[AG-DEV] args for AddSubjectToRole
Susanne Lefvert
lefvert at mcs.anl.gov
Wed Aug 10 11:19:25 CDT 2005
Hello Mike,
Looks like you have found a bug. We are working to fix this for the 2.4
release. The most reliable way to modify security for the 2.3 release is
to use the AuthorizationManagerIW.ImportPolicy() method. You can find an
example of that in AccessGrid\Security\wxgui\AuthorizationUI.py (the ui
that is shown in venue management for modifying the security policy for
the venue server and venues)
Hope this helps,
Susanne
On Fri, 5 Aug 2005, Michael Miller wrote:
> The AGtk API states:
> ||AddSubjectToRole|
> <http://www-unix.mcs.anl.gov/fl/research/accessgrid/documentation/developer/api/public/AccessGrid.Security.AuthorizationManager.AuthorizationManagerIW-class.html#AddSubjectToRole>(self,
> subj, role)
>
> I understood the DN and Subject to be the same thing, in fact comparing
> what I see listed as the Subject when viewing the cert in the
> CertificateManager and what is printed from:
>
> print participant.GetDistinguishedName()
>
> they are equal. Yet when I try this:
> |
> self.am.AddSubjectToRole(participant.GetDistinguishedName(), EUrole)
>
> The server complains that the Subject is invalid:
> *** Method
> Venues:000001057e445360008d008e00420092d61:Authorization:AddSubjectsToRole
> exception
> Traceback (most recent call last):
> File "/usr/lib/python2.3/site-packages/SOAPpy/Server.py", line 407, in
> do_POST fr = apply(f, ordered_args, named_args)
> File
> "/usr/lib/python2.3/site-packages/AccessGrid/Security/AuthorizationManager.py",
> line 775, in AddSubjectsToRole
> role.AddSubject(subject)
> File "/usr/lib/python2.3/site-packages/AccessGrid/Security/Role.py",
> line 195, in AddSubject
> raise InvalidSubject
> InvalidSubject
>
> So what am I doing wrong?
>
> --
> Thanx,
>
> Michael Miller
> System Engineer
> Video Technology Services
> Persistent Infrastructure Directorate
> National Center for Supercomputing Applications
> University of Illinois - UC
> 217-649-0747
>
> "If you're clear in your vision and trust the people in your team with clear objectives, they will invariably do their best to achieve everything desired, and usually deliver everything you could have hoped for and even more." -Paul Debevec
>
>
More information about the ag-dev
mailing list