The CN should be the complete OpenID, https://{openid-sever}/esgf-idp/openid/{username}. This is found by querying the database with a Java application, which is called from a script at /esg/config/myproxy/myproxy-certificate-mapapp. Manually running this script from /usr/local/globus/bin reports the following error:
An error occurred: java.lang.Exception: Openid Query Failed: org.postgresql.util.PSQLException: ERROR: permission denied for schema esgf_security
Position: 29
It was discovered that the database user being used is the low-privilege user, where as in 2.x, the database user being used is the database super user. It is supposed to be referencing the db.user property in the /esg/config/esgf.properties file and uses the following command.
postgress_user=$(sed -n 's@^[^#]*[ ]*db.user[ ]*=[ ]*\(.*\)$@\1@p' ${ESGF_HOME}/config/esgf.properties | head -n1)
Where ESGF_HOME is /esg. This resolves to the low privilege user because /esg/config/esgf.properties contains
...
publisher.db.user = {low privilege user}
...
db.user = {the super db user}
...
Note this is related #482 which proposes to change the /esg/config/myproxy/myproxy-certificate-mapapp to a standalone python script which makes the query itself.
The CN should be the complete OpenID,
https://{openid-sever}/esgf-idp/openid/{username}
. This is found by querying the database with a Java application, which is called from a script at/esg/config/myproxy/myproxy-certificate-mapapp
. Manually running this script from/usr/local/globus/bin
reports the following error:It was discovered that the database user being used is the low-privilege user, where as in 2.x, the database user being used is the database super user. It is supposed to be referencing the
db.user
property in the/esg/config/esgf.properties
file and uses the following command.Where
ESGF_HOME
is/esg
. This resolves to the low privilege user because/esg/config/esgf.properties
containsNote this is related #482 which proposes to change the
/esg/config/myproxy/myproxy-certificate-mapapp
to a standalone python script which makes the query itself.