Mike Kenyon ha scritto:
> Hi Hernath,
>
> I think you're encountering the same problem which we came across at
> Glasgow.
>
> We fixed it by setting the Global ACL so that "Anyone who presents a
> certificate issued by a known CA" is "allowed" to "list" members of
> the VO.
>
> Thus, our global ACL table now looks like this:
>
> Allow Operation Admin DN Admin CA
> Allow all Anyone with role /vo.nanocmos.ac.uk/Role=VO-Admin
> Allow all /C=UK/O=eScience/OU=Glasgow/L=Compserv/CN=michael
> kenyon
> Allow list Anyone who presents a certificate issued by a known CA
Hi,
these rules are valids for VOMS 3.0, instead for VOMS 3.1, as written by
Dimitris, it need to set "Anyone" with read permissions for container
and membership rights, so that in the ACL menu is listed
Any Authenticated User
Dummy Certificate Authority
Cheers,
Alessandro
>
>
> It's the latter of these entries which fixed the problem.
>
> See the ScotGrid WIKI at
> http://www.scotgrid.ac.uk/wiki/index.php/Glasgow_VOMS_server_administration#Internal_Server_Error_when_trying_to_getGridmapUsers.3F
>
> for more detailed info.
>
> Cheers,
> Mike.
>
>
> Hernath Szabolcs wrote:
>> Hi,
>>
>> On Wed, 10 Sep 2008, Dimitris Zilaskos wrote:
>>> What other groups and ACLs are there?
>>
>> Copypasting from the VOMS-Admin webinterface:
>>
>> ________________________________________________________________________
>> Admin DN & CA Container Membership ACL Attributes Requests
>> ------------------------------------------------------------------------
>> Hernath Szabolcs HUNGRID
>> KFKI RMKI CA rw rw rwd rw rw
>>
>> host
>> KFKI RMKI CA rw rw rwd rw rw
>>
>> /hungrid/Role=VO-Admin
>> VOMS Role rw rw rwd rw rw
>> _______________________________________________________________________
>>
>> i.e. three more ACLs. First is my VO Admin DN, second seemed to be
>> there by default, third as well...
>>
>>
>> Szabolcs
>>
>>
>>
>>>
>>>
>>> Hernath Szabolcs wrote:
>>>> Hi Dimitris,
>>>>
>>>> On Wed, 10 Sep 2008, Dimitris Zilaskos wrote:
>>>> > In your top group ACL, do you have
>>>> > > Any Authenticated User
>>>> > Dummy Certificate Authority
>>>> > listed?
>>>>
>>>> Yes, right now with read permission for all categories. Previosly
>>>> with
>>>> read for 'Container' & 'Membership'. No difference, clients seem
>>>> to have
>>>> insufficient rights to list members...
>>>>
>>>>
>>>>
>>>> > > Hernath Szabolcs wrote:
>>>> > > Dear List,
>>>> > > > > we have upgraded a VOMS server from gLite 3.0 -> 3.1,
>>>> using the > > 'upgrade'
>>>> > > procedure of the gLite VOMS Server Installation &
>>>> Configuration Guide
>>>> > > (section 3). Voms runs fine and signs proxies all right, but
>>>> > > voms-admin
>>>> > > has issues.
>>>> > > > > Although the default ACL has been set as per the guide
>>>> ("Container > > rights:
>>>> > > Read permission" and "Membership rights: Read permission" for
>>>> the top
>>>> > > group, see section 3.7), stil only VO Admins can get a
>>>> memberlist, > > and as
>>>> > > a consequence, relevant grid-mapfile sections cannot be
>>>> generated.
>>>> > > > > gLite security trustmanager acknowledges the authenticated
>>>> entities, > > but
>>>> > > clients get an internal server error:
>>>> > > > >
>>>> org.glite.security.voms.admin.common.VOMSAuthorizationException:
>>>> > > Insufficient privileges to perform "ListMemberNamesOperation"
>>>> > > > > Even extending the ACL with read permission to all rights
>>>> did not > > help.
>>>> > > Any help is appreciated. Thankyou,
>>>> > > Regards
>>>> > > > > Szabolcs Hernath
>>>> > >
>>>
>>>
>>>
>>> --
>>> =============================================================================
>>>
>>> Dimitris Zilaskos
>>> GridAUTH Operations Centre @ Aristotle University of Thessaloniki ,
>>> Greece
>>> Tel: +302310998988 Fax: +302310994309
>>> http://www.grid.auth.gr
>>> =============================================================================
>>>
>>>
--
Dr. Alessandro Paolini
INFN - CNAF
Viale Berti Pichat 6/2
40127 Bologna
Italy
tel: +39 051 6092723
fax: +39 051 6092746
ICQ: 192172027
skype: alex.paolini
**********************
"credo nel potere del riso e delle lacrime"
"come antidoto all'odio ed al terrore"
"un giorno senza un sorriso"
"è un giorno perso" >>> Charlie Chaplin
|