You are here: TWiki > Integration/ITB092 Web>ReleaseDocumentationComputeElementAuthorization?>CompatibilityModeAuthorization (30 Sep 2010, IwonaSakrejda)

Compatibility Mode Authorization

This page is obsolete

This Web page is obsolete. It is here just to host a few bits of information that have not been verified to exist elsewhere.

Please refer to for the Compatibility Authorization information? from now on.

Old info

Test grid-mapfile generation

To test grid-mapfile generation, you need to run the below sequence (as root). Note this uses the CE's host certificate.

# source $VDT_LOCATION/setup.sh 
# cd $VDT_LOCATION/gums/scripts 
# ./gums-host generateGridMapfile    (output goes  to stdout. To get 
                                      a file: either redirect stdout or 
                                      use '--file file_name')
     ...output  should look similar to the following dependent on your 
     GUMS server mappings..
   #---- members of vo: osg ----#
    "/DC=org/DC=doegrids/OU=People/CN=Alexis Rodriguez 233072" osg01
   "/DC=org/DC=doegrids/OU=People/CN=Andrew Zahn 730598" osg01
   "/DC=org/DC=doegrids/OU=People/CN=Craig Phillip Prescott 50911" osg01
   #---- members of vo: Test3userGroup ----#
   "/DC=org/DC=doegrids/OU=People/CN=Anne Heavey 830711" osg01account
   "/DC=org/DC=doegrids/OU=People/CN=John Weigand 458491" osg01account
      .... and so on

If gums-host generateGrid3UserVoMap fails, the GUMS server configuration may not be correct. Please contact your administrator, or if you are the administrator, make sure you have the following elements in your gums.config (which can be easily configured from the web interface):

  • A hostToGroupMapping element which matches the host name from which you are issuing the request
  • A groupToAccountMapping (referenced by the hostToGroupMapping) element which contains a user group and account mapper
  • A userGroup element (referenced by the groupToAccountMapping) to validate membership of the requested DN
  • A accountMapper element (referenced by the groupToAccountMapping) to return the account for the requested DN

Test osg-user-vo-map generation

To test the osg-user-vo-map generation, you need to run as root. This uses the CE host certificate.
# source $VDT_LOCATION/setup.sh 
# cd $VDT_LOCATION/gums/scripts 
# ./gums-host generateOsgUserVoMap   (output goes  to stdout. To get
                                        a file: either redirect stdout 
                                        or use '--file file_name')
     ...output  should look similar to the following dependent on your GUMS
     server mappings..
  #User-VO map
  # #comment line, format of each regular line line: account VO
  # Next 2 lines with VO names, same order, all lowercase, with case (lines starting with #voi, #VOc)
  #voi xxx test3
  #VOc OSG TEST3
  #---- accounts for vo: osg ----#
  osg01 xxx
  #---- accounts for vo: Test3userGroup ----#
  osg01account test3
    .... and so on

If gums-host generateGrid3UserVoMap fails, the GUMS server configuration may not be correct. Please contact your administrator, or if you are the administrator, make sure you have the following elements in your gums.config (which can be easily configured from the web interface):

  • A hostToGroupMapping element which matches the host name from which you are issuing the request
  • A groupToAccountMapping (referenced by the hostToGroupMapping) element which contains a user group and account mapper
  • A userGroup element (referenced by the groupToAccountMapping) to validate membership of the requested DN
  • A accountMapper element (referenced by the groupToAccountMapping) to return the account for the requested DN

Retest the authorization mode using site verify

Run the Site Verification script again locally (as a regular user, not root) and verify that the authorization still works.


Complete: 3
Responsible: JayPackard - 31 Oct 2007
Reviewer - date: - AnneHeavey - 14 Nov 2007
Comment: not tested during review

Topic revision: r25 - 30 Sep 2010 - 23:55:40 - IwonaSakrejda
 
TWIKI.NET

TWiki | Report Bugs | Privacy Policy

This site is powered by the TWiki collaboration platformCopyright by the contributing authors. All material on this collaboration platform is the property of the contributing authors..