> > 1. In /opt/glite/etc/lcmaps/lcmaps.db change the order of the "withvoms"
> > and "standard" sections. Beware the file is written by YAIM.
> >
> > 2. Put your local users in /opt/edg/etc/grid-mapfile-local with their
> > desired mappings. Note 1: each user will have exactly 1 mapping,
> > that is the limitation of the classic grid-mapfile.
> > Note 2: a pool account mapping will be overridden by a mapping to
> > a static account, if any. For example, if grid-mapfile-local maps
> > a DN to ".lipcms" and edg-mkgridmap.conf maps that DN to "cmssgm",
> > the latter mapping wins!
> > To avoid that: in /opt/edg/etc/edg-mkgridmap.conf comment out the
> > lines for CMS. Beware the file is written by YAIM.
>
> In fact, you will need to comment out _all_ lines in edg-mkgridmap.conf!
Except the one with /opt/edg/etc/grid-mapfile-local, of course... :-)
> Otherwise the DN mapping will also take precedence for other users,
> while normally the mapping should be according to VOMS attributes.
>
> > 3. Run the commands in /etc/cron.d/edg-mkgridmap and
> > /etc/cron.d/lcg-ce-mkgridmap manually and check the resulting
> > contents of /etc/grid-security/grid-mapfile.
|