You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Following a user report, we have found that when a user accesses xroot via a VOMS proxy certificate that includes a VOMS role, the X509 plugin seems to require that a mapping be defined on the server side for that role.
Failure to provide a mapping results in the plugin to map the user to a default uid = 99 (i.e. 'nobody'), as can be seen in this log excerpt:
160115 13:19:48 time=1452860388.430486 func=GetIdMapping level=WARN logid=1267d8fe-bb7a-11e5-a0f5-c860001bd8b2 unit=rdr@c2public-1.cern.ch:1094 tid=139751941015296 source=XrdxCastor2Fs:1841 tid
ent=dirac.31411:74@voilcdiractest04 msg="no passwd struct found for role=dirac"
160115 13:19:48 time=1452860388.430564 func=GetIdMapping level=DEBUG logid=1267d8fe-bb7a-11e5-a0f5-c860001bd8b2 unit=rdr@c2public-1.cern.ch:1094 tid=139751941015296 source=XrdxCastor2Fs:1846 tid
ent=dirac.31411:74@voilcdiractest04 msg="role=dirac -> uid/gid=99/99"
Shouldn't the appropriate behavior instead be to ignore the role and map the user according to the loaded gridmap file? Can you please check the code?
The text was updated successfully, but these errors were encountered:
it appears the error is coming from one of the CERN-specific plugins (not maintained by the Xrootd team). Sorry, I don't think this project would be able to help.
Following a user report, we have found that when a user accesses xroot via a VOMS proxy certificate that includes a VOMS role, the X509 plugin seems to require that a mapping be defined on the server side for that role.
Failure to provide a mapping results in the plugin to map the user to a default uid = 99 (i.e. 'nobody'), as can be seen in this log excerpt:
Shouldn't the appropriate behavior instead be to ignore the role and map the user according to the loaded gridmap file? Can you please check the code?
The text was updated successfully, but these errors were encountered: