[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Handle-info] Handles that create new handles



Let me make sure I understand.  You had a handle server set up on one machine, your "local computer", and it was working as desired.  You then tried to duplicate the setup on a second machine, your "local server", but this time you aren't able to create new handles authenticated as 55555/user1.  Is that correct?

Which client are you using to try to create the handles?  What machine are you running that client on?  What error message does it give?

One comment about your config.dct, although this isn't causing your problem, as the same config.dct was working on the first machine.  The syntax for a handle administrator is INDEX:HANDLE where HANDLE is PREFIX/SUFFIX.  So 200:0.NA/55555 or 200:55555/ADMIN would make sense.  0.NA:55555/ADMIN does not.  55555/ADMIN without an index is also fine; this means any index of any key in that handle record.  Also, you might consider using "server_admin_full_access" = "yes" if you want server admins to be able to edit any handle record on the server.

Robert

On Jul 25, 2017, at 8:35 AM, Ruiz-Zafra, Angel <a.ruiz-zafra@ucl.ac.uk> wrote:

Hi again Robert, and sorry to bump this thread..

The solution you gave me in this thread it working perfectly. 

So far, I have been using my own computer to deploy local Handle server. For research purposes, I'm moving the Handle server installation from my computer to a local server (it's just for research/test purposes) and everything works fine (deployment, login, admintools, etc), EXCEPT the possibility to create new handles by other handles identified as HS_ADMIN in the 0.NA/55555 handle (55555 is my test-prefix), basically that you explained in this thread.

I have an automatic process to construct the Handle structure (0.NA/55555, 55555/creators, etc) and, after the full Handle structure is created, in my local computer I'm able to create new handles with the handles that are in 200:55555/creators (e.g. 300:55555/user1). But, doing the same process (with the same software) in my local server, I do not why, it is not possible to create new handles with the handles that are in 200:55555/creators. In this case, in my local computer, being identified as 55555/user1 I can create new handles, but in my local server I cannot.

The rest of Handle services works fine (manage handles with server admin, login through REST api, etc)..the only issue is about the 0.NA/55555 HS_ADMIN records..

I have checked the config.dct files (are equals, except the ip address), I have created in the .handle dir of my local server the local_nas file (to avoid GHR), etc. In addition, I tried a new Handle installation from scratch (instead copy hsj and svr_1 folders) but it is exactly the same...

I guess I'm missing some configuration parameter in some file...but I have no idea what is missing.

Any idea?.

Thanks in advance and best regards.

P.S. Below are the configuration text from config.dtc file:
--> Inside server_config block:

 "server_admin_full_access" = "no"
    "allow_na_admins" = "yes"
    "anonymous_admin_full_access" = "no"

 "server_admins" = (
      "0.NA:55555/ADMIN"
      "55555/ADMIN"
    )

    "replication_admins" = (
      "0.NA:55555/ADMIN"
    )

"auto_homed_prefixes" = (
      "0.NA/55555"
    )
--> Inside the local_nas file (.handle/local_nas) there is just a * 
--> In the DB, in the nas table: 0.NA and 0.NA/55555
--> In the DB, in the handles table: 0.NA/55555 , 55555/ADMIN, 55555/creators, etc etc













De: Robert Tupelo-Schneck <schneck@cnri.reston.va.us>
Enviado: jueves, 15 de junio de 2017 19:35:18
Para: Ruiz-Zafra, Angel
Cc: handle-info@cnri.reston.va.us
Asunto: Re: [Handle-info] Handles that create new handles
 
Authorization is controlled by HS_ADMIN values.  If you want users to be able to create handles starting with 55555/, then that can be controlled by an HS_ADMIN value on 0.NA/55555, specifying which users have "create handle" permissions.  Now, you presumably need to have CNRI (or other prefix administrator) change the prefix handle 0.NA/55555; but it could be set up so that the HS_ADMIN on 0.NA/55555 specifies that 200:55555/creators has "create handle" permission.  Then you can add users to an HS_VLIST at index 200 in 55555/creators.

Robert

On 2017-06-15, at 10:08, Ruiz-Zafra, Angel <a.ruiz-zafra@ucl.ac.uk> wrote:

Hi there!

I'm developing a web-plataform where authorised users (handles) must create different new elements that basically are new handles, and these new handles should be able to create/update handles. 

Basically what I'm trying to do is, for instance: I have a handle (55555/admin) that should be authorised by a secret key (HS_SECKEY). When its authorised (login+password), using the REST API I want to create new handles that represent new users for example (55555/user1, 55555/user2) with their own HS_VLIST, HS_SECKEY, etc. 

These new handles (55555/user1, 55555/user2) will be users that will be able to create a new handles (55555/element1, 55555/element2) or update information in some handles where they are authorised (checking the HS_VLIST). That is, I need Handles that can create new Handles (using REST API) without being in the config file as server admins.

I have been "playing" with the config file, changing the parameters/values, and with the admin tool, but I didn't find the way to do it...

Any idea?

Thanks and best regards!

_______________________________________________
Handle-Info mailing list
Handle-Info@cnri.reston.va.us
http://www.handle.net/mailman/listinfo/handle-info

_______________________________________________
Handle-Info mailing list
Handle-Info@cnri.reston.va.us
http://www.handle.net/mailman/listinfo/handle-info

_______________________________________________
Handle-Info mailing list
Handle-Info@cnri.reston.va.us
http://www.handle.net/mailman/listinfo/handle-info