Follow-up Comment #1, sr #124709 (project xrootd): VO, group & role are already filled out in Entity (and then in auth monitoring record) by default ... one can switch this off with vomsat=0 option. Proxy must have this info, of course. Now, about DN ... Entity.name is set to proxy hash if gmapopt is less than 10 and to DN if it is 10 or more. Then the lcmaps plugin kicks in: it uses DN from Entity.name to lookup username in GUMS and then puts DN into Entity.moninfo and the newly obtained username into Entity.name. We could put DN into Entity.moninfo by default ... or add an option, like authzdnmon that would do this. I use gmapopt=10 at UCSD -- this means put DN into Entity.name but do not use grid-map-file. I'm somewhat unsure what happens when grid-map stuff is actually used. _______________________________________________________ Reply to this item at: <http://savannah.cern.ch/support/?124709> _______________________________________________ Message sent via/by LCG Savannah http://savannah.cern.ch/