------------------------------------------------------------------------------------
Publication from : Roberto Santinelli 7735 <[log in to unmask]> (CERN)
This mail has been sent using the broadcasting tool available at http://cic.in2p3.fr
------------------------------------------------------------------------------------
Hello,
according the LHCb VO-card updated on the CIC portal, LHCb do use VOMS groups instead of Roles (as Atlas and CMS do) for mapping users to the special lhcbprod or lhcbsgm local accounts. The currently deployed default configuration of YAIM (groups.conf) doesn;t support this model but rather:
[root@ce101 root]# grep lhcb /opt/edg/etc/lcmaps/gridmapfile
\"/VO=lhcb/GROUP=/lhcb/ROLE=lcgadmin/Capability=NULL\" lhcbsgm
\"/VO=lhcb/GROUP=/lhcb/ROLE=lcgadmin\" lhcbsgm
\"/VO=lhcb/GROUP=/lhcb/ROLE=production/Capability=NULL\" lhcbprd
\"/VO=lhcb/GROUP=/lhcb/ROLE=production\" lhcbprd
\"/VO=lhcb/GROUP=/lhcb/Role=NULL/Capability=NULL\" .lhcb
\"/VO=lhcb/GROUP=/lhcb\" .lhcb
A correct behavior for LHCb would imply these further lines in the LCMAPS gridmap file:
\"/VO=lhcb/GROUP=/lhcb/sgm/Role=NULL/Capability=NULL\" lhcbsgm:
\"/VO=lhcb/GROUP=/lhcb/lcgprod/Role=NULL/Capability=NULL\" lhcbprd:
that may be easily achieved by adding to the groups.conf file before the other lines for LHCb the following two lines :
\"/VO=lhcb/GROUP=/lhcb/sgm/ROLE=NULL\":::sgm:
\"/VO=lhcb/GROUP=/lhcb/lcgprod/ROLE=NULL\":::prd:
And then rerun at least YAIM\'s config_mkgridmap:
/opt/glite/yaim/scripts/run_function your_site_info.def config_mkgridmap
|