Hi Ewa,
In our arc.conf we have this in the [gridftpd] section:
allowunknown="yes"
unixmap="* mapfile /etc/grid-security/grid-mapfile"
unixmap="* lcmaps liblcmaps.so /usr/lib64 /etc/lcmaps/lcmaps.db voms"
unixmap="999:999 all"
And this in the [groups/users] section:
lcas="liblcas.so /usr/lib64 /etc/lcas/lcas.dbČ
$ cat /etc/lcas/lcas.db
pluginname=/usr/lib64/lcas/lcas_voms.mod,pluginargs="-vomsdir
/etc/grid-security/vomsdir/ -certdir /etc/grid-security/certificates
-authfile /etc/grid-security/vo-mapfile -authformat simple -use_user_dn"
$ cat /etc/lcmaps/lcmaps.db
# where to look for modules
path = /usr/lib64/lcmaps
# module definitions
verify_proxy = "lcmaps_verify_proxy.mod"
" -certdir /etc/grid-security/certificates/"
" --allow-limited-proxy"
" --discard_private_key_absence"
pepc = "lcmaps_c_pep.mod"
"--pep-daemon-endpoint-url
https://heplnv142.pp.rl.ac.uk:8154/authz"
" -resourceid
http://authz-interop.org/xacml/resource/resource-type/ce"
" -actionid http://glite.org/xacml/action/execute"
" -capath /etc/grid-security/certificates/"
" --certificate /etc/grid-security/hostcert.pem"
" --key /etc/grid-security/hostkey.pem"
get_account:
verify_proxy -> pepc
I installed these packages in addition to the nordugrid ones:
argus-pep-api-c lcmaps-plugins-c-pep lcmaps-plugins-verify-proxy
lcas-plugins-voms voms
If you copy a proxy over to the server you can run:
sudo /usr/libexec/arc/arc-lcas "/C=UK/O=eScience/OU=CLRC/L=RAL/CN=chris
brew" /tmp/proxy.pem liblcas.so /usr/lib64 /etc/lcas/lcas.db
And:
sudo /usr/libexec/arc/arc-lcmaps "/C=UK/O=eScience/OU=CLRC/L=RAL/CN=chris
brew" /tmp/proxy.pem liblcmaps.so /usr/lib64 /etc/lcmaps/lcmaps.db
glexec_get_account
To check that everything is working.
Yours,
Chris.
On 09/04/2014 14:24, "STEELE E." <[log in to unmask]> wrote:
>Dear All,
>
>We are currently trying to roll out an arc-ce at Durham and we are having
>some issues getting ARGUS to provide the user mapping.
>
>Has anyone else done this and if so how did you achieve it.
>
>Thanks
>Ewan
>
>--
>Ewan Steele
>OC113
>+44-(0)191-334-3527
>[log in to unmask]
>
--
Scanned by iCritical.
|