NAME

mkgridmap: NCM component to configure edg-mkgridmap.conf for mkgridmap.

DESCRIPTION

The mkgridmap component manages the configuration file (e.g. /opt/edg/etc/edg-mkgridmap.conf) for mkgridmap. It can handle several mapfiles and support two distinct mapfile format :

  • edg : the traditional format associating DNs with pool accounts
  • lcgdm : a mapfile to associate DNs to VO name. It is used by LCG products like DPM and LFC to handle authorization for users not authenticated with VOMS (grid-proxy-init or voms-proxy-init without -voms).

RESOURCES

entries : nlist

A nlist of mapfile entries. The name of the entry is informational only. The entry resources are described below.

lcmaps : nlist (optional)

This nlist describes lcmaps gridmapfile and groupmapfile to update. The entry resources are described below.

voList : list (optional)

This list specifies the VO to process, and the order in which they will appear. If not present or undefined, defaults to all VOs defined in the configuration (/system/vo), sorted by name.

LCMAPS RESOURCES

flavor : string

This property indicates LCMAPS gridmapfile/groupmafile format. It can be 'edg' or 'glite'. When format is 'glite', FQANs are taken literally from configuration : they must be valid VOMS FQAN in standard format. When format is 'edg', FQANs in configuration are converted into EDG format (/VO=vo_name/GROUP=.../ROLE=...).

Default : glite (no conversion)

lcmaps/gridmapfile : string (required)

The full path to the LCMAPS gridmapfile.

Default : /opt/edg/etc/lcmaps/gridmapfile

lcmaps/groupmapfile : string (required)

The full path to the LCMAPS groupmapfile.

Default : /opt/edg/etc/lcmaps/groupmapfile

MAPFILE ENTRY RESOURCES

mkgridmapconf

The location of the edg-mkgridmap.conf file, by default /opt/edg/etc/edg-mkgridmap.conf

command

The command to run to regenerate the gridmap file. If provided, this command will be run whenever changes to the configuration occur.

groups

A list of group entries in the edg-mkgridmap.conf file. For each group uri_<group> and user_<group> can be defined to specify the collection of users at a URI that should be mapped to a particular user.

auths

A list of auth entries in the edg-mkgridmap.conf file. For each auth line a uri_<auth> should be defined.

lcuser

What the lcuser should be defined as.

allow

A pattern match of certs that should be permitted in the grid-mapfile.

deny

A pattern match of certs that should be denied in the grid-mapfile.

Note the allow allways occurs, if it is defined at all, in the mkgridmap.conf file before the deny rule. Read man edg-mkgridmap.conf for the consequences of this.

gmflocal

One or more local grid-mapfile(s) to be imported in the generated grid-mapfile, where they will override other entries. By default <edgcfg.location>/etc/grid-mapfile-local. The entry can be either a string (default), or a list of strings (in which case the existing entry will have to be null-ified beforehand).

overwrite

By default set to yes. If set to no the local grid-mapfile will not be overwritten if it already exists.

locals

A list for which each element has the values of cert_<local> and user_<local>. This will add mappings to the (first) grid-mapfile-local defined above.