On Wed, Aug 13, 2008 at 2:21 AM, arpit jain <[EMAIL PROTECTED]> wrote: > > even if I put something like > /test_vo_mysql/Role=VO-Admin > ID = 105(instead of 100) > > I am able to access the service. > So I am not able to understand why this attribute is not making any effect > in the authorization?
Did you check the logs? What attributes is the PIP finding in the proxy? > I checked the "openssl" command and it shows ID there as below: > > 0000 - 30 52 30 50 30 4e 30 30-86 2e 74 65 73 74 5f 76 0R0P0N00..test_v > 0010 - 6f 5f 6d 79 73 71 6c 3a-2f 2f 41 72 70 69 74 6a > o_mysql://Arpitj > 0020 - 61 69 6e 2e 63 64 61 63-62 2e 65 72 6e 65 74 2e > ain.cdacb.ernet. > 0030 - 69 6e 3a 31 35 30 30 30-30 1a 30 18 04 02 49 44 > in:150000.0...ID > 0040 - 04 03 31 30 30 04 0d 74-65 73 74 5f 76 6f 5f 6d > ..100..test_vo_m > 0050 - 79 73 71 6c ysql No, I'm looking for a sequence like 289:d=4 hl=2 l= 88 cons: SEQUENCE 291:d=5 hl=2 l= 86 cons: SEQUENCE 293:d=6 hl=2 l= 10 prim: OBJECT :1.3.6.1.4.1.8005.100.100.4 305:d=6 hl=2 l= 72 cons: SET 307:d=7 hl=2 l= 70 cons: SEQUENCE 309:d=8 hl=2 l= 33 cons: cont [ 0 ] 311:d=9 hl=2 l= 31 prim: cont [ 6 ] 344:d=8 hl=2 l= 33 cons: SEQUENCE 346:d=9 hl=2 l= 31 prim: OCTET STRING :/test_vo_mysql/Role=VO-Admin (I just made that up, so the numbers aren't quite right, but you get the idea) Tom
