Hi Kashif,
So.
The ".stg" bit in the voms-grid-mapfile means "map things like this to
any account starting stg in the gridmapdir".
Since the first such entry will be stg001, it seems logical that
normal users will be mapped to stg001 (and 002), since neither LCMAPS
nor any other part of the infrastructure particularly cares that
you've also later mapped specific VOMS roles to those accounts.
The right way to do this is to map special roles to accounts with
different prefixes (I suggest sgmstg for SGM accounts), thus
preventing them being used for normal accounts.
Sam
2009/10/16 Kashif Mohammad <[log in to unmask]>:
> Hi
> I am testing a new CE where pool acconts are not created through yaim
> but through NIS. Problem is that normal user are getting mapped to prd
> and sgm account for vo.southgrid.ac.uk (only vo I can check).Every thing
> looks OK
> Users.conf
> 17001:stg001:17000:stg:vo.southgrid.ac.uk:sgm:
> 17002:stg002:17000:stg:vo.southgrid.ac.uk:prd:
> 17003:stg003:17000:stg:vo.southgrid.ac.uk::
> 17004:stg004:17000:stg:vo.southgrid.ac.uk::
>
> Groups.conf
> "/VO=vo.southgrid.ac.uk/GROUP=/vo.southgrid.ac.uk"::::
> "/VO=vo.southgrid.ac.uk/GROUP=/vo.southgrid.ac.uk/ROLE=lcgadmin":::sgm:
> "/VO=vo.southgrid.ac.uk/GROUP=/vo.southgrid.ac.uk/ROLE=production":::prd
> :
>
> Corresponding voms-grid-mapfile
> "/vo.southgrid.ac.uk" .stg
> "/vo.southgrid.ac.uk/Role=lcgadmin/Capability=NULL" stg001
> "/vo.southgrid.ac.uk/Role=lcgadmin" stg001
> "/vo.southgrid.ac.uk/Role=production/Capability=NULL" stg002
> "/vo.southgrid.ac.uk/Role=production" stg002
>
> I have installed lcg-CE-3.1.35-0. I deleted mapping records from
> gridmapdir also. But nothing works.
>
> Any pointer.
>
> Regards
> Kashif
>
|