Hii I tried below command voms-proxy-init --voms test_vo_mysql:/test_vo_mysql/Role=VO-Admin --order /test_vo_mysql/ID=100
The command run without any error but I am not getting something like "ID" in the proxy in the way you were asking. If I am not wrong I should get something like below in the proxy: 80:d=8 hl=2 l= 48 cons: cont [ 0 ] 382:d=9 hl=2 l= 46 prim: cont [ 6 ] 430:d=8 hl=2 l= 46 cons: SEQUENCE 4*32:d=9 hl=2 l= 14 prim: OCTET STRING :/test_vo_mysql 448:d=9 hl=2 l= 28 prim: OCTET STRING :/test_vo_mysql/ID=100 478:d=4 hl=4 l= 798 cons: SEQUENCE* But I am not getting like that. Any other way to specify attribute "ID" in the "voms-proxy-init" command??? HOwever, when I tried checking with VOMS-Admin by runnig below command : voms-admin --vo test_vo_mysql list-user-attributes /home/arpit/.globus/usercert.pem I get ID=100 Does that mean I can only specify Roles and capabilities in VOMS using FQAN? The only way to get this experiment working is to somehow include this "ID" attribute in proxy and I am not getting the procedure to do this. Its written in "VOMS-Guide" that you can include Generic attributes in proxy but it doesn't explain how to do this? Anyone having any idea how to include "GENERIC ATTRIBUTES" in the "voms-proxy-init" command???? Thanks Arpit On Thu, Aug 14, 2008 at 6:54 PM, Tom Scavo <[EMAIL PROTECTED]> wrote: > On Thu, Aug 14, 2008 at 3:03 AM, arpit jain <[EMAIL PROTECTED]> wrote: > > > > I have issued following voms-proxy-init: > > voms-proxy-init --voms test_vo_mysql:/test_vo_mysql/Role=VO-Admin > > > > Is there any way to specify attribute "ID" in the "voms-proxy-init" > command? > > I'm no VOMS expert, so I'll have to defer to someone else, but I > believe VOMS is limited to fully qualified attribute names (FQANs) of > the form: > > /vo-name/group-name/Role=some-role/Capability=some-capability > > where the group-name is optional, and some-role and some-capability may be > NULL. > > > I think if I specify "ID" in the "voms-proxy-init" command, then only PIP > > will read it. > > Why speculate? Just do it and see what happens. > > > I have put following lines in Policy file: > > /test_vo_mysql/Role=VO-Admin > > /test_vo_mysql/ID=105 > > This should be very easy to test. Just specify the latter attribute > in the voms-proxy-init command and see if it works. > > > I guess it is reading the PolicyFile correctly but not using the > attributes > > "ID" defined in it to authorize. > > The voms-proxy-init command and the logs you posted indicated there > was no ID attribute in the VOMS proxy, so in that sense the software > is doing exactly what it's supposed to do. > > > I think PIP is taking only > > "/test_vo_mysql/Role=VOAdmin" FQAN from proxy? It is not taking the > > attribute "ID". > > The FQAN listed above is the only attribute in the VOMS proxy, there > was no ID attribute that I could see. > > > Any idea how to do that? > > Specify the ID attribute on the voms-proxy-init command line and rerun > the entire experiment. > > Good luck, > > Tom >
