Version 3 (modified by mmamonski, 9 years ago) (diff)

--

The guide describes the procedure of installation and configuration of the gridmap-file-generator tool (PLGrid only).

  • Install qcg grid-mapfile generator
    yum install qcg-gridmapfilegenerator
    
  • Configure gridmapfilegenerator - remember to change
    • url property to your local ldap replica
    • search base
    • filter expression
    • security context
      vim  /etc/qcg/qcg-gridmapfile/plggridmapfilegenerator.conf
      
  • Run the gridmapfile generator in order to generate gridmapfile now
    /usr/sbin/qcg-gridmapfilegenerator.sh 
    

After installing and running this tool one can find three files:

  • /etc/grid-security/grid-mapfile.local - here you can put list of DNs and local unix account names that will be merged with data acquired from the local LDAP server
  • /etc/grid-security/grid-mapfile.deny - here you can put list od DN's (only DNs!) that you want to deny access to the GridFTP server
  • /etc/grid-security/grid-mapfile - the final gridmap file generated using the above two files and information available in local LDAP server. Do not edit this file as it is generated automatically!

This gridmapfile generator script is run every 10 minutes. Moreover its issues su - $USERNAME -c 'true' > /dev/null for every new user that do not have yet home directory (thus triggering pam_mkhomedir if installed).