We did :)
https://savannah.cern.ch/bugs/?func=detailitem&item_id=26990
Regards, Antun
-----
Antun Balaz
Research Assistant
E-mail: [log in to unmask]
Web: http://scl.phy.bg.ac.yu/
Phone: +381 11 3713152
Fax: +381 11 3162190
Scientific Computing Laboratory
Institute of Physics, Belgrade, Serbia
-----
---------- Original Message -----------
From: Yves Kemp <[log in to unmask]>
To: [log in to unmask]
Sent: Mon, 24 Sep 2007 15:33:48 +0200
Subject: [LCG-ROLLOUT] Problems with VOMS groups/roles mapping
> Dear *,
>
> I am trying to work on our mapping scheme for VOMS groups and roles.
> I am doing this with the DESY owned VO desy.
> Details about its groups and roles configuration can be found here:
> https://grid-voms.desy.de:8443/voms/desy
>
> When all groups and roles are mapped to pool accounts, I have to add
> a catch-all line to account for groups that are not definded in
> /opt/edg/etc/lcmaps/[grid,group]mapfile but that the user might have
> asked for in his proxy. The catch-all line looks like
> "/VO=desy/GROUP=/desy/*/Role=NULL/Capability=NULL" .desyusr
> "/VO=desy/GROUP=/desy/*" .desyusr
>
> This scheme works, but only if all groups and roles have pool accounts.
>
> When one role is configured as a static account (e.g. SGM), this
> will not work anymore. - If I leave the catch-all line, SGM will be
> mapped to a user account instead of the single SGM account - If I
> drop the catch-all line, SGM is correctly mapped. If a proxy comes
> with groups that are not defined on my CE, VOMS mapping failes, and
> the old gridmap-file mechanism is used instead.
>
> Does anyone see similar problems? (and maybe know the right solution?)
>
> Thanks for any suggestion!
>
> Best
>
> Yves
>
> --------------------------------------------
> Yves Kemp
> [log in to unmask] Desy IT 2b/312
> Fon: +49-(0)40-8998-2318 Notkestr. 85
> Fax: +49-(0)40-8994-2318 D-22607 Hamburg
> --------------------------------------------
------- End of Original Message -------
|