DIRAC icon indicating copy to clipboard operation
DIRAC copied to clipboard
verified publisher icon DIRACGrid

VOMS2CSAgent do not remove OLD certificate

Open closier opened this issue 4 years ago • 1 comments

If a user get a new certificate regstered in VOMS, it is properly added to the DIRAC CS. But if one of the two CERTIFICATE is remove from VOMS, it is NOT remove by the agent in the DIRAC CS.

you can check the example of username = desimone

closier avatar Nov 11 '21 10:11 closier

This is due to users being in groups with no VOMS roles. These groups are considered by the sync client as being from another VO

https://github.com/DIRACGrid/DIRAC/blob/8712bd01e9b38f0625ed8eaf0fc6b4eed2b156be/src/DIRAC/ConfigurationSystem/Client/VOMS2CSSynchronizer.py#L471-L475

Not too sure what to do here. I guess normally these would be dirac only groups, so the DN is not relevant ,and we could remove it. But there may be other cases

chaen avatar Nov 16 '21 13:11 chaen