Hi, On Wed, 10 Sep 2008, Dimitris Zilaskos wrote: > What other groups and ACLs are there? Copypasting from the VOMS-Admin webinterface: ________________________________________________________________________ Admin DN & CA Container Membership ACL Attributes Requests ------------------------------------------------------------------------ Hernath Szabolcs HUNGRID KFKI RMKI CA rw rw rwd rw rw host KFKI RMKI CA rw rw rwd rw rw /hungrid/Role=VO-Admin VOMS Role rw rw rwd rw rw _______________________________________________________________________ i.e. three more ACLs. First is my VO Admin DN, second seemed to be there by default, third as well... Szabolcs > > > Hernath Szabolcs wrote: >> Hi Dimitris, >> >> On Wed, 10 Sep 2008, Dimitris Zilaskos wrote: >> > In your top group ACL, do you have >> > >> > Any Authenticated User >> > Dummy Certificate Authority >> > listed? >> >> Yes, right now with read permission for all categories. Previosly with >> read for 'Container' & 'Membership'. No difference, clients seem to have >> insufficient rights to list members... >> >> >> >> > >> > Hernath Szabolcs wrote: >> > > Dear List, >> > > >> > > we have upgraded a VOMS server from gLite 3.0 -> 3.1, using the >> > > 'upgrade' >> > > procedure of the gLite VOMS Server Installation & Configuration Guide >> > > (section 3). Voms runs fine and signs proxies all right, but >> > > voms-admin >> > > has issues. >> > > >> > > Although the default ACL has been set as per the guide ("Container >> > > rights: >> > > Read permission" and "Membership rights: Read permission" for the top >> > > group, see section 3.7), stil only VO Admins can get a memberlist, >> > > and as >> > > a consequence, relevant grid-mapfile sections cannot be generated. >> > > >> > > gLite security trustmanager acknowledges the authenticated entities, >> > > but >> > > clients get an internal server error: >> > > >> > > org.glite.security.voms.admin.common.VOMSAuthorizationException: >> > > Insufficient privileges to perform "ListMemberNamesOperation" >> > > >> > > Even extending the ACL with read permission to all rights did not >> > > help. >> > > Any help is appreciated. Thankyou, >> > > Regards >> > > >> > > Szabolcs Hernath >> > > > > > > -- > ============================================================================= > Dimitris Zilaskos > GridAUTH Operations Centre @ Aristotle University of Thessaloniki , Greece > Tel: +302310998988 Fax: +302310994309 > http://www.grid.auth.gr > ============================================================================= >