gLite > gLite 3.2 > glite-VOMS_mysql > Update to glite-VOMS_mysql 3.2.0-3.sl5  



gLite 3.2

glite-VOMS_mysql - Update to version 3.2.0-3.sl5

Date 03.05.2010
Priority Normal



First VOMS Admin release in SL5

This release provides many new features, like:

  • support for multiple certificate per user
  • support for versioned Acceptable Usage Policies management
  • membership suspension/expiration/renewal
  • support for user requests for group membership, role assignment, membership removal
  • support for one click operations (delete, suspend, restore) on multiple users

It is also the first release of VOMS Core in SL5. The main new feature is that it allows clients for it to be written without depending on the globus libraries anymore.

This release includes also a new version of the Trustmanager. Trustmanager and util-java are user for X509 authentication purposes by VOMS-Admin web application and services, therefore a new version of util-java fixing a bug related with the Trustmanager has been included also in this release.

Before running yaim, mysql should be started and configured (at least set the root password).

In order to use the voms-admin cli you may need to: source /etc/profile.d/

Check the updated user guide on

To upgrade an existing gLite VOMS 3.1 installation, follow the instructions of the upgrade guide

Patch #3726: Trustmanager workaround for JDK 1.6 EC SSL handshake mess

Workaround that disables the ECDH ciphers on tomcat so that the JDK 1.6 problems don't happen. Small fix for logging in util-java.

See patch #3313 for the more important changes.

Patch #3869: Util-java update

Fix for hierarchical CA namespace handling, previously only the root CA namespace was taken into account, now CA cert's or user cert's first parent namespace definition is used.

New trustmanager factory class, which is used inside contextwrapper. It only creates one trustmanager if the trust directory (and crlrequired) configuration on consecutive calls is the same. First call creates one trustmanager and subsequent calls use the same instance. This cuts down considerably the file reads, class creation, memory footprint, delays etc.

RFC2253 DNs generated by new methods in DN* classes and new DNImpl RFC2253 class now produce proper reversed FTC2253 DNs like defined in RFC2253, meaning they start with "CN" rdn and end with "C" rdn if present. Old methods are present and work as before, but are deprecated.

Also SecurityContext.getAuthorizedAttributes method is put back for FTS test servlet.

See also patch #2624 for important configuration changes, patch #3313 for updates and patch #3726 for a small fix.

Patch #3888: BDII release 5.0.8

The version handles the IOError exception that occasionally causes the BDII update process to die.

Patch #3767: [ yaim-core ] yaim-core 4.0.12 SL5/x86_64

New release of yaim core containing a set of bug fixes and new features:

  • Can now configure the GSI callout to call the ARGUS PEP client.
  • Avoid mistakenly removing all the services from gLiteservices file.
  • Fix GLOBUS_TCP_PORT_RANGE setting on the SL5 tarball UI.
  • Correct unset for shell functions in
  • Make config_bdii_only return non zero in case of error
  • Fixes for installing the UI tarball on CernVM.
  • Allow general use of the 'nickname' field in the VOMSES settings.
  • Add yaim core RPM dependency on perl
  • Allow use of pool accounts with up to 4 digits
  • Fix manipulation when running a single yaim function
  • Fix gridmap dir group on WMS
  • Change the CE_INBOUNDIP and CE_OUTBOUNDIP defaults in site-info.def to be valid and imply the correct (upper) case.
  • Call setup-openssl for VDT 1.10.
This update fixes various bugs. For the full list of bugs, please see list below.

