1EDG-MKGRIDMAP.CONF(5)                                    EDG-MKGRIDMAP.CONF(5)
2
3
4

NAME

6       edg-mkgridmap.conf - edg-mkgridmap configuration file
7

DESCRIPTION

9       edg-mkgridmap.conf file contains configuration informations for edg-
10       mkgridmap.
11
12       The default location is /etc/edg-mkgridmap.conf.
13
14       The edg-mkgridmap.conf file is a free-form ASCII text file. It is
15       parsed by the descent parser built into edg-mkgridmap. The file may
16       contain extra tabs and white spaces for formatting purposes. Keywords
17       in the file are case-insensitive. Comments may be placed anywhere
18       within the file (except within quotes). Comments begin with the # char‐
19       acter and end at the end of the line.
20
21       The file essentially consists of a list of directives composed by a
22       keyword and one or more arguments. Optional arguments are put in square
23       brackets.
24
25       * group URI [lcluser]
26       * default_lcluser default_lcluser
27       * auth URI
28       * allowdeny pattern_to_match
29       * gmf_local grid-mapfile-local
30

EXAMPLE

32         #### GROUP: group URI [lcluser]
33         group ldaps://grid-vo.infn.it/ou=testbed1,o=infn,c=it .infngrid
34         group ldaps://grid-vo.infn.it/ou=testbed2,o=infn,c=it
35         group ldaps://grid-vo.infn.it/ou=testbed3,o=infn,c=it AUTO
36         group https://grid-vo.infn.it/infngrid/testbed1 .infngrid
37         group https://grid-vo.infn.it/infngrid/testbed2
38         group https://grid-vo.infn.it/infngrid/testbed3 AUTO
39         group vomss://voms.hellasgrid.gr:8443/voms/dteam?/dteam/Role=lcgadmin dteamsgm
40         group vomss://voms.hellasgrid.gr:8443/voms/dteam?/dteam .dteam
41
42         #### DEFAULT_LCLUSER: default_lcluser lcluser
43         default_lcluser .infngrid
44
45         #### AUTH: auth URI
46         auth ldaps://grid-auth.infn.it/ou=People,o=infn,c=it
47
48         #### ALLOW and DENY: deny⎪allow pattern_to_match
49         deny *L=Parma*
50         allow *INFN*
51
52         #### GMF_LOCAL: gmf_local grid-mapfile-local
53         gmf_local /etc/grid-mapfile-local1
54         gmf_local /etc/grid-mapfile-local2
55         gmf_local /etc/grid-mapfile-local3
56

REFERENCE: GROUP

58       The group directive
59
60       group URI [lcluser]
61
62       A group directive defines a group of people which are members of a VO.
63       lcluser, if specified, is the local user name associated to each member
64       of the group. If lcluser is not specified, the default local user is
65       implicitly used. If someone belongs to more than one group, the first
66       match is used.
67
68       The URI may be of these types:
69
70       ldap[s]://<host>[:<port>]/<group>[??<scope>?<filter>]
71
72       http[s]://<host>[:<port>]/<group>
73
74       voms[s]://<host>[:<port>]/edg-voms-admin/<vo>[?<group>[/Role=<role>]]
75
76       For ldap URI the default scope is base and the default filter is
77       (objectClass=*).
78
79       For voms/vomss URI the default port is the same of http/https URI.
80
81       Specify AUTO as lcluser or default_lcluser for automatic generation of
82       local usernames. In this case the executable local-subject2user is
83       used. local-subject2user is called with the user certificate subject as
84       argument and writes to the standard output the local username associ‐
85       ated with the user certificate subject. This allows local sites to cus‐
86       tomize the output of edg-mkgridmap.
87
88       Specify . or .[PREFIX] (eg .cms) as lcluser or default_lcluser to
89       enable dynamic allocation of local usernames (Andrew McNab's gridmapdir
90       patch).
91

REFERENCE: DEFAULT_LCLUSER

93       The default_lcluser directive
94
95       default_lcluser default_lcluser
96
97       The default_lcluser directive defines the default local user.
98

REFERENCE: AUTH

100       The auth directive
101
102       auth URI
103
104       The auth directive specifies a group of people which are authorized to
105       access to the local resources. If the certificate subject of a member
106       of a ldap/ldaps group is not present in this authorized group, it will
107       not be inserted in the grid-mapfile. If auth is omitted, this feature
108       is disabled.
109
110       The URI may be of these types:
111
112       ldap[s]://<host>[:<port>]/<group>[??<scope>?<filter>]
113
114       The default scope is one and the default filter is (description=sub‐
115       ject=*).
116

REFERENCE: ALLOW and DENY

118       The allowdeny directive
119
120       allowdeny pattern_to_match
121
122       allow and deny directives define the access control list. The pattern
123       to match may contain wildcards; the test is done on the user certifi‐
124       cate subject. Parsing stops at the first match. If there is at least an
125       allow, there is an implicit deny * at the end, otherwise there is an
126       implicit allow *. Parsing is not case sensitive.
127

REFERENCE: GMF_LOCAL

129       The gmf_local directive
130
131       gmf_local grid-mapfile-local
132
133       The gmf_local directive specifies a local grid-mapfile useful to add
134       static entries in the grid-mapfile.
135

FILES

137       /etc/edg-mkgridmap.conf
138

SEE ALSO

140       edg-mkgridmap(8)
141

AUTHORS

143       EU DataGrid Authorization Working Group, EGEE Middleware Security
144       Group, Maarten Litmaath (CERN/WLCG)
145
146
147
148                                  2011-04-03             EDG-MKGRIDMAP.CONF(5)
Impressum