Yves Coppens wrote:
Hi Yves,
- Do you know how the gatekeeper decides whether to use
/etc/grid-security/grid-mapfile or /opt/edg/etc/lcmaps/gridmapfile ?
- If a user as a role that is not specified in the
/opt/edg/etc/lcmaps/gridmapfile does the gatekeeper fallback on the
mapping for the user without roles. For example if we don't have
specific lhcbprd accounts and lcmaps mapping will they be mapped to lhcb ?
Cheers, Olivier.
> Hi,
>
> There has been a follow up on this in "the New YAIM groups.conf file for
> LHCb (Errata Corrige)" thread in ROLLOUT.
>
> I've copied the relevant message below.
>
> Yves
>
> <--
> Sorry for flooding your mail boxes,
>
> as Cristina correctly pointed out the lines to add on the
> groups.conf files (and that we had test at that time here at CERN too)
>
> were:
>
> "/VO=lhcb/GROUP=/lhcb/sgm":::sgm:
> "/VO=lhcb/GROUP=/lhcb/lcgprod":::prd:
>
> and not
> "/VO=lhcb/GROUP=/lhcb/sgm/Role=NULL/Capability=NULL\" lhcbsgm:
> "/VO=lhcb/GROUP=/lhcb/lcgprod/Role=NULL/Capability=NULL\" lhcbprd:
>
> as originally stated (it was a typo)...
>
> This is exactly what LHCb would like to have at each site.
>
> Thanks again for your support and comprehension
>
> R.
> -->
>
> On Mon, 18 Sep 2006, Alessandra Forti wrote:
>
>> Hello,
>>
>> Lhcb is having user mapping problems (see below). It explains why they
>> keep on using unwillingly lhcbsgm for production.
>>
>> Below there's the explanation and recipe to hopefully correct this
>> behaviour. Could you please apply it so they can have a uniform mapping?
>>
>> cheers
>> alessandra
>>
>>
>> -------- Original Message --------
>> Subject: New YAIM groups.conf file for LHCb
>> Date: Mon, 18 Sep 2006 14:50:33 +0200 (MEST)
>> From: EGEE BROADCAST <[log in to unmask]>
>> To: [log in to unmask], [log in to unmask],
>> [log in to unmask], [log in to unmask], [log in to unmask],
>> [log in to unmask], [log in to unmask],
>> [log in to unmask], [log in to unmask],
>> [log in to unmask]
>>
>>
>> ------------------------------------------------------------------------------------
>> Publication from : Roberto Santinelli 7735 <[log in to unmask]>
>> (CERN)
>> This mail has been sent using the broadcasting tool available at
>> http://cic.in2p3.fr
>> ------------------------------------------------------------------------------------
>>
>> Hello,
>>
>> according the LHCb VO-card updated on the CIC portal, LHCb do use VOMS
>> groups instead of Roles (as Atlas and CMS do) for mapping users to the
>> special lhcbprod or lhcbsgm local accounts. The currently deployed
>> default configuration of YAIM (groups.conf) doesn;t support this model
>> but rather:
>> [root@ce101 root]# grep lhcb /opt/edg/etc/lcmaps/gridmapfile
>> \"/VO=lhcb/GROUP=/lhcb/ROLE=lcgadmin/Capability=NULL\" lhcbsgm
>> \"/VO=lhcb/GROUP=/lhcb/ROLE=lcgadmin\" lhcbsgm
>> \"/VO=lhcb/GROUP=/lhcb/ROLE=production/Capability=NULL\" lhcbprd
>> \"/VO=lhcb/GROUP=/lhcb/ROLE=production\" lhcbprd
>> \"/VO=lhcb/GROUP=/lhcb/Role=NULL/Capability=NULL\" .lhcb
>> \"/VO=lhcb/GROUP=/lhcb\" .lhcb
>>
>> A correct behavior for LHCb would imply these further lines in the
>> LCMAPS gridmap file:
>> \"/VO=lhcb/GROUP=/lhcb/sgm/Role=NULL/Capability=NULL\" lhcbsgm:
>> \"/VO=lhcb/GROUP=/lhcb/lcgprod/Role=NULL/Capability=NULL\" lhcbprd:
>>
>> that may be easily achieved by adding to the groups.conf file before the
>> other lines for LHCb the following two lines :
>>
>> \"/VO=lhcb/GROUP=/lhcb/sgm/ROLE=NULL\":::sgm:
>> \"/VO=lhcb/GROUP=/lhcb/lcgprod/ROLE=NULL\":::prd:
>>
>> And then rerun at least YAIM\'s config_mkgridmap:
>> /opt/glite/yaim/scripts/run_function your_site_info.def config_mkgridmap
>>
>>
>>
>>
--
- O. van der Aa - Imperial College London -
- LT2 Technical Coordinator -
- tel: +442075947810, +442071005426 -
- SIP: [log in to unmask] -
- fax: +442078238830 -
- http://surl.se/agtu -
|