Hi,
As you said, the latest version of VOMS has problem with multiple roles
which has been fixed, but under certification.
How long will this take for the next release after certification?
Thanks & Regards,
Kakoli
> -----Original Message-----
> From: Vincenzo Ciaschini [mailto:[EMAIL PROTECTED]
> Sent: Thursday, September 18, 2008 9:26 PM
> To: arpit jain
> Cc: Fabian Lambert; [email protected] User; [EMAIL PROTECTED]
> Subject: Re: problem in voms-proxy-init
>
>
> arpit jain wrote:
> > hiii
> >
> > Thanks a TON!!!!!!!!!!!!!
> > So you mean if I want to specify multiple Roles then I have to use VOMS
> > Version 1.7 or less because I guess I can specify multiple Roles with
> > version below 1.7 or less.
> > Please correct me if I am wrong.
> Yes. Or you can use voms 1.8 as soon as the certification succeeds.
>
> Multiple roles are supported in all versions of VOMS, but are subject to
> a bug in the most recent released version. This bug has been fixed, and
> the next version out of certification will once again fully support
> multiple roles.
>
> Ciao,
> Vincenzo
>
> >
> > Thanks once again
> > Arpit
> >
> > On Thu, Sep 18, 2008 at 8:52 PM, Vincenzo Ciaschini <
> > [EMAIL PROTECTED]> wrote:
> >
> >> This bug:
> >> https://savannah.cern.ch/bugs/?39625
> >>
> >> Currently undergoing certification.
> >>
> >> Ciao,
> >> Vincenzo
> >>
> >>
> >> arpit jain wrote:
> >>
> >>> Hii
> >>>
> >>> I just went through the Server log and it is like that:
> >>>
> >>> *Thu Sep 18 20:22:23 2008:192.168.61.197:vomsd[25331]:
> >>> msg="LOG_INFO:STARTUP:Listen (Server.cpp:361):Received
> connection from:
> >>> 192.168.63.92:30360."
> >>> Thu Sep 18 20:22:23 2008:192.168.61.197:vomsd[25331]:
> >>> msg="LOG_INFO:REQUEST:Run (vomsd.cc:598):Starting Executor with pid =
> >>> 25349"
> >>> Thu Sep 18 20:22:23 2008:192.168.61.197:vomsd[25349]:
> >>> msg="LOG_INFO:REQUEST:Run (vomsd.cc:610):Self : /C=IN/O=C-DAC KP
> >>> Bangalore/OU=CTSF/CN=host/vipulb.cdacb.ernet.in"
> >>> Thu Sep 18 20:22:23 2008:192.168.61.197:vomsd[25349]:
> >>> msg="LOG_INFO:REQUEST:Run (vomsd.cc:611):Self CA : /C=IN/O=C-DAC KP
> >>> Bangalore/OU=CTSF/CN=C-DAC KP CA"
> >>> Thu Sep 18 20:22:23 2008:192.168.61.197:vomsd[25349]:
> >>> msg="LOG_INFO:REQUEST:Run (vomsd.cc:618):At: Thu Sep 18 20:22:23 2008.
> >>> Received Contact :"
> >>> Thu Sep 18 20:22:23 2008:192.168.61.197:vomsd[25349]:
> >>> msg="LOG_INFO:REQUEST:Run (vomsd.cc:619): user: /C=IN/O=C-DAC KP
> >>> Bangalore/OU=CTSF/OU=ctsf.cdac.org.in/CN=Shamjith K V"
> >>> Thu Sep 18 20:22:23 2008:192.168.61.197:vomsd[25349]:
> >>> msg="LOG_INFO:REQUEST:Run (vomsd.cc:620): ca : /C=IN/O=C-DAC KP
> >>> Bangalore/OU=CTSF/CN=C-DAC KP CA"
> >>> Thu Sep 18 20:22:23 2008:192.168.61.197:vomsd[25349]:
> >>> msg="LOG_INFO:REQUEST:Run (vomsd.cc:621): serial: 0183"
> >>> Thu Sep 18 20:22:23 2008:192.168.61.197:vomsd[25349]:
> >>> msg="LOG_ERROR:STARTUP:my_recv (globuswrap.c:112):trueres = 1."
> >>> Thu Sep 18 20:22:23 2008:192.168.61.197:vomsd[25349]:
> >>> msg="LOG_ERROR:STARTUP:my_recv (globuswrap.c:112):trueres = 1."
