Christian Neissner wrote:
> I applied the modifications given below, but the mapping is still not working. However, a brute force mapping is possible by changing the line of the desired DN in /etc/grid-security/grid-mapfile on the WMS. E.g.
>
> "/DC=es/DC=irisgrid/O=pic/CN=example-name" .dteam
>
> to
>
> "/DC=es/DC=irisgrid/O=pic/CN=example-name" dteam018
If pool accounts do not work on the WMS:
- does /etc/grid-security/gridmapdir have entries for all of them?
- is /etc/grid-security/gridmapdir writable for user "glite"?
drwxrwxr-x 2 root glite 24576 Jun 6 18:39 /etc/grid-security/gridmapdir/
> It's not the solution we are looking for, but at least the jobs sent to the WMS now reach the gliteCE as well....
>
> Cheers,
> Christian.
>
> On Tue, 12 Jun 2007 15:53:18 +0200, Maarten Litmaath
>
>>/etc/grid-security/grid-mapfile for DTEAM
>>(if you use pool accounts for sgm/prd):
>>
>>--------------------------------------------------
>>"/dteam/Role=lcgadmin/Capability=NULL" .dteamsgm
>>"/dteam/Role=lcgadmin" .dteamsgm
>>"/dteam/Role=production/Capability=NULL" .dteamprd
>>"/dteam/Role=production" .dteamprd
>>"/dteam/Role=NULL/Capability=NULL" .dteam
>>"/dteam" .dteam
>>--------------------------------------------------
>>
>>/etc/grid-security/groupmapfile for DTEAM:
>>
>>--------------------------------------------------
>>"/dteam/Role=lcgadmin/Capability=NULL" dteam
>>"/dteam/Role=lcgadmin" dteam
>>"/dteam/Role=production/Capability=NULL" dteam
>>"/dteam/Role=production" dteam
>>"/dteam/Role=NULL/Capability=NULL" dteam
>>"/dteam" dteam
>>--------------------------------------------------
>>
>>YAIM's groups.conf for DTEAM:
>>
>>--------------------------------------------------
>>"/VO=dteam/GROUP=/dteam/ROLE=lcgadmin":::sgm:
>>"/VO=dteam/GROUP=/dteam/ROLE=production":::prd:
>>"/VO=dteam/GROUP=/dteam"::::
>>--------------------------------------------------
>>
>>
>>>And by the way, how do they look like on a WMS? Because we had to install
>>>both machines "by hand" the generation of those files didn't work very well.
>>
>>On the WMS /etc/grid-security/grid-mapfile still has the "classic" format.
>>Although /etc/grid-security/groupmapfile is created, it is not needed.
>>Ensure, however, that /opt/glite/etc/lcmaps/lcmaps.db looks like this:
>>
>>--------------------------------------------------------------------------
>># LCMAPS configuration file for WMProxy
>>#
>># LCMAPS policy file/plugin definition
>>#
>># default path
>>path = /opt/glite/lib/modules
>>
>># Plugin definitions:
>>good = "lcmaps_dummy_good.mod"
>>
>>localaccount = "lcmaps_localaccount.mod"
>> "-gridmapfile /etc/grid-security/grid-mapfile"
>>
>>poolaccount = "lcmaps_poolaccount.mod"
>> " -override_inconsistency"
>> " -gridmapfile /etc/grid-security/grid-mapfile"
>> " -gridmapdir /etc/grid-security/gridmapdir"
>>
>>vomslocalgroup = "lcmaps_voms_localgroup.mod"
>> "-groupmapfile /etc/grid-security/groupmapfile"
>> "-mapmin 0"
>>
>>vomspoolaccount = "lcmaps_voms_poolaccount.mod"
>> "-gridmapfile /etc/grid-security/grid-mapfile"
>> "-gridmapdir /etc/grid-security/gridmapdir"
>> "-do_not_use_secondary_gids"
>>
>>vomslocalaccount = "lcmaps_voms_localaccount.mod"
>> "-gridmapfile /etc/grid-security/grid-mapfile"
>> "-use_voms_gid"
>>
>># Policies:
>>standard:
>>localaccount -> good | poolaccount
>>poolaccount -> good
>>
>># DN-local -> DN-pool -> VO-pool
>>voms:
>>localaccount -> good | poolaccount
>>poolaccount -> good | vomslocalgroup
>>vomslocalgroup -> vomspoolaccount
>>
>>-------------------------------------------------------------------------
>
> -
|