Y.Lyublev wrote:
> Dear All.
> After last upgrade glite-yaim-3.0.1-15 on LFC (mysql)
> with cut-in of USERsgmNNN there are problems
> of the access of such users on LFC.
>
> [alicesgm@gliocl alicesgm]$ voms-proxy-info
> subject : /C=RU/O=RDIG/OU=users/OU=jinr.ru/CN=Galina
> Shabratova/CN=proxy/CN=proxy/CN=proxy
> issuer : /C=RU/O=RDIG/OU=users/OU=jinr.ru/CN=Galina
> Shabratova/CN=proxy/CN=proxy
> identity : /C=RU/O=RDIG/OU=users/OU=jinr.ru/CN=Galina
> Shabratova/CN=proxy/CN=proxy
> type : unknown
> strength : 1024 bits
> path :
> /opt/vobox/alice/proxy_repository/+2fC+3dRU+2fO+3dRDIG+2fOU+3dusers+2fOU+3dj
> inr+2eru+2fCN+3dGalina+20Shabratova+2fCN+3dproxy
> timeleft : 11:56:47
>
> [alicesgm@gliocl alicesgm]$ globus-job-run ceitep /usr//bin/id
> uid=45502(alicesgm002) gid=1397(alicesgm) groups=1395(alice)
>
> [alicesgm@gliocl alicesgm]$ export LFC_HOST=glwms.itep.ru
> [alicesgm@gliocl alicesgm]$ export LCG_CATALOG_TYPE=lfc
> [alicesgm@gliocl alicesgm]$ lfc-ls -l /
> Could not get virtual id: Can't open configuration file !
> /: No user mapping
>
> If check LFC server log, I see -
>
> 06/04 16:52:44 14690,0 Cns_vo_from_dn: NS023 -
> /home/glbuild/GLITE_3_0_3_RC1_DATA/stage/etc/lcgdm-mapfile is not accessible
> 06/04 16:52:44 14690,0 sendrep: Could not get virtual id: Can't open
> configuration file !
Yes, that was discussed on LCG-Rollout a few weeks ago, and an EGEE broadcast
was sent as well. You need to do this:
mkdir -p /home/glbuild/GLITE_3_0_3_RC1_DATA/stage/etc
ln -s /opt/lcg/etc/lcgdm-mapfile /home/glbuild/GLITE_3_0_3_RC1_DATA/stage/etc
The next version fixes this bug.
> File lcgdm-mapfile does not contain lines for SGM users.
>
> [root@glwms ORIG]# grep sgm /opt/lcg/etc/lcgdm-mapfile
> [root@glwms ORIG]#
The lcgdm-mapfile maps each DN to a _VO_. It is used when the client presents
a simple grid proxy instead of a VOMS proxy.
|