Fixed bugs

Number Description
 #3142 Internal patch for SL5/x86_64 voms
 #3726 Trustmanager workaround for JDK 1.6 EC SSL handshake mess
 #3767 [ yaim-core ] yaim-core 4.0.12 SL5/x86_64
 #38150 vom(r)s convergence: Extend member status in voms-admin
 #38151 vom(r)s convergence: Implement member institutional expiration in voms-admin
 #3869 Util-java update
 #3888 BDII release 5.0.8
 #43127 vom(r)s convergence: implement in voms-admin VO membership expiration bound to AUP version
 #43129 vom(r)s convergence: implement in voms-admin an authorisation-aware web UI
 #43130 vom(r)s convergence: multiple certificate support
 #43189 vom(r)s convergence: allow user to request his/her inclusion in a Group/Role in voms-admin
 #43264 vom(r)s convergence: voms-admin to keep user Registration Data in the VOMS database
 #51657 [VOMS-ADMIN] delete-user does not treat Email= and emailAddress= as equivalent
 #54613 [VOMS Admin] voms-admin-configure ignores --dbhost option when configuring mysql VO
 #54614 [VOMS Admin] voms-admin-configure should not try to create an administrator if the --skip-database option is set
 #56065 voms-admin email notification behaviour should be configurable
 #58656 [VOMS-ADMIN-2.5] Unique GAs handling exception
 #59918 [VOMS-ADMIN-2.5] NullPointerException during group creation with slash in the name
 #59919 [VOMS-ADMIN-2.5] No warning when creating a group in a read-only context
 #59985 [VOMS-ADMIN-2.5-CLI] 'ALL' permission resolution
 #60256 [VOMS-ADMIN-2.5] Unhandled UserAlreadyExists Exception
 #60264 [VOMS-ADMIN-2.5] Uncought IllegalArgumentException on request confirm
 #60265 [VOMS-ADMIN-2.5] Other VOs list not complete
 #60296 [VOMS-ADMIN-2.5] Database session problems when wrong request confirmation parameters are submitted
 #60308 [VOMS-ADMIN-2.5] It is not possible to remove an AUP which has acceptance records
 #60313 [VOMS-ADMIN-2.5] Trigger reacceptance work only for the predefined AUP
 #60314 [VOMS-ADMIN-2.5] Links in user AUP acceptance history displaying same AUP
 #60328 [VOMS-ADMIN-2.5-CLI] remove-certificate does not work
 #60329 [VOMS-ADMIN-2.5-CLI] Not possible to restore a certificate from the command line
 #60337 [VOMS-ADMIN-2.5] Locks held on access denied when processing membership requests
 #60483 [VOMS-ADMIN 2.5] Unhandled exception when deleting groups containing subgroups & locks held
 #60517 [VOMS-ADMIN-2.5] Unhandled exception when adding ACL entry
 #60600 [VOMS-ADMIN-2.5] Problems with groups and roles having special characters in the name
 #60604 [VOMS-ADMIN-2.5] Error adding a default ACL for a group
 #61292 VOMS Admin 2.0.7 Client fails with some (non-ASCII?) characters

Updated rpms

Name Version Full RPM name Description
bdii 5.0.8-1 bdii-5.0.8-1.noarch.rpm bdii
bouncycastle-glite 1.42-3.jdk5 bouncycastle-glite-1.42-3.jdk5.noarch.rpm Bouncy Castle Crypto Package for Java
fetch-crl 2.7.0-2 fetch-crl-2.7.0-2.noarch.rpm Tool for periodic retrieval of Certificate Revocation Lists
glite-info-generic 2.0.2-5 glite-info-generic-2.0.2-5.noarch.rpm glite-info-generic
glite-info-provider-service 1.2.2-0 glite-info-provider-service-1.2.2-0.noarch.rpm glite-info-provider-service
glite-info-templates 1.0.0-11 glite-info-templates-1.0.0-11.noarch.rpm glite-info-templates
glite-security-trustmanager 2.5.5-1 glite-security-trustmanager-2.5.5-1.noarch.rpm v. 2.5.5-1
glite-security-util-java 2.7.1-1 glite-security-util-java-2.7.1-1.noarch.rpm Security utilities
glite-security-voms 1.9.17-1.sl5 glite-security-voms-1.9.17-1.sl5.x86_64.rpm v.
glite-security-voms-admin-client 2.0.14-1 glite-security-voms-admin-client-2.0.14-1.noarch.rpm
glite-security-voms-admin-server 2.5.3-1 glite-security-voms-admin-server-2.5.3-1.noarch.rpm v. 2.5.3-1
glite-security-voms-clients 1.9.17-1.sl5 glite-security-voms-clients-1.9.17-1.sl5.x86_64.rpm v. 1.9.17_1
glite-security-voms-mysql 3.1.3-2.sl5 glite-security-voms-mysql-3.1.3-2.sl5.x86_64.rpm v.
glite-security-voms-server 1.9.17-1.sl5 glite-security-voms-server-1.9.17-1.sl5.x86_64.rpm v.
glite-version 3.2.2-1 glite-version-3.2.2-1.noarch.rpm Shows version information for the installed gLite node types
glite-VOMS_mysql 3.2.0-3.sl5 glite-VOMS_mysql-3.2.0-3.sl5.x86_64.rpm Glite VOMS mysql Metapackage
glite-yaim-core 4.0.12-1 glite-yaim-core-4.0.12-1.noarch.rpm YAIM core package
glite-yaim-voms 1.0.3-1 glite-yaim-voms-1.0.3-1.noarch.rpm glite-yaim-voms module configures the VOMS server.
glue-schema 2.0.3-1 glue-schema-2.0.3-1.noarch.rpm LDAP schema files for the GLUE Schema
gpt 3.2autotools2004_NMI_9.0_x86_64_rhap_5-1 gpt-3.2autotools2004_NMI_9.0_x86_64_rhap_5-1.x86_64.rpm The Grid Packaging Toolkit (GPT)
vdt_globus_essentials VDT1.10.1x86_64_rhap_5-4 vdt_globus_essentials-VDT1.10.1x86_64_rhap_5-4.x86_64.rpm Virtual Data Toolkit
ZSI 2.0-1 ZSI-2.0-1.noarch.rpm zsi v. 2.0

The RPMs can be updated using yum via

Service reconfiguration after update

Service must be reconfigured.

Service restart after update

Service must be restarted.

How to apply the fix

  1. Update the RPMs (see above)
  2. Update configuration (see above)
  3. Restart the service if necessary (see above)