Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

Tools/Manuals/TS113

From EGIWiki
< Tools
Revision as of 16:18, 15 September 2011 by Aesch (talk | contribs) (Created page with '{{TOC_right}} Category:FAQ ------ Back to Troubleshooting Guide ------ = AccessControlBaseRule has an invalid format = == Full messag…')
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Back to Troubleshooting Guide

AccessControlBaseRule has an invalid format

Full message

gstat2.0 can report an error: 

gstat-validate-se -p 2170 -H site-bdii.example.org -b Mds-vo-name=SITE-NAME,o=Grid
ERROR: some-SE.example.org, AccessControlBaseRule has an invalid format,
ops ACBR has an invalid format

Diagnosis

A command like 

ldapsearch -x -H ldap://site-bdii.example.org:2170 -b \
   Mds-vo-name=SITE-NAME,o=Grid \
   objectClass=GlueSA GlueSAAccessControlBaseRule

returns a line like 

GlueSAAccessControlBaseRule: some-VO

when it should be 

GlueSAAccessControlBaseRule: VO:some-VO

Solution

Recent SE info providers should no longer generate the legacy format for a GlueSAAccessControlBaseRule value, which was just the name of the relevant VO. These days the value should either have a VO: prefix for the whole VO, or VOMS: for a VOMS group or role when the access is restricted to that.

On a DPM the legacy format appears when the info provider uses the "--legacy" option: check /opt/glite/yaim/functions/config_gip_dpm and the resulting /opt/glite/etc/gip/provider/se-dpm.

Retrieved from "https://wiki.egi.eu/w/index.php?title=Tools/Manuals/TS113&oldid=24576"