Tools/Manuals/TS113

From EGIWiki
Jump to: navigation, search
Main EGI.eu operations services Support Documentation Tools Activities Performance Technology Catch-all Services Resource Allocation Security


Documentation menu: Home Manuals Procedures Training Other Contact For: VO managers Administrators

Contents



Back to Troubleshooting Guide


AccessControlBaseRule has an invalid format

Full message

gstat2.0 can report an error:

gstat-validate-se -p 2170 -H site-bdii.example.org -b Mds-vo-name=SITE-NAME,o=Grid
ERROR: some-SE.example.org, AccessControlBaseRule has an invalid format,
ops ACBR has an invalid format

Diagnosis

A command like

ldapsearch -x -H ldap://site-bdii.example.org:2170 -b \
   Mds-vo-name=SITE-NAME,o=Grid \
   objectClass=GlueSA GlueSAAccessControlBaseRule

returns a line like

GlueSAAccessControlBaseRule: some-VO

when it should be

GlueSAAccessControlBaseRule: VO:some-VO

Solution

Recent SE info providers should no longer generate the legacy format for a GlueSAAccessControlBaseRule value, which was just the name of the relevant VO. These days the value should either have a VO: prefix for the whole VO, or VOMS: for a VOMS group or role when the access is restricted to that.

On a DPM the legacy format appears when the info provider uses the "--legacy" option: check /opt/glite/yaim/functions/config_gip_dpm and the resulting /opt/glite/etc/gip/provider/se-dpm.

Personal tools
Namespaces
Variants
Actions
Navigation
Toolbox
Print/export