> >>> Thu Sep 18 20:22:23 2008:192.168.61.197:vomsd[25349]:
> >>> msg="LOG_INFO:REQUEST:Execute (vomsd.cc:740):Userid = "4""
> >>> Thu Sep 18 20:22:23 2008:192.168.61.197:vomsd[25349]:
> >>> msg="LOG_INFO:REQUEST:Execute (vomsd.cc:749):Next command :
> >>> B/trial:Normal-user"
> >>> Thu Sep 18 20:22:23 2008:192.168.61.197:vomsd[25349]:
> >>> msg="LOG_INFO:RESULT:Execute (vomsd.cc:970):Request Result: /trial"
> >>> Thu Sep 18 20:22:23 2008:192.168.61.197:vomsd[25349]:
> >>> msg="LOG_INFO:RESULT:Execute (vomsd.cc:970):Request Result:
> >>> /trial/Role=Normal-user"*
> >>>
> >>> As you can see in the last few lines the server is just accepting the
> >>> "Normal-user" role and it is not accepting the second role from user.
> >>>
> >>> What can be the possible reason??
> >>>
> >>> Thanks
> >>> Arpit
> >>>
> >>>
> >>> On Thu, Sep 18, 2008 at 8:04 PM, arpit jain <[EMAIL PROTECTED]>
> >>> wrote:
> >>>
> >>> hiii..
> >>>> My DB is perfectly up-to-date and it is showing 2 roles for that
> >>>> particular
> >>>> user but due to some unknown reason I am not getting those 2 roles in
> >>>> Proxy.
> >>>>
> >>>> Did u find anything wrong in the output of "voms-proy-init" which I
> >>>> mailed
> >>>> you earlier???
> >>>> I saw a thread posted by you regarding the same problem in which you
> >>>> asked
> >>>> to check the version of "VOMS" and then you asked to
> restart the VOMS
> >>>> -Core service. I restarted the Service many times but to no
> effect and
> >>>> the
> >>>> output of
> >>>>
> >>>> [*opt/glite/sbin]./voms -version
> >>>> voms
> >>>> Version: 1.8.3
> >>>> Compiled: May 13 2008 18:35:09
> >>>>
> >>>> *Thanks
> >>>> Arpit
> >>>> *
> >>>>
> >>>> *
> >>>>
> >>>>
> >>>> On Thu, Sep 18, 2008 at 7:55 PM, Vincenzo Ciaschini <
> >>>> [EMAIL PROTECTED]> wrote:
> >>>>
> >>>> arpit jain wrote:
> >>>>> On Thu, Sep 18, 2008 at 7:25 PM, Vincenzo Ciaschini <
> >>>>>> [EMAIL PROTECTED]> wrote:
> >>>>>>
> >>>>>> arpit jain wrote:
> >>>>>>
> >>>>>>> Hii
> >>>>>>>
> >>>>>>>> The reason for using non-standard location for
> certificate is that I
> >>>>>>>> am
> >>>>>>>> using proxy certificate given by MYPROXY Server which
> gets created in
> >>>>>>>> /tmp/x509_u**** instead of globus certificate i.e. usercert.pem.
> >>>>>>>>
> >>>>>>>> The location of vomses file is also non-standard because I have
> >>>>>>>> VOMS-client
> >>>>>>>> i.e. (voms-proxy-init) installed in my HOME directory instead of
> >>>>>>>> /opt/glite/.
> >>>>>>>>
> >>>>>>>> Any other possible reason for not getting the desired result??
> >>>>>>>>
> >>>>>>>> What do you *exactly* have in your DB?
> >>>>>>>>
> >>>>>> *I have Normal-user in my Database so thats not at all a problem.*
> >>>>>>
> >>>>>> What is the *exact* output of voms-proxy-init?
