Hi all --
I have a GCSv5 managed server I run at NIST, and have finally gotten to the point where I want a user to be able to create a new collection, but our first cut at this has failed.
After consenting to allow the Collections app to use his ID, as part of the collection creation dialog on the website, the user gets an error page, "Unable to load information from https://<hex>.
dn.glob.us/api/v1/polcies". The hex string matches the first part of the server ID on the Globus page for the server endpoint, so what it's trying to do is reasonable.
I think I have the permissions set up correctly -- server endpoint is "public", the logged-in user can navigate to it, and start the "create a guest collection" dialog. There is a POSIX storage-manager connector on the server, with a domain restriction, and the user's Globus ID is linked to an e-mail address from that domain. Also, the user ID part of that e-mail address is a username on the system, and the passwd entry for that user is present on the main system and in the chroot. As a precaution, the globus-gridftp-manager service was restarted after this user was added, I'm not sure if that's really required.
I think this is the same workflow I've used previously to create test collections on the system, but in that case, there was potential confusion because I am also the admin on the endpoint, whereas in the failed attempt, the user is not an admin, but meets the requirements for collection creation otherwise.
What am I missing?
-- A.
--