Changes between Version 45 and Version 46 of Doc/gLite/TemplateCustomization


Ignore:
Timestamp:
Jun 7, 2007, 4:44:59 PM (18 years ago)
Author:
/C=FR/O=CNRS/OU=UMR8607/CN=Michel Jouvin/emailAddress=jouvin@…
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • Doc/gLite/TemplateCustomization

    v45 v46  
    118118   * `port` : VOMS server port associated with this VO. No default.
    119119   * `cert` : template name, in `vo/certs` , defining VOMS server certificate. If not specified, defaults to the VOMS server name.
    120  * `voms_roles` : list of VOMS roles supported by the VO. This property is optional. For each role, the entry is a nlist with the following possible properties :
    121    * `description` : description of the VO role. This property is informational, except for VO software manager where it must be "SW manager"
    122    * `name` : VO role name, as defined on the VOMS server
     120 * `voms_mappings` (replace deprecated `voms_roles`) : list of VOMS groups/roles supported by the VO. This property is optional. This is a nlist with one entry per mapping (mapped accounts). The supported properties for each entriy are :
     121   * `description` : description of the mapping. This property is informational, except for VO software manager where it must be `SW manager` (with this exact casing).
     122   * `pattern` (replace deprecated `name`) : VO group/role combinations mapped to this account. This can be a string or a list of string (if several group/role combinations are mapped to the same account). Each value can be either a role name (without `/ROLE=`) or a group/role combination in standard format `/GROUP=..../ROLE=rolename`. Note that `/GROUP` and `/ROLE` keywords are required to be upper case, that there may be several groups but only one role and if both are present, role must be the last one. Look at [source:templates/trunk/grid/glite-3.0.0/vo/params/lhcb.tpl LHCb VO parameters] for an example.
    123123   * `suffix` : suffix to append to `account_prefix` to build account name associated with this role.
    124124 * `proxy` : name of the proxy server used by the VO. No default, optional.
     
    161161
    162162
     163=== Mapping of VOMS groups/roles into grid-mapfile ===
     164
     165grid-mapfile is used as a source of mapping information between users DN and Unix accounts when this cannot be obtained from VOMS.
     166
     167Default behaviour for describing user mapping in grid-mapfile used to be to map users with a specific role to the account corresponding to this role. Unfortunatly, the result is unpredictable if a user has several roles in the VO. The default in QWG templates, starting with release [milestone:gLite-3.0.2-12 gLite-3.0.2-12], is to always map users to normal users in grid-mapfile. To obtain a mapping based on a specific role, users have to get a proxy with the required VOMS extensions using `voms-proxy-init --voms`.
     168
     169To revert to previous behaviour, you need to define variable `VO_GRIDMAPFILE_MAP_VOMS_ROLES` to `true` in your machine profile or one of your site specific templates.
     170
    163171== Allocation of Service Accounts ==
    164172