Hi Arnau,
> from lhcb VO CARD:
>
> The static gridmap-file should not contain any other mapping than
> .lhcb.
> It means that somehow the site must provide a edg-mkgridmap.conf file
> (used to
> build the /etc/grid-security/gridmap-file) that looks like that for
> LHCb:
>
> # LHCB
>
> # Map VO members (root Group)
> group vomss://voms.cern.ch:8443/voms/lhcb?/lhcb .lhcb
>
> I know how to do that in our lcg-CEs by hand, but I'm wondering if I
> could do it with YAIM.
>
> Now I have:
> # grep lhcb /opt/localconf/gLite3.1/yaim/pic/groups.conf
> "/lhcb"::::
> "/lhcb/ROLE=production":::prd:
> "/lhcb/ROLE=lcgadmin":::sgm:
> "/lhcb/Role=pilot":::pilot:
>
> Obviously, if I remove prd, sgm and pilot all lhcb users will be
mapped
> to normal pool account, and grid mapfile will look as desired, but
> then, voms mapping won't work with Roles.
>
> am I right? If so, is there any way for creating the desired status
> grid-mapfile with YAIM?
As Maarten said you can always use the variable
UNPRIVILEGED_MKGRIDMAP=yes and you would only have in your grid map file
normal pool accounts. But this will be the case for
all the supported VOs. It's the way we've implemented it.
If you think it's interesting to have this variable defined per VO, we
can include that in YAIM. Please, open a bug and assign it to me.
Cheers,
Maria
|