> >>>>>>
> >>>>>> *Output of voms-proxy-init:
> >>>>>>
> >>>>>> voms-proxy-init -debug --voms trial:/trial/Role=Normal-user --voms
> >>>>>> trial:/trial/Role=Developer -out vomsproxy -cert /tmp/x509up_u8085
> >>>>>> -vomses
> >>>>>> /home/tools/shamjit/vomsclient/vomses
> >>>>>>
> >>>>>> Detected Globus version: 22
> >>>>>> Unspecified proxy version, settling on Globus version: 2
> >>>>>> Number of bits in key :512
> >>>>>> Using configuration file /home/tools/shamjit/vomsclient/vomses
> >>>>>> Files being used:
> >>>>>> CA certificate file: none
> >>>>>> Trusted certificates directory : /etc/grid-security/certificates
> >>>>>> Proxy certificate file : vomsproxy
> >>>>>> User certificate file: /tmp/x509up_u8085
> >>>>>> User key file: /tmp/x509up_u8085
> >>>>>> Output to vomsproxy
> >>>>>> Your identity: /C=IN/O=C-DAC KP Bangalore/OU=CTSF/OU=
> >>>>>> ctsf.cdac.org.in/CN=Shamjith K V/CN=proxy/CN=proxy/CN=proxy
> >>>>>> Using configuration file /home/tools/shamjit/vomsclient/vomses
> >>>>>> Using configuration file /home/tools/shamjit/vomsclient/vomses
> >>>>>> Creating temporary proxy to /tmp/tmp_x509up_u8085_29377
> >>>>>> .................++++++++++++
> >>>>>> .........++++++++++++
> >>>>>> Done
> >>>>>> Contacting 192.168.61.197:15000 [/C=IN/O=C-DAC KP
> >>>>>> Bangalore/OU=CTSF/CN=host/vipulb.cdacb.ernet.in] "trial" Done
> >>>>>> Creating proxy to vomsproxy .......................++++++++++++
> >>>>>> ................++++++++++++
> >>>>>> Done
> >>>>>>
> >>>>>> Warning: your certificate and proxy will expire Thu Sep 18 21:55:21
> >>>>>> 2008
> >>>>>> which is within the requested lifetime of the proxy*
> >>>>>>
> >>>>>>
> >>>>>> Remember that group and role names are case sensitive.
> >>>>>>
> >>>>>>> Are you sure the role name is Normal-user ad opposed to,
> for example,
> >>>>>>> Normal-User?
> >>>>>>>
> >>>>>>>
> >>>>>> *I want to know which table in DB associate a User with
> its ROLE?????
> >>>>>>
> >>>>>> The 'groups', 'roles', 'm' and 'usr' tables contain the important
> >>>>> data.
> >>>>>
> >>>>> Ciao,
> >>>>> Vincenzo
> >>>>>
> >>>>> *Thanks
> >>>>>> Arpit*
> >>>>>> *
> >>>>>>
> >>>>>>
> >>>>>> Ciao,
> >>>>>>> Vincenzo
> >>>>>>>
> >>>>>>>
> >>>>>>> Thanks
> >>>>>>>
> >>>>>>>> Arpit
> >>>>>>>>
> >>>>>>>> 2008/9/18 Fabian Lambert <[EMAIL PROTECTED]>
> >>>>>>>>
> >>>>>>>> Hi,
> >>>>>>>>
> >>>>>>>> It is strange because this command work for me...
> >>>>>>>>> Why are you using the -cert parameter, do you store
> your certificate
> >>>>>>>>> in a
> >>>>>>>>> non standard location ? Usually, your X509 certificate should be
> >>>>>>>>> under
> >>>>>>>>> ~/.globus directory.
> >>>>>>>>> Same question for -vomses, you should have some default
> >>>>>>>>> configuration
> >>>>>>>>> file,
> >>>>>>>>> you don't need to specify them.
> >>>>>>>>>
> >>>>>>>>> Maybe should you try only (to use the default configuration...)
