Hi,
   While we are trying out the things you pointed out, I would like to get
clarified on one issue :
This VOMS credential has been integrated with LCAS-LCMAPSframework to work
with pre-WS grid services like gridFTP/GRAM.
In EGEE, this works with gLite gate-keeper and gridFTP(which is but a
wrap-around of the respective Globus services). Right?
If so, then has anyone tried using the LCAS-LCMAPS framework with Globus
gate-keeper and gridFTP?

Thanks & Regards,
Kakoli

> -----Original Message-----
> From: Oscar Koeroo [mailto:[EMAIL PROTECTED]
> Sent: Monday, September 29, 2008 6:55 PM
> To: Vipul.B
> Cc: [EMAIL PROTECTED]; [email protected]
> Subject: Re: Problem in using LCAS-LCMAPS with Globus and VOMS
>
>
> Hi Vipul,
>
> That version indeed has the fix.
>
> I guess it's a configuration issue now.
> Is the gsi-authz.conf at /etc/grid-security/gsi-authz.conf
> That location is searched for by the gt4 tools.
>
>
> The VO mapfile should only have:
> "/trial" globus
> "/trial/*" globus
>
>
> I would also configure the vomslocalgroup plugin. The groupmapfile
> should contain:
> "/trial" globus
> "/trial/*" globus
>
>
> For testing I would only configure the lcas_userban.mod with an empty
> ban _users.db file in the lcas.db.gridftp for the simple reason to test
> the service.
>
> Let the lcas_voms.mod look to the grid-mapfile or vomapfile that you have.
>
> change the content of the lcas_voms.mapfile to:
> "/trial" globus
> "/trial/*" globus
>
>
> Export the following elements in the gridftpd's environment:
>
> export LCAS_LOG_LEVEL=5
> export LCAS_DEBUG_LEVEL=5
> export LCMAPS_LOG_LEVEL=5
> export LCMAPS_DEBUG_LEVEL=5
>
> 5 mean very-very verbose, 0 means nearly nothing. Normal operational
> setting is:
> export LCAS_LOG_LEVEL=1
> export LCAS_DEBUG_LEVEL=0
> export LCMAPS_LOG_LEVEL=1
> export LCMAPS_DEBUG_LEVEL=0
>
> Tune as you seem fit.
>
>
> cheers,
>
>       Oscar
>
>
>
> Vipul.B wrote:
> > Hi Oscar,
> >     Correct me if I am wrong : VOMS credential is supported for
> accessing
> > pre-WS globus services like Globus gate-keeper and Globus gridFTP(Not
> > only the glite versions) via the lcas-lcmaps-gt4-interface?
> > If yes, then the following should work.
> >     I have taken the binary from the link :
> >
> http://eticssoft.web.cern.ch/eticssoft/repository/org.glite/org.gl
> ite.security.lcas-lcmaps-gt4-interface/0.0.14
> > The bug #35981 is fixed in this?
> >
> > And I am using Globus gridftp in GT4.0.7
> > On calling globus-url-copy, getting error :
> > ---------------------------------------------------
> > debug: starting to get gsiftp://192.168.61.197/home/globususer/tot
> > debug: connecting to gsiftp://192.168.61.197/home/globususer/tot
> > debug: response from gsiftp://192.168.61.197/home/globususer/tot:
> > 220 192.168.61.197 GridFTP Server 2.7 (gcc32dbg, 1204845443-63) [Globus
> > Toolkit 4.0.7] ready.
> >
> > debug: authenticating with gsiftp://192.168.61.197/home/globususer/tot
> > debug: fault on connection to
> > gsiftp://192.168.61.197/home/globususer/tot: an end-of-file was reached
> > debug: data callback, error an end-of-file was reached, buffer
> > 0xb7deb008, length 0, offset=0, eof=true
> > debug: operation complete
> > error: an end-of-file was reached
> > globus_xio: An end of file occurred.
> > --------------------------------------------
> > The file gets created with 0 bytes.
> > Attaching the configuration files.
> >
> > Kindly advise.
> >
> > Also, how do I enable logging in LCAS-LCMAPS, so that I can trace the
> > entire flow?
> >
> >
> > Thanks & Regards,
> > Vipul Borikar
> > CDAC,Banglore
> >
> >
> >
> >
> >
> >
> >> Hello Vipul,
> >>
> >> Please look for the newer version of the gt4 interface which has the
> >> names fixed (and a bug fixed): glite-security-lcas-lcmaps-gt4-interface
> >>
