-
|
Hello, When a user wants to renew grid certificate, sometimes simple replacement brings trouble in several DIRAC sub systems. So probably we better to keep both old and new certificates for a while, but usually user job cleanup happens some time later, then that old cert might be expired. Furthermore I heard IAM does not allow multiple certificates for user... So I wonder what is better way to manage certificate replacement. For Waiting jobs, is it safe to replace OwnerDN with new one, in JobDB? Anyways, these operations require direct DB manipulation...perhaps do we already have such command or API? Best Regards, |
Beta Was this translation helpful? Give feedback.
Replies: 3 comments 1 reply
-
|
Hello, Hideki, Why DN changes after receiving new certificate? I ask because, my DN has the following form: /C=RU/O=RDIG/OU=users/OU=jinr.ru/CN=Igor Pelevanyuk and it is the same for almost 8 years. Kind regards, |
Beta Was this translation helpful? Give feedback.
-
|
There are several cases to change DN.
Here is recent our Italian colleague case: |
Beta Was this translation helpful? Give feedback.
-
|
We have already seen this: #5355 |
Beta Was this translation helpful? Give feedback.
-
|
Thanks a lot! Given links are also helpful for us. Cheers, |
Beta Was this translation helpful? Give feedback.
We have already seen this: #5355
I have also started a PR (#6566) that would sort out this issue once for all, but it is targeting version v8.1 and until that point the only way out is a manual intervention in the DB.