Santanu,
the gridmapdir is only used for pool accounts. Please, check the 
following (old) documentation:
http://www.gridsite.org/gridmapdir/

In general the file /opt/glite/etc/lcmaps/lcmaps.db and the file 
/opt/edg/etc/lcmaps/lcmaps.db tell you what files and directories are 
used for coming up with a mapping (proxy -> local UID/GID). These files 
are normally generated by YAIM.

LCMAPS is a framework that can load and run one or more 'credential 
mapping' plugins. The LCMAPS framework consists of the following 
components:

    * the /plugin manager/, which is responsible for managing, loading
      and running the LCMAPS plugins.
    * the /evaluation manager/, which is responsible for the order in
      which the LCMAPS plugins are called.

You can find a nice description of  LCMAPS here:
http://www.nikhef.nl/grid/lcaslcmaps/
http://www.dutchgrid.nl/DataGrid/wp4/lcmaps/edg-lcmaps_gcc3_2_2-0.0.23/node1.html

For a documentation of the plugins used, please refer to this URL:
http://www.nikhef.nl/grid/lcaslcmaps/lcmaps_apidoc/html/

The files that are generally used to define the voms mappings are:
/opt/edg/etc/lcmaps/gridmapfile
/opt/edg/etc/lcmaps/groupmapfile

The /etc/grid-security/grid-mapfile is used for simple DN mapping.

I therefore recommend you look at your configuration.

Hope this helps.

Flavia

Santanu Das wrote:
> Dear all,
>
> As the title says, can anyone please explain how does this work? I'm 
> confused with the relation between voms role, grid-mapfile and the 
> gridmapdir.
>
> As an example, I'm "dteamprd" in the grid-mapfile:
>
> [root@serv03 root]# egrep "santanu|Santanu" 
> /etc/grid-security/grid-mapfile
> "/C=UK/O=eScience/OU=Cambridge/L=UCS/CN=santanu das" dteamprd
>
>
> But, I'm atlas148 and dteam062 according to the "gridmapdir" mapping:
>
> [root@serv03 root]# for iz in `ls -il 
> /etc/grid-security/gridmapdir/*santanu* | awk '{print $1}'`; do ls 
> -il  /etc/grid-security/gridmapdir | grep ${iz}; done
> 14385754 -rw-r--r--    1 root     root            0 Feb  1 10:36 
> %2fc%3duk%2fo%3descience%2fou%3dcambridge%2fl%3ducs%2fcn%3dsantanu%20das
> 14386591 -rw-r--r--    2 root     root            0 May  9 11:37 
> %2fc%3duk%2fo%3descience%2fou%3dcambridge%2fl%3ducs%2fcn%3dsantanu%20das%3aatlas 
>
> 14386591 -rw-r--r--    2 root     root            0 May  9 11:37 atlas148
> 14386123 -rw-r--r--    2 root     root            0 Jun 18 14:21 
> %2fc%3duk%2fo%3descience%2fou%3dcambridge%2fl%3ducs%2fcn%3dsantanu%20das%3adteam 
>
> 14386123 -rw-r--r--    2 root     root            0 Jun 18 14:21 dteam062
>
>
> When I submit jobs, I always mapped to "atlas148" when I use 
> "voms-proxy-init -voms atlas" to create the proxy and to dteam062 
> using my dteam certificate. So, doesn't it mean that grid-mapfile is 
> completely ignored when user comes with a voms proxy.
>
> Now, if the proxy  is created with the specific role, like this:
>
> voms-proxy-init -voms dteam:/dteam/Role=production
>
> I authorized and ran job as dteamprd but the local mapping in the 
> gridmapdir still  points to dteam062, which seem to make "use of 
> gridmapdir" completely useless.
> Can anyone please explain this to me please? Having another look 
> afterwards , I found that I'm not alone here; the grid-mapfile and 
> gridmapdir entries are different for several other people as well.
>
> I've cc'd this to Jens, as I was talking to him regarding this 
> yesterday, in case he is curious.
>
> Cheers,
> Santanu