 |
 |
We did :) https://savannah.cern.ch/bugs/?func=detailitem&item_id=26990 Regards, Antun ----- Antun Balaz Research Assistant E-mail: [log in to unmask] Web: http://scl.phy.bg.ac.yu/ Phone: +381 11 3713152 Fax: +381 11 3162190 Scientific Computing Laboratory Institute of Physics, Belgrade, Serbia ----- ---------- Original Message ----------- From: Yves Kemp <[log in to unmask]> To: [log in to unmask] Sent: Mon, 24 Sep 2007 15:33:48 +0200 Subject: [LCG-ROLLOUT] Problems with VOMS groups/roles mapping > Dear *, > > I am trying to work on our mapping scheme for VOMS groups and roles. > I am doing this with the DESY owned VO desy. > Details about its groups and roles configuration can be found here: > https://grid-voms.desy.de:8443/voms/desy > > When all groups and roles are mapped to pool accounts, I have to add > a catch-all line to account for groups that are not definded in > /opt/edg/etc/lcmaps/[grid,group]mapfile but that the user might have > asked for in his proxy. The catch-all line looks like > "/VO=desy/GROUP=/desy/*/Role=NULL/Capability=NULL" .desyusr > "/VO=desy/GROUP=/desy/*" .desyusr > > This scheme works, but only if all groups and roles have pool accounts. > > When one role is configured as a static account (e.g. SGM), this > will not work anymore. - If I leave the catch-all line, SGM will be > mapped to a user account instead of the single SGM account - If I > drop the catch-all line, SGM is correctly mapped. If a proxy comes > with groups that are not defined on my CE, VOMS mapping failes, and > the old gridmap-file mechanism is used instead. > > Does anyone see similar problems? (and maybe know the right solution?) > > Thanks for any suggestion! > > Best > > Yves > > -------------------------------------------- > Yves Kemp > [log in to unmask] Desy IT 2b/312 > Fon: +49-(0)40-8998-2318 Notkestr. 85 > Fax: +49-(0)40-8994-2318 D-22607 Hamburg > -------------------------------------------- ------- End of Original Message -------