Hi Todd,

It doesn't work with a single account to map to, either for a particular VO or for a particular role/group within a VO. In this case, you need to have a pool of opssgm accounts. and to map your role to .opssgm, or just use the existing pool .ops for the whole VO...

Best regards, Antun

-----
Antun Balaz
E-mail: [log in to unmask]
Web: http://www.scl.rs/

Phone: +381 11 3713152
Fax: +381 11 3162190

Scientific Computing Laboratory
Institute of Physics Belgrade
Pregrevica 118, 11080 Belgrade, Serbia
-----

On 26 May 2010, at 04:33 , Todd Wu wrote:

Dear list,

I have installed a wms for ronagios, but I encountered a problem that the wms can't
recogonize the role of my FQANs.

Example: ops VO without role:

$ voms-proxy-info -all
subject   : /C=TW/O=AS/OU=GRID/CN=Tz Ke Wu 164236/CN=proxy
issuer    : /C=TW/O=AS/OU=GRID/CN=Tz Ke Wu 164236
identity  : /C=TW/O=AS/OU=GRID/CN=Tz Ke Wu 164236
type      : proxy
strength  : 512 bits
path      : /tmp/x509up_u45065
timeleft  : 11:59:50
=== VO ops extension information ===
VO        : ops
subject   : /C=TW/O=AS/OU=GRID/CN=Tz Ke Wu 164236
issuer    : /DC=ch/DC=cern/OU=computers/CN=lcg-voms.cern.ch
attribute : /ops/Role=NULL/Capability=NULL
attribute : /ops/ROC/Role=NULL/Capability=NULL
attribute : /ops/ROC/AsiaPacific/Role=NULL/Capability=NULL
timeleft  : 11:59:50
$ glite-wms-job-submit -a test.jdl

Connecting to the service https://rocwms.grid.sinica.edu.tw:7443/glite_wms_wmproxy_server


====================== glite-wms-job-submit Success ======================

The job has been successfully submitted to the WMProxy
Your job identifier is:

https://roclb.grid.sinica.edu.tw:9000/fvC9qYUE0Dw-CE902BIfGA

==========================================================================

Example: ops VO with role:

$ voms-proxy-info -all                                    subject   :
/C=TW/O=AS/OU=GRID/CN=Tz Ke Wu 164236/CN=proxy
issuer    : /C=TW/O=AS/OU=GRID/CN=Tz Ke Wu 164236
identity  : /C=TW/O=AS/OU=GRID/CN=Tz Ke Wu 164236
type      : proxy
strength  : 512 bits
path      : /tmp/x509up_u45065
timeleft  : 11:59:54
=== VO ops extension information ===
VO        : ops
subject   : /C=TW/O=AS/OU=GRID/CN=Tz Ke Wu 164236
issuer    : /DC=ch/DC=cern/OU=computers/CN=lcg-voms.cern.ch
attribute : /ops/Role=lcgadmin/Capability=NULL
attribute : /ops/ROC/Role=NULL/Capability=NULL
attribute : /ops/ROC/AsiaPacific/Role=NULL/Capability=NULL
attribute : /ops/Role=NULL/Capability=NULL
timeleft  : 11:59:54
$ glite-wms-job-submit -a test.jdl
Connecting to the service https://rocwms.grid.sinica.edu.tw:7443/glite_wms_wmproxy_server


Error - Operation failed
Unable to submit the job to the service:
https://rocwms.grid.sinica.edu.tw:7443/glite_wms_wmproxy_server
LCMAPS failed to map user credential

Method: jobSubmit
Error code: 1207


In rocwms grid-mapfile, the mapping rule is correct:
"/ops/Role=lcgadmin/Capability=NULL" opssgm
"/ops/Role=lcgadmin" opssgm
"/ops/Role=NULL/Capability=NULL" .ops
"/ops" .ops

I can simply add my DN into mapfile to solve the problem, but I am wondering why this
happened and how to fix it?
Many thanks.

BR,
Todd