> >> And I'd update the LCAS and LCMAPS installation to the glite versions:
> >> http://linuxsoft.cern.ch/EGEE/gLite/R3.1/generic/sl4/i386/RPMS.release/
> >>
> >> Also in the glite-security-lcas-lcmaps-gt4-interface package, there
> >> should be a small script that loads the lcas-lcmaps-gt4-interface and
> >> redirects it to the LCAS and LCMAPS frameworks for the AuthZ and
> >> identity mapping functionality.
> >>
> >> These edg-* tools are very old.
> >>
> >> The LCAS framework now has the configuration to allow
> >> "/VO=trial/GROUP=trial/*" globus
> >>
> >> This should be changed to the new format for VOMS FQANs
> >> "/trial" globus
> >> "/trial/*" globus
> >>
> >> Here is more info on the configuration:
> >> https://savannah.cern.ch/patch/?1830
> >>
> >> The lcmaps configuration on that page is not for a GridFTP, but the
> >> version of the RPMS that are used now in the EGEE systems is
> stated here.
> >>
> >>
> >> When I look at the lcas-vomsfile you send, then I guess this to be your
> >> grid-mapfile for testing. As the 'globus' account is a
> non-pool account,
> >> its a local account. If you wish to do the identity (to Unix account)
> >> mapping based on the VOMS FQANs, then you should use the
> >> voms_localaccount plugin and the posix_enf plugin.
> >>
> >>
> >> Example lcmaps.db:
> >> BOF
> >> path = /opt/glite/lib/modules
> >>
> >>
> >> vomslocalaccount = "lcmaps_voms_localaccount.mod"
> >> " -gridmapfile /etic/grid-security/gridmapfile"
> >>
> >> posix_enf = "lcmaps_posix_enf.mod"
> >>
> >>
> >> # policies
> >> vomsevalpolicy:
> >> vomslocalaccount -> posix_enf
> >> EOF
> >>
> >>
> >> cheers,
> >>
> >>    Oscar
> >>
> >>
> >>
> >> Vipul Borikar wrote:
> >>> Hello all,
> >>>     I am trying to access pre-WS components of Globus like gridFTP
> >>> through VOMS credential.
> >>> For this, I have installed the following :
> >>> #GT4.0.7
> >>> #VOMS server 1.8 and used it to generate VOMS certificates.
> >>> #LCAS, LCMAPS binary RPM for Red hat is taken from the link
> >>>
> http://grid-deployment.web.cern.ch/grid-deployment/download/RpmDir/WP4/
> >>> The components installed are :
> >>> # edg-lcas_gcc3_2_2-voms_plugins-1.1.22-1
> >>> # edg-lcas_gcc3_2_2-1.1.22-1
> >>> # edg-lcmaps_gcc3_2_2-0.0.30-1
> >>> # edg-lcmaps_gcc3_2_2-voms_plugins-0.0.30-1
> >>> # edg-lcmaps_gcc3_2_2-basic_plugins-0.0.30
> >>> # org.glite.security.lcas-lcmaps-gt4-interface libraries from eticsoft
> >>>
> >>>
> >>> Then I generate VOMS credential through voms-proxy-init in
> the standard
> >>> location.
> >>> Then when I give the command
> >>>
> >>> globus-url-copy -dbg gsiftp://192.168.61.197/home/globususer/tot
> >>> file:///home/globususer/wall/tot1
> >>>
> >>> I get the error :
> >>> debug: starting to get gsiftp://192.168.61.197/home/globususer/tot
> >>> debug: connecting to gsiftp://192.168.61.197/home/globususer/tot
> >>> debug: response from gsiftp://192.168.61.197/home/globususer/tot:
> >>> 220 192.168.61.197 GridFTP Server 2.7 (gcc32dbg,
> 1204845443-63) [Globus
> >>> Toolkit 4.0.7] ready.
> >>>
> >>> debug: authenticating with gsiftp://192.168.61.197/home/globususer/tot
> >>> debug: fault on connection to
> >>> gsiftp://192.168.61.197/home/globususer/tot: an end-of-file
> was reached
> >>> debug: data callback, error an end-of-file was reached, buffer
> >>> 0xb7deb008, length 0, offset=0, eof=true
> >>> debug: operation complete
> >>>
> >>> error: an end-of-file was reached
> >>> globus_xio: An end of file occurred.
> >>>
> >>> The file gets created with 0 bytes.
> >>> Has anyone tried this?
> >>> Attaching the file lcas_voms.mapfile and the voms-proxy-info
> >>>
> >>> Thanks & Regards,
> >>> Vipul Borikar
> >>> CDAC Banglore,India
> >>>
> >>>
> >>
> >
>
>


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Reply via email to