That's interesting. Stripping out the sgm and prd accounts - as suggested
by Stephen - leave me with something like what's listed below. The second
field is the group name (as in /etc/group) and the third field is the
gid. If I strip these out - as you have done - how does the box know
that a given user should be mapped to the correct group?
"/atlas":lt2-atlas:20011::
"/alice":lt2-alice:20012::
"/cms":lt2-cms:20013::
"/lhcb":lt2-lhcb:20014::
"/dteam":lt2-dteam:20015::
"/zeus":lt2-zeus:20016::
"/na48":lt2-na48:20017::
"/babar":lt2-babar:20018::
"/biomed":lt2-biomed:20019::
"/ilc":lt2-ilc:20020::
"/calice":lt2-calice:20021::
"/dzero":lt2-dzero:20022::
"/pheno":lt2-pheno:20023::
"/t2k":lt2-t2k:20024::
"/geant4":lt2-geant4:20026::
"/hone":lt2-hone:20027::
"/ops":lt2-ops:20028::
"/gin":lt2-gin:20029::
"/camont":lt2-camont:20031::
"/supernemo.vo.eu-egee.org":lt2-supernemo:20032::
"/sedi.brunel.ac.uk":lt2-sedi:20033::
"/cedar":lt2-cedar:20034::
"/minos.vo.gridpp.ac.uk":lt2-minos:20035::
"/ngs.ac.uk":lt2-ngs:20036::
"/vo.londongrid.ac.uk":lt2-ltwo:20037::
"/vo.northgrid.ac.uk":lt2-northgrid:20038::
"/vo.southgrid.ac.uk":lt2-southgrid:20039::
"/vo.sixt.cern.ch":lt2-sixt:20040::
On Tue, 9 Jun 2009, Condurache, C (Catalin) wrote:
> Date: Tue, 9 Jun 2009 09:32:02 +0100
> From: "Condurache, C (Catalin)" <[log in to unmask]>
> Reply-To: Testbed Support for GridPP member institutes
> <[log in to unmask]>
> To: [log in to unmask]
> Subject: Re: user mapping on WMS - Catalin?
>
> Hi,
>
> We have a crafted groups.conf on our WMSes (see attached)
>
> Also for camont we had to use 'VO_CAMONT_MAP_WILDCARDS=yes' in the
> site-info.def, and 'MAP_WILDCARDS=yes' in
> .../vo.d/supernemo.vo.eu-egee.org file.
>
> Cheers,
> Catalin
>
>
>
>> -----Original Message-----
>> From: Testbed Support for GridPP member institutes [mailto:TB-
>> [log in to unmask]] On Behalf Of Dr Barry MacEvoy
>> Sent: 08 June 2009 15:08
>> To: [log in to unmask]
>> Subject: Re: user mapping on WMS - Catalin?
>>
>> Catalin,
>>
>> If you're reading, what do your groups.conf and users.conf on the RAL
>> WMS look like?
>>
>> Cheers,
>>
>> Barry.
>>
>>
>>
>> On Mon, 8 Jun 2009, Daniela Bauer wrote:
>>
>>> Date: Mon, 8 Jun 2009 15:05:39 +0100
>>> From: Daniela Bauer <[log in to unmask]>
>>> Reply-To: Testbed Support for GridPP member institutes
>>> <[log in to unmask]>
>>> To: [log in to unmask]
>>> Subject: Re: user mapping on WMS
>>>
>>> Having dug through this a bit, I think the groups.conf suffers from
>>> obsolete syntax:
>>> [root@wms00 ~]# more /opt/glite/yaim/config/groups.conf
>>> "/VO=alice/GROUP=/alice/ROLE=lcgadmin":lt2-alice:20012:sgm:
>>> "/VO=alice/GROUP=/alice/ROLE=production":lt2-alice:20012:prd:
>>> "/VO=alice/GROUP=/alice":lt2-alice:20012::
>>>
>>> instead of
>>> "/alice/ROLE=lcgadmin":::sgm:
>>> "/alice/ROLE=production":::prd:
>>> "/alice"::::
>>>
>>> or something along those lines.
>>>
>>> Why we have sgm accounts: Because we were asked if we could provide
>> them.
>>>
>>> We'll give it a try and report back.
>>>
>>> Daniela
>>>
>>>
>>> 2009/6/8 Burke, S (Stephen) <[log in to unmask]>:
>>>> Testbed Support for GridPP member institutes
>>>>> [mailto:[log in to unmask]] On Behalf Of Dr Barry MacEvoy
>> said:
>>>>> My groups.conf for yaim currently looks like the attached. It is
>>>>> evidently wrong, although it has served me well for at least 2
>> years!
>>>>>
>>>>> What would you suggest?
>>>>
>>>> I would guess that you can just get rid of the sgm and prd lines,
>> but
>>>> I'm not sure off-hand if you need to do anything to configure a
>>>> catch-all mapping. (And presumably the same applies to users.conf
>> as
>>>> well.)
>>>>
>>>>
>> https://twiki.cern.ch/twiki/bin/view/LCG/YaimGuide400#User_configurat
>> ion
>>>> _in_YAIM
>>>>
>>>> Stephen
>>>> --
>>>> Scanned by iCritical.
>>>>
>>>
>>>
>>>
>>> --
>>> -----------------------------------------------------------
>>> HEP Group
>>> Physics Dep
>>> Imperial College
>>> Tel: +44-(0)20-75947810
>>> http://www.hep.ph.ic.ac.uk/~dbauer/
>>>
>>
>> --------------------------------------------------------------
>> Dr Barry MacEvoy
>> High Energy Physics Group
>> Imperial College London
>> Blackett Laboratory
>> Prince Consort Road
>> LONDON SW7 2BW
>> England
>>
>> T: +44 20 7594 7802
>> F: +44 20 7823 8830
>> M: 07767 323871
>>
>> http://www.hep.ph.ic.ac.uk/cms/people/based_at_imperial.html
>> http://www.hep.ph.ic.ac.uk/e-science/people/macevoy.html
>> --------------------------------------------------------------
>
> --
>
> Scanned by iCritical.
>
--------------------------------------------------------------
Dr Barry MacEvoy
High Energy Physics Group
Imperial College London
Blackett Laboratory
Prince Consort Road
LONDON SW7 2BW
England
T: +44 20 7594 7802
F: +44 20 7823 8830
M: 07767 323871
http://www.hep.ph.ic.ac.uk/cms/people/based_at_imperial.html
http://www.hep.ph.ic.ac.uk/e-science/people/macevoy.html
--------------------------------------------------------------
|