Registering your DN in LRZ-SIM
LRZ needs to register the certificate's unique identification string and associate it with your user account. This needs to be done only once. LRZ users who already have an LRZ account which they now want to use with Grid middleware have to perform this step. Other users or if you do not yet have an LRZ account should send an email to firstname.lastname@example.org with your user account, which machine you want to use, and your Distinguished Name (DN), which is given in the row under "Standard RFC 2253 Format" in the "GridShib CA" web page which you see when you have logged into SLCS page.
Now here is the self service procedure for LRZ users with LRZ account:
- You have to log into the LRZ Id Portal with your LRZ SIM account and LRZ SIM account password. For TUM and LMU users: please use your TUM or LMU credentials. You will have to do this only once!
- You go to Self Services.
- You click on Kennungsdaten anzeigen (in the menue on the left).
- If you own multiple accounts, select the account for which you want to enable Grid access.
- You click on ZertifikatsDN eintragen/ändern (in the top row of selections)
- You enter your DN in "Standard RFC 2253 Format" which you found on the "GridShib CA" web page. There is an example for the form of the DN. You do not need double quotes ("), but you must include the complete DN, including any number and email-like string in your CN. (For Grid experts: the DN is in reverse order compared to the format used in the Globus grid-mapfile). Example: CN=Martin Mustermann - email@example.com,OU=Leibniz-Rechenzentrum,OU=SLCS,O=GridGermany,C=DE
- You click on ZertifikatsDN speichern.
- You are done!
After this it will take a little while (up to several hours) for the DN to propagate to your target machine. Then you can use your account with Grid middleware, like gsissh, Grid-FTP, and GRAM.