> >>>>>>>>> voms-proxy-init -debug --voms trial:/trial/Role=Developer --voms
> >>>>>>>>> trial:/trial/Role=Normal-user -out vomsproxy
> >>>>>>>>>
> >>>>>>>>> On my side I tried this with my VO
> >>>>>>>>> voms-proxy-init --voms atlas:/atlas/Role=AMIManager --voms
> >>>>>>>>> atlas:/atlas/Role=AMIWriter -debug -out vomsproxy
> >>>>>>>>>
> >>>>>>>>> I got (after typing my passphrase), a file vomsproxy
> >>>>>>>>>
> >>>>>>>>> If I do then a
> >>>>>>>>> voms-proxy-info -file vomsproxy --all
> >>>>>>>>>
> >>>>>>>>> I get
> >>>>>>>>>
> >>>>>>>>> subject : <myDN>/CN=proxy
> >>>>>>>>> issuer : <myDN>
> >>>>>>>>> identity : <myDN>
> >>>>>>>>> type : proxy
> >>>>>>>>> strength : 512 bits
> >>>>>>>>> path : vomsproxy
> >>>>>>>>> timeleft : 11:59:21
> >>>>>>>>> === VO atlas extension information ===
> >>>>>>>>> VO : atlas
> >>>>>>>>> subject : <myDN>
> >>>>>>>>> issuer : /DC=ch/DC=cern/OU=computers/CN=lcg-voms.cern.ch
> >>>>>>>>> attribute : /atlas/Role=AMIManager/Capability=NULL
> >>>>>>>>> attribute : /atlas/Role=NULL/Capability=NULL
> >>>>>>>>> attribute : /atlas/lcg1/Role=NULL/Capability=NULL
> >>>>>>>>> attribute : /atlas/fr/Role=NULL/Capability=NULL
> >>>>>>>>> attribute : /atlas/Role=AMIWriter/Capability=NULL
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>> with my two roles.
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>> arpit jain a écrit :
> >>>>>>>>>
> >>>>>>>>> Hii
> >>>>>>>>>
> >>>>>>>>> I tried giving the command the way you suggested:
> >>>>>>>>>> *
> >>>>>>>>>> voms-proxy-init -debug -cert /tmp/x509up_u8085 -out vomsproxy
> >>>>>>>>>> -vomses
> >>>>>>>>>> /home/tools/shamjit/vomsclient/vomses --voms
> >>>>>>>>>> trial:/trial/Role=Developer
> >>>>>>>>>> --voms trial:/trial/Role=Normal-user
> >>>>>>>>>>
> >>>>>>>>>> * but still I am gettting only 1 role i.e. Developer
> (or watever I
> >>>>>>>>>> specify
> >>>>>>>>>> first in the command).
> >>>>>>>>>>
> >>>>>>>>>> Thanks
> >>>>>>>>>> Arpit
> >>>>>>>>>> *
> >>>>>>>>>> *
> >>>>>>>>>> 2008/9/18 Fabian Lambert <[EMAIL PROTECTED] <mailto:
> >>>>>>>>>> [EMAIL PROTECTED]>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>> Hi Arpit,
> >>>>>>>>>>
> >>>>>>>>>> Try
> >>>>>>>>>>
> >>>>>>>>>> voms-proxy-init --voms trial:/trial/Role=Developer --voms
> >>>>>>>>>> /trial/Role=Normal-user
> >>>>>>>>>>
> >>>>>>>>>> and you should get the 2 roles in your VOMS proxy.
> >>>>>>>>>>
> >>>>>>>>>> Cheers
> >>>>>>>>>>
> >>>>>>>>>> Vincenzo Ciaschini a écrit :
> >>>>>>>>>>
> >>>>>>>>>> arpit jain wrote:
> >>>>>>>>>>
> >>>>>>>>>> Hii,
> >>>>>>>>>>
> >>>>>>>>>> I have assigned 2 roles (Developer and
> Normal-user) to my
> >>>>>>>>>> user and now i want multiple roles in my VOMS-proxy
> >>>>>>>>>> certificate using "voms-proxy-init", but I am
> getting only
> >>>>>>>>>> one Role. I am giving the below command:
> >>>>>>>>>>
> >>>>>>>>>> *voms-proxy-init -debug --voms
> >>>>>>>>>> trial:/trial/Role=Developer --order
> /trial/Role=Developer
> >>>>>>>>>> --order /trial/Role=Normal-user -cert /tmp/x509up_u8085
> >>>>>>>>>> -out vomsproxy -vomses
> >>>>>>>>>> /home/tools/shamjit/vomsclient/vomses
> >>>>>>>>>>
> >>>>>>>>>> The above command works fine but I get only 1 role i.e.
> >>>>>>>>>> Developer in my proxy certifcate.
> >>>>>>>>>>
> >>>>>>>>>> *Can someone suggest where I am wrong??
> >>>>>>>>>>
> >>>>>>>>>> There is no --voms:/trial/Role=Normal-user in the
> command line.
> >>>>>>>>>>
> >>>>>>>>>> Ciao,
> >>>>>>>>>> Vincenzo
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>> Thanks
> >>>>>>>>>> Arpit
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
