Hello,
Lhcb is having user mapping problems (see below). It explains why they
keep on using unwillingly lhcbsgm for production.
Below there's the explanation and recipe to hopefully correct this
behaviour. Could you please apply it so they can have a uniform mapping?
cheers
alessandra
-------- Original Message --------
Subject: New YAIM groups.conf file for LHCb
Date: Mon, 18 Sep 2006 14:50:33 +0200 (MEST)
From: EGEE BROADCAST <[log in to unmask]>
To: [log in to unmask], [log in to unmask],
[log in to unmask], [log in to unmask], [log in to unmask],
[log in to unmask], [log in to unmask],
[log in to unmask], [log in to unmask],
[log in to unmask]
------------------------------------------------------------------------------------
Publication from : Roberto Santinelli 7735 <[log in to unmask]>
(CERN)
This mail has been sent using the broadcasting tool available at
http://cic.in2p3.fr
------------------------------------------------------------------------------------
Hello,
according the LHCb VO-card updated on the CIC portal, LHCb do use VOMS
groups instead of Roles (as Atlas and CMS do) for mapping users to the
special lhcbprod or lhcbsgm local accounts. The currently deployed
default configuration of YAIM (groups.conf) doesn;t support this model
but rather:
[root@ce101 root]# grep lhcb /opt/edg/etc/lcmaps/gridmapfile
\"/VO=lhcb/GROUP=/lhcb/ROLE=lcgadmin/Capability=NULL\" lhcbsgm
\"/VO=lhcb/GROUP=/lhcb/ROLE=lcgadmin\" lhcbsgm
\"/VO=lhcb/GROUP=/lhcb/ROLE=production/Capability=NULL\" lhcbprd
\"/VO=lhcb/GROUP=/lhcb/ROLE=production\" lhcbprd
\"/VO=lhcb/GROUP=/lhcb/Role=NULL/Capability=NULL\" .lhcb
\"/VO=lhcb/GROUP=/lhcb\" .lhcb
A correct behavior for LHCb would imply these further lines in the
LCMAPS gridmap file:
\"/VO=lhcb/GROUP=/lhcb/sgm/Role=NULL/Capability=NULL\" lhcbsgm:
\"/VO=lhcb/GROUP=/lhcb/lcgprod/Role=NULL/Capability=NULL\" lhcbprd:
that may be easily achieved by adding to the groups.conf file before the
other lines for LHCb the following two lines :
\"/VO=lhcb/GROUP=/lhcb/sgm/ROLE=NULL\":::sgm:
\"/VO=lhcb/GROUP=/lhcb/lcgprod/ROLE=NULL\":::prd:
And then rerun at least YAIM\'s config_mkgridmap:
/opt/glite/yaim/scripts/run_function your_site_info.def config_mkgridmap
--
*******************************************
* Dr Alessandra Forti *
* University of Manchester *
* Technical Coordinator - NorthGrid Tier2 *
* http://www.hep.man.ac.uk/u/aforti *
*******************************************
|