I am also using LCMAPs on a few of my machines for Xrootd TPCs. Is there a way to separate out a minimum set of RPMs needed to use xrootd-lcmaps, Note the VOMS based mapping is also need.

one way to hide the complexity of all these RPMs is to build a container and provide it as an appliance. The dilemma is that Kebernetes only work with Docker. Singularity is nicer but doesn’t work with Kebernetes.

--
Wei Yang | [log in to unmask]<mailto:[log in to unmask]> | 650-926-3338 (O)

From: Brian Bockelman <[log in to unmask]>
Reply-To: xrootd/xrootd <[log in to unmask]>
Date: Wednesday, May 23, 2018 at 9:08 AM
To: xrootd/xrootd <[log in to unmask]>
Cc: Subscribed <[log in to unmask]>
Subject: Re: [xrootd/xrootd] acc.authdb does not support DNs with whitespace (#712)

Hi @olifre<https://github.com/olifre> -

What do you use locally for site-level authorization?

Locally, we authorize first through LCMAPS (using the XrdLcmaps plugin - see https://github.com/opensciencegrid/xrootd-lcmaps), mapping things to a username and set of groups. Another approach is to simply map based on VOMS attributes (which goes to g) instead of hardcoding DNs.

Once it's a unix username instead of a DN, it's a bit simpler to manipulate the authdb.

Brian

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub<https://github.com/xrootd/xrootd/issues/712#issuecomment-391404625>, or mute the thread<https://github.com/notifications/unsubscribe-auth/AE9TAxRbb7kI3dttqDKp9E6RVtbvUF4Kks5t1YmGgaJpZM4UKuOJ>.

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

{"@context":"http://schema.org","@type":"EmailMessage","potentialAction":{"@type":"ViewAction","target":"https://github.com/xrootd/xrootd/issues/712#issuecomment-391412524","url":"https://github.com/xrootd/xrootd/issues/712#issuecomment-391412524","name":"View Issue"},"description":"View this Issue on GitHub","publisher":{"@type":"Organization","name":"GitHub","url":"https://github.com"}} {"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/xrootd/xrootd","title":"xrootd/xrootd","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/xrootd/xrootd"}},"updates":{"snippets":[{"icon":"PERSON","message":"@wyang007 in #712: I am also using LCMAPs on a few of my machines for Xrootd TPCs. Is there a way to separate out a minimum set of RPMs needed to use xrootd-lcmaps, Note the VOMS based mapping is also need.\r\n\r\none way to hide the complexity of all these RPMs is to build a container and provide it as an appliance. The dilemma is that Kebernetes only work with Docker. Singularity is nicer but doesn’t work with Kebernetes.\r\n\r\n--\r\nWei Yang | [log in to unmask]\u003cmailto:[log in to unmask]\u003e | 650-926-3338 (O)\r\n\r\n\r\nFrom: Brian Bockelman \[log in to unmask]\u003e\r\nReply-To: xrootd/xrootd \[log in to unmask]\u003e\r\nDate: Wednesday, May 23, 2018 at 9:08 AM\r\nTo: xrootd/xrootd \[log in to unmask]\u003e\r\nCc: Subscribed \[log in to unmask]\u003e\r\nSubject: Re: [xrootd/xrootd] acc.authdb does not support DNs with whitespace (#712)\r\n\r\n\r\nHi @olifre\u003chttps://github.com/olifre\u003e -\r\n\r\nWhat do you use locally for site-level authorization?\r\n\r\nLocally, we authorize first through LCMAPS (using the XrdLcmaps plugin - see https://github.com/opensciencegrid/xrootd-lcmaps), mapping things to a username and set of groups. Another approach is to simply map based on VOMS attributes (which goes to g) instead of hardcoding DNs.\r\n\r\nOnce it's a unix username instead of a DN, it's a bit simpler to manipulate the authdb.\r\n\r\nBrian\r\n\r\n—\r\nYou are receiving this because you are subscribed to this thread.\r\nReply to this email directly, view it on GitHub\u003chttps://github.com/xrootd/xrootd/issues/712#issuecomment-391404625\u003e, or mute the thread\u003chttps://github.com/notifications/unsubscribe-auth/AE9TAxRbb7kI3dttqDKp9E6RVtbvUF4Kks5t1YmGgaJpZM4UKuOJ\u003e.\r\n"}],"action":{"name":"View Issue","url":"https://github.com/xrootd/xrootd/issues/712#issuecomment-391412524"}}} { "@type": "MessageCard", "@context": "http://schema.org/extensions", "hideOriginalBody": "false", "originator": "37567f93-e2a7-4e2a-ad37-a9160fc62647", "title": "Re: [xrootd/xrootd] acc.authdb does not support DNs with whitespace (#712)", "sections": [ { "text": "", "activityTitle": "**Wei Yang**", "activityImage": "https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png", "activitySubtitle": "@wyang007", "facts": [ ] } ], "potentialAction": [ { "name": "Add a comment", "@type": "ActionCard", "inputs": [ { "isMultiLine": true, "@type": "TextInput", "id": "IssueComment", "isRequired": false } ], "actions": [ { "name": "Comment", "@type": "HttpPOST", "target": "https://api.github.com", "body": "{\n\"commandName\": \"IssueComment\",\n\"repositoryFullName\": \"xrootd/xrootd\",\n\"issueId\": 712,\n\"IssueComment\": \"{{IssueComment.value}}\"\n}" } ] }, { "name": "Close issue", "@type": "HttpPOST", "target": "https://api.github.com", "body": "{\n\"commandName\": \"IssueClose\",\n\"repositoryFullName\": \"xrootd/xrootd\",\n\"issueId\": 712\n}" }, { "targets": [ { "os": "default", "uri": "https://github.com/xrootd/xrootd/issues/712#issuecomment-391412524" } ], "@type": "OpenUri", "name": "View on GitHub" }, { "name": "Unsubscribe", "@type": "HttpPOST", "target": "https://api.github.com", "body": "{\n\"commandName\": \"MuteNotification\",\n\"threadId\": 338355081\n}" } ], "themeColor": "26292E" }

Use REPLY-ALL to reply to list

To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1