Hi Adam,
>> Yes, I could live with having a dedicated DN for this case and mapping
>> it to the static account regardless of the role. [...]
>
> Oscar suggested that this policy be inserted before the others:
>
> veryspecialmappingpolicy:
> localaccount -> voms_localgroup
> voms_localgroup -> posix_enf
>
> This means the special DNs will be mapped to static accounts _if_ they
> have _any_ recognized primary VOMS attribute, else the policy fails
> and the following ones will be tried.
>
> That does not seem to help your case.
In fact it does help, since you accept that the DNs _always_ be mapped
to those static accounts!
|