 |
 |
I applied the modifications given below, but the mapping is still not working. However, a brute force mapping is possible by changing the line of the desired DN in /etc/grid-security/grid-mapfile on the WMS. E.g. "/DC=es/DC=irisgrid/O=pic/CN=example-name" .dteam to "/DC=es/DC=irisgrid/O=pic/CN=example-name" dteam018 It's not the solution we are looking for, but at least the jobs sent to the WMS now reach the gliteCE as well.... Cheers, Christian. On Tue, 12 Jun 2007 15:53:18 +0200, Maarten Litmaath >/etc/grid-security/grid-mapfile for DTEAM >(if you use pool accounts for sgm/prd): > >-------------------------------------------------- >"/dteam/Role=lcgadmin/Capability=NULL" .dteamsgm >"/dteam/Role=lcgadmin" .dteamsgm >"/dteam/Role=production/Capability=NULL" .dteamprd >"/dteam/Role=production" .dteamprd >"/dteam/Role=NULL/Capability=NULL" .dteam >"/dteam" .dteam >-------------------------------------------------- > >/etc/grid-security/groupmapfile for DTEAM: > >-------------------------------------------------- >"/dteam/Role=lcgadmin/Capability=NULL" dteam >"/dteam/Role=lcgadmin" dteam >"/dteam/Role=production/Capability=NULL" dteam >"/dteam/Role=production" dteam >"/dteam/Role=NULL/Capability=NULL" dteam >"/dteam" dteam >-------------------------------------------------- > >YAIM's groups.conf for DTEAM: > >-------------------------------------------------- >"/VO=dteam/GROUP=/dteam/ROLE=lcgadmin":::sgm: >"/VO=dteam/GROUP=/dteam/ROLE=production":::prd: >"/VO=dteam/GROUP=/dteam":::: >-------------------------------------------------- > > > And by the way, how do they look like on a WMS? Because we had to install > > both machines "by hand" the generation of those files didn't work very well. > >On the WMS /etc/grid-security/grid-mapfile still has the "classic" format. >Although /etc/grid-security/groupmapfile is created, it is not needed. >Ensure, however, that /opt/glite/etc/lcmaps/lcmaps.db looks like this: > >-------------------------------------------------------------------------- ># LCMAPS configuration file for WMProxy ># ># LCMAPS policy file/plugin definition ># ># default path >path = /opt/glite/lib/modules > ># Plugin definitions: >good = "lcmaps_dummy_good.mod" > >localaccount = "lcmaps_localaccount.mod" > "-gridmapfile /etc/grid-security/grid-mapfile" > >poolaccount = "lcmaps_poolaccount.mod" > " -override_inconsistency" > " -gridmapfile /etc/grid-security/grid-mapfile" > " -gridmapdir /etc/grid-security/gridmapdir" > >vomslocalgroup = "lcmaps_voms_localgroup.mod" > "-groupmapfile /etc/grid-security/groupmapfile" > "-mapmin 0" > >vomspoolaccount = "lcmaps_voms_poolaccount.mod" > "-gridmapfile /etc/grid-security/grid-mapfile" > "-gridmapdir /etc/grid-security/gridmapdir" > "-do_not_use_secondary_gids" > >vomslocalaccount = "lcmaps_voms_localaccount.mod" > "-gridmapfile /etc/grid-security/grid-mapfile" > "-use_voms_gid" > ># Policies: >standard: >localaccount -> good | poolaccount >poolaccount -> good > ># DN-local -> DN-pool -> VO-pool >voms: >localaccount -> good | poolaccount >poolaccount -> good | vomslocalgroup >vomslocalgroup -> vomspoolaccount > >--------------------------------------------------------------------------