Hi,
On Wed, 10 Sep 2008, Dimitris Zilaskos wrote:
> What other groups and ACLs are there?
Copypasting from the VOMS-Admin webinterface:
________________________________________________________________________
Admin DN & CA Container Membership ACL Attributes Requests
------------------------------------------------------------------------
Hernath Szabolcs HUNGRID
KFKI RMKI CA rw rw rwd rw rw
host
KFKI RMKI CA rw rw rwd rw rw
/hungrid/Role=VO-Admin
VOMS Role rw rw rwd rw rw
_______________________________________________________________________
i.e. three more ACLs. First is my VO Admin DN, second seemed to be there
by default, third as well...
Szabolcs
>
>
> Hernath Szabolcs wrote:
>> Hi Dimitris,
>>
>> On Wed, 10 Sep 2008, Dimitris Zilaskos wrote:
>> > In your top group ACL, do you have
>> >
>> > Any Authenticated User
>> > Dummy Certificate Authority
>> > listed?
>>
>> Yes, right now with read permission for all categories. Previosly with
>> read for 'Container' & 'Membership'. No difference, clients seem to have
>> insufficient rights to list members...
>>
>>
>>
>> >
>> > Hernath Szabolcs wrote:
>> > > Dear List,
>> > >
>> > > we have upgraded a VOMS server from gLite 3.0 -> 3.1, using the
>> > > 'upgrade'
>> > > procedure of the gLite VOMS Server Installation & Configuration Guide
>> > > (section 3). Voms runs fine and signs proxies all right, but
>> > > voms-admin
>> > > has issues.
>> > >
>> > > Although the default ACL has been set as per the guide ("Container
>> > > rights:
>> > > Read permission" and "Membership rights: Read permission" for the top
>> > > group, see section 3.7), stil only VO Admins can get a memberlist,
>> > > and as
>> > > a consequence, relevant grid-mapfile sections cannot be generated.
>> > >
>> > > gLite security trustmanager acknowledges the authenticated entities,
>> > > but
>> > > clients get an internal server error:
>> > >
>> > > org.glite.security.voms.admin.common.VOMSAuthorizationException:
>> > > Insufficient privileges to perform "ListMemberNamesOperation"
>> > >
>> > > Even extending the ACL with read permission to all rights did not
>> > > help.
>> > > Any help is appreciated. Thankyou,
>> > > Regards
>> > >
>> > > Szabolcs Hernath
>> > >
>
>
>
> --
> =============================================================================
> Dimitris Zilaskos
> GridAUTH Operations Centre @ Aristotle University of Thessaloniki , Greece
> Tel: +302310998988 Fax: +302310994309
> http://www.grid.auth.gr
> =============================================================================
>
|