Tools/Manuals/TS113
< Tools
Jump to navigation
Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.
Main | EGI.eu operations services | Support | Documentation | Tools | Activities | Performance | Technology | Catch-all Services | Resource Allocation | Security |
Documentation menu: | Home • | Manuals • | Procedures • | Training • | Other • | Contact ► | For: | VO managers • | Administrators |
This article is Deprecated and should no longer be used, but is still available for reasons of reference. |
Back to Troubleshooting Guide
AccessControlBaseRule has an invalid format
Full message
gstat2.0 can report an error:
gstat-validate-se -p 2170 -H site-bdii.example.org -b Mds-vo-name=SITE-NAME,o=Grid ERROR: some-SE.example.org, AccessControlBaseRule has an invalid format, ops ACBR has an invalid format
Diagnosis
A command like
ldapsearch -x -H ldap://site-bdii.example.org:2170 -b \ Mds-vo-name=SITE-NAME,o=Grid \ objectClass=GlueSA GlueSAAccessControlBaseRule
returns a line like
GlueSAAccessControlBaseRule: some-VO
when it should be
GlueSAAccessControlBaseRule: VO:some-VO
Solution
Recent SE info providers should no longer generate the legacy format for a GlueSAAccessControlBaseRule value, which was just the name of the relevant VO. These days the value should either have a VO: prefix for the whole VO, or VOMS: for a VOMS group or role when the access is restricted to that.
On a DPM the legacy format appears when the info provider uses the "--legacy" option: check /opt/glite/yaim/functions/config_gip_dpm and the resulting /opt/glite/etc/gip/provider/se-dpm.