search

dCache / dcache

dCache - a system for storing and retrieving huge amounts of data, distributed among a large number of heterogenous server nodes, under a single virtual filesystem tree with a variety of standard access methods
https://dcache.org
288 stars 136 forks source link

`explain login` does not understand `op:<OIDC-provider>` as input #7590

Open onnozweers opened 4 months ago

onnozweers commented 4 months ago

I have an OIDC mapping based on OIDC provider:

[root@hedgehog14 /etc/dcache]# grep op:DTEAM multimap.conf 
op:DTEAM   username:dteam uid:14444 group:dteam gid:15555,true

I tried to test this mapping with explain login, but it fails:

[root@hedgehog14 /etc/dcache]# dcache-admin-command gPlazma 'explain login "op:DTEAM"'
(3) java.lang.IllegalArgumentException: No matching class found: op from ac_explain_login_$_1_99

Mappings based on sub work though:

[root@hedgehog14 /etc/dcache]# dcache-admin-command gPlazma 'explain login "oidc:***********************@DTEAM"'
LOGIN FAIL
 |    in: OidcSubjectPrincipal[***********************@DTEAM]
 |   out: OidcSubjectPrincipal[***********************@DTEAM]
....

Perhaps, when someone is going to look into https://github.com/dCache/dcache/issues/7576, this could be implemented at the same time? No hurry.

onnozweers commented 4 months ago

Tested version:

[root@hedgehog14 /etc/dcache]# dcache version
10.0.0-SNAPSHOT

[root@hedgehog14 /etc/dcache]# rpm -q dcache
dcache-10.0.0.96893bc-1.noarch

Built on December 5rd.

And also on this golden release:

[root@dcmain ~]# dcache version
9.2.18