mkgridmap: NCM component to configure edg-mkgridmap.conf for mkgridmap.
The mkgridmap component manages the configuration file (e.g.
/opt/edg/etc/edg-mkgridmap.conf) for mkgridmap.
It can handle several mapfiles and support two distinct mapfile format :
- edg : the traditional format associating DNs with pool accounts
- lcgdm : a mapfile to associate DNs to VO name. It is used by LCG products like DPM and LFC to handle authorization for users not authenticated with VOMS (grid-proxy-init or voms-proxy-init without -voms).
entries : nlist
A nlist of mapfile entries. The name of the entry is informational only. The entry resources are described below.
lcmaps : nlist (optional)
This nlist describes lcmaps gridmapfile and groupmapfile to update. The entry resources are described below.
voList : list (optional)
This list specifies the VO to process, and the order in which they will appear. If not present or undefined, defaults to all VOs defined in the configuration (/system/vo), sorted by name.
flavor : string
This property indicates LCMAPS gridmapfile/groupmafile format. It can be 'edg' or 'glite'. When format is 'glite', FQANs are taken literally from configuration : they must be valid VOMS FQAN in standard format. When format is 'edg', FQANs in configuration are converted into EDG format (/VO=vo_name/GROUP=.../ROLE=...).
Default : glite (no conversion)
lcmaps/gridmapfile : string (required)
The full path to the LCMAPS gridmapfile.
lcmaps/groupmapfile : string (required)
The full path to the LCMAPS groupmapfile.
MAPFILE ENTRY RESOURCES
The location of the edg-mkgridmap.conf file, by default
The command to run to regenerate the gridmap file. If provided, this command will be run whenever changes to the configuration occur.
A list of group entries in the edg-mkgridmap.conf file. For each group uri_<group> and user_<group> can be defined to specify the collection of users at a URI that should be mapped to a particular user.
A list of auth entries in the edg-mkgridmap.conf file. For each auth line a uri_<auth> should be defined.
What the lcuser should be defined as.
A pattern match of certs that should be permitted in the grid-mapfile.
A pattern match of certs that should be denied in the grid-mapfile.
Note the allow allways occurs, if it is defined at all, in the mkgridmap.conf file before the deny rule. Read man edg-mkgridmap.conf for the consequences of this.
One or more local grid-mapfile(s) to be imported in the generated grid-mapfile, where they will override other entries. By default <edgcfg.location>/etc/grid-mapfile-local. The entry can be either a string (default), or a list of strings (in which case the existing entry will have to be null-ified beforehand).
By default set to yes. If set to no the local grid-mapfile will not be overwritten if it already exists.
A list for which each element has the values of cert_<local> and user_<local>. This will add mappings to the (first) grid-mapfile-local defined above.