The grid-vorolemap file
Prev Section 3. VOMS and gPlazma Next
dCache Workshop > VOMS and gPlazma > The grid-vorolemap file

The grid-vorolemap file

The grid-vorolemap file describes how to map VOMS FQAN and X509 identities into the identities dCache uses internally. The first half uses wild cards to map all users that have a certain FQAN to the same abstract users. 

# grid-vorolemap file was generated by dcacheVoms2Gplasma.py

This maps all members of VO dteam to abstract user dteam001
# Added role /dteam
"*" "/dteam" dteam001

This maps all members of VO dteam with a Role of production to abstract user prddtm01
# Added role /dteam/Role=production
"*" "/dteam/Role=production" prddtm01

This maps all members of VO dteam with a Role of lcgadmin to abstract user sgmdtm01
# Added role /dