Hi Eygene,
> Just installed WMS+LB for gLite 3.1 and found strange mapping problem.
>
> I use VOMS-enabled proxy with the following FQANs:
> -----
> $ glite-voms-proxy-info --fqan
> /alice/Role=lcgadmin/Capability=NULL
> /alice/Role=NULL/Capability=NULL
> /alice/lcg1/Role=NULL/Capability=NULL
> -----
> Submission to the WMS does not work -- job is successfully registered,
> but sandbox can not be transferred. Short investigation showed that
> GridFTP maps me to the user salice0066 (SGM poolaccount) but job is
> registered for user salice0029 (another SGM poolaccount). And I see
> two user mappings inside /etc/grid-security/gridmapdir:
> -----
> $ ls -li | egrep '(eygene|39277|39314)'
> 39277 -rw-r--r-- 2 root root 0 ??? 29 23:09 %2fc%3dru%2fo%3drdig%2fou%3dusers%2fou%3dgrid%2ekiae%2eru%2fcn%3deygene%20ryabinkin%20atalice:alicesgm
> 39277 -rw-r--r-- 2 root root 0 ??? 29 23:09 salice0029
> 39314 -rw-r--r-- 2 root root 0 ??? 30 00:27 %2fc%3dru%2fo%3drdig%2fou%3dusers%2fou%3dgrid%2ekiae%2eru%2fcn%3deygene%20ryabinkin%20atalice:alicesgm:alice
> 39314 -rw-r--r-- 2 root root 0 ??? 30 00:27 salice0066
> -----
>
> When I am using proxy without 'alice/Role=lcgadmin' FQAN (but with other
> two), submission works like a charm. But in this case I am mapped (as
> expected) to the plain user poolaccount, not the SGM's one.
Known bug:
https://savannah.cern.ch/bugs/index.php?35244
Fixed in the next version of YAIM. You can apply the workaround now:
-----------------------------------------------------------------------------------
--- /opt/glite/etc/lcmaps/lcmaps.db.gridftp.bad 2008-07-28 18:23:37.000000000 +0200
+++ /opt/glite/etc/lcmaps/lcmaps.db.gridftp 2008-07-29 22:45:06.000000000 +0200
@@ -21,7 +21,7 @@
vomslocalgroup = "lcmaps_voms_localgroup.mod"
" -groupmapfile /etc/grid-security/groupmapfile"
-" -mapmin 1"
+" -mapmin 0"
vomslocalaccount = "lcmaps_voms_localaccount.mod"
" -gridmapfile /etc/grid-security/grid-mapfile"
@@ -30,7 +30,7 @@
vomspoolaccount = "lcmaps_voms_poolaccount.mod"
" -gridmapfile /etc/grid-security/grid-mapfile"
" -gridmapdir /etc/grid-security/gridmapdir"
-" -override_inconsistency"
+" -do_not_use_secondary_gids"
# gridftp related code
good = "lcmaps_dummy_good.mod"
-----------------------------------------------------------------------------------
|