3.0 -> 3.1, using the 
>> > >  'upgrade'
>> > >   procedure of the gLite VOMS Server Installation & Configuration Guide
>> > >   (section 3). Voms runs fine and signs proxies all right, but 
>> > >   voms-admin
>> > >   has issues.
>> > > 
>> > >  Although the default ACL has been set as per the guide ("Container 
>> > >  rights:
>> > >   Read permission" and "Membership rights: Read permission" for the top
>> > >   group, see section 3.7), stil only VO Admins can get a memberlist, 
>> > >  and as
>> > >   a consequence, relevant grid-mapfile sections cannot be generated.
>> > > 
>> > >  gLite security trustmanager acknowledges the authenticated entities, 
>> > >  but
>> > >   clients get an internal server error:
>> > > 
>> > >   org.glite.security.voms.admin.common.VOMSAuthorizationException:
>> > >   Insufficient privileges to perform "ListMemberNamesOperation"
>> > > 
>> > >   Even extending the ACL with read permission to all rights did not 
>> > >   help.
>> > >   Any help is appreciated. Thankyou,
>> > >   Regards
>> > > 
>> > >   Szabolcs Hernath
>> > > 
>
>
>
> -- 
> =============================================================================
> Dimitris Zilaskos
> GridAUTH Operations Centre @ Aristotle University of Thessaloniki , Greece
> Tel: +302310998988 Fax: +302310994309
> http://www.grid.auth.gr
> =============================================================================
>