Tools/Manuals/TS113

From EGIWiki
Jump to: navigation, search
Main EGI.eu operations services Support Documentation Tools Activities Performance Technology Catch-all Services Resource Allocation Security


Documentation menu: Home Manuals Procedures Training Other Contact For: VO managers Administrators


Alert.png This article is Deprecated and should no longer be used, but is still available for reasons of reference.

Contents



Back to Troubleshooting Guide


AccessControlBaseRule has an invalid format

Full message

gstat2.0 can report an error:

gstat-validate-se -p 2170 -H site-bdii.example.org -b Mds-vo-name=SITE-NAME,o=Grid
ERROR: some-SE.example.org, AccessControlBaseRule has an invalid format,
ops ACBR has an invalid format

Diagnosis

A command like

ldapsearch -x -H ldap://site-bdii.example.org:2170 -b \
   Mds-vo-name=SITE-NAME,o=Grid \
   objectClass=GlueSA GlueSAAccessControlBaseRule

returns a line like

GlueSAAccessControlBaseRule: some-VO

when it should be

GlueSAAccessControlBaseRule: VO:some-VO

Solution

Recent SE info providers should no longer generate the legacy format for a GlueSAAccessControlBaseRule value, which was just the name of the relevant VO. These days the value should either have a VO: prefix for the whole VO, or VOMS: for a VOMS group or role when the access is restricted to that.

On a DPM the legacy format appears when the info provider uses the "--legacy" option: check /opt/glite/yaim/functions/config_gip_dpm and the resulting /opt/glite/etc/gip/provider/se-dpm.

Personal tools
Namespaces
Variants
Actions
Navigation
Toolbox
Print/export