I am also using LCMAPs on a few of my machines for Xrootd TPCs. Is there a way to separate out a minimum set of RPMs needed to use xrootd-lcmaps, Note the VOMS based mapping is also need. one way to hide the complexity of all these RPMs is to build a container and provide it as an appliance. The dilemma is that Kebernetes only work with Docker. Singularity is nicer but doesn’t work with Kebernetes. -- Wei Yang | [log in to unmask]<mailto:[log in to unmask]> | 650-926-3338 (O) From: Brian Bockelman <[log in to unmask]> Reply-To: xrootd/xrootd <[log in to unmask]> Date: Wednesday, May 23, 2018 at 9:08 AM To: xrootd/xrootd <[log in to unmask]> Cc: Subscribed <[log in to unmask]> Subject: Re: [xrootd/xrootd] acc.authdb does not support DNs with whitespace (#712) Hi @olifre<https://github.com/olifre> - What do you use locally for site-level authorization? Locally, we authorize first through LCMAPS (using the XrdLcmaps plugin - see https://github.com/opensciencegrid/xrootd-lcmaps), mapping things to a username and set of groups. Another approach is to simply map based on VOMS attributes (which goes to g) instead of hardcoding DNs. Once it's a unix username instead of a DN, it's a bit simpler to manipulate the authdb. Brian — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub<https://github.com/xrootd/xrootd/issues/712#issuecomment-391404625>, or mute the thread<https://github.com/notifications/unsubscribe-auth/AE9TAxRbb7kI3dttqDKp9E6RVtbvUF4Kks5t1YmGgaJpZM4UKuOJ>. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/xrootd/xrootd/issues/712#issuecomment-391412524 ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-DEV list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1