Difference between revisions of "Tools/Manuals/TS113"
< Tools
Jump to navigation
Jump to search
Line 1: | Line 1: | ||
{{Template:Op menubar}} | {{Template:Op menubar}} | ||
{{Template:Doc_menubar}} | {{Template:Doc_menubar}} | ||
{| style="border:1px solid black; background-color:lightgrey; color: black; padding:5px; font-size:140%; width: 90%; margin: auto;" | |||
| style="padding-right: 15px; padding-left: 15px;" | | |||
|[[File:Alert.png]] This article is '''Deprecated''' and should no longer be used, but is still available for reasons of reference. | |||
|} | |||
</noinclude> | |||
[[Category:Deprecated]] | |||
[[Category:Operations Manuals]] | [[Category:Operations Manuals]] | ||
{{TOC_right}} | {{TOC_right}} |
Latest revision as of 14:49, 3 July 2018
Main | EGI.eu operations services | Support | Documentation | Tools | Activities | Performance | Technology | Catch-all Services | Resource Allocation | Security |
Documentation menu: | Home • | Manuals • | Procedures • | Training • | Other • | Contact ► | For: | VO managers • | Administrators |
This article is Deprecated and should no longer be used, but is still available for reasons of reference. |
Back to Troubleshooting Guide
AccessControlBaseRule has an invalid format
Full message
gstat2.0 can report an error:
gstat-validate-se -p 2170 -H site-bdii.example.org -b Mds-vo-name=SITE-NAME,o=Grid ERROR: some-SE.example.org, AccessControlBaseRule has an invalid format, ops ACBR has an invalid format
Diagnosis
A command like
ldapsearch -x -H ldap://site-bdii.example.org:2170 -b \ Mds-vo-name=SITE-NAME,o=Grid \ objectClass=GlueSA GlueSAAccessControlBaseRule
returns a line like
GlueSAAccessControlBaseRule: some-VO
when it should be
GlueSAAccessControlBaseRule: VO:some-VO
Solution
Recent SE info providers should no longer generate the legacy format for a GlueSAAccessControlBaseRule value, which was just the name of the relevant VO. These days the value should either have a VO: prefix for the whole VO, or VOMS: for a VOMS group or role when the access is restricted to that.
On a DPM the legacy format appears when the info provider uses the "--legacy" option: check /opt/glite/yaim/functions/config_gip_dpm and the resulting /opt/glite/etc/gip/provider/se-dpm.