Christian Neissner wrote: > Hi Maarten: > > On Tue, 12 Jun 2007 12:59:12 +0200, Maarten Litmaath <[log in to unmask]> wrote: > >>That file is irrelevant when you properly configure the gLite CE. >>It currently uses /etc/grid-security/grid-mapfile and >>/etc/grid-security/groupmapfile, nothing else. > > > Can you give me an example of those files in properly configured gliteCE? /etc/grid-security/grid-mapfile for DTEAM (if you use pool accounts for sgm/prd): -------------------------------------------------- "/dteam/Role=lcgadmin/Capability=NULL" .dteamsgm "/dteam/Role=lcgadmin" .dteamsgm "/dteam/Role=production/Capability=NULL" .dteamprd "/dteam/Role=production" .dteamprd "/dteam/Role=NULL/Capability=NULL" .dteam "/dteam" .dteam -------------------------------------------------- /etc/grid-security/groupmapfile for DTEAM: -------------------------------------------------- "/dteam/Role=lcgadmin/Capability=NULL" dteam "/dteam/Role=lcgadmin" dteam "/dteam/Role=production/Capability=NULL" dteam "/dteam/Role=production" dteam "/dteam/Role=NULL/Capability=NULL" dteam "/dteam" dteam -------------------------------------------------- YAIM's groups.conf for DTEAM: -------------------------------------------------- "/VO=dteam/GROUP=/dteam/ROLE=lcgadmin":::sgm: "/VO=dteam/GROUP=/dteam/ROLE=production":::prd: "/VO=dteam/GROUP=/dteam":::: -------------------------------------------------- > And by the way, how do they look like on a WMS? Because we had to install > both machines "by hand" the generation of those files didn't work very well. On the WMS /etc/grid-security/grid-mapfile still has the "classic" format. Although /etc/grid-security/groupmapfile is created, it is not needed. Ensure, however, that /opt/glite/etc/lcmaps/lcmaps.db looks like this: -------------------------------------------------------------------------- # LCMAPS configuration file for WMProxy # # LCMAPS policy file/plugin definition # # default path path = /opt/glite/lib/modules # Plugin definitions: good = "lcmaps_dummy_good.mod" localaccount = "lcmaps_localaccount.mod" "-gridmapfile /etc/grid-security/grid-mapfile" poolaccount = "lcmaps_poolaccount.mod" " -override_inconsistency" " -gridmapfile /etc/grid-security/grid-mapfile" " -gridmapdir /etc/grid-security/gridmapdir" vomslocalgroup = "lcmaps_voms_localgroup.mod" "-groupmapfile /etc/grid-security/groupmapfile" "-mapmin 0" vomspoolaccount = "lcmaps_voms_poolaccount.mod" "-gridmapfile /etc/grid-security/grid-mapfile" "-gridmapdir /etc/grid-security/gridmapdir" "-do_not_use_secondary_gids" vomslocalaccount = "lcmaps_voms_localaccount.mod" "-gridmapfile /etc/grid-security/grid-mapfile" "-use_voms_gid" # Policies: standard: localaccount -> good | poolaccount poolaccount -> good # DN-local -> DN-pool -> VO-pool voms: localaccount -> good | poolaccount poolaccount -> good | vomslocalgroup vomslocalgroup -> vomspoolaccount --------------------------------------------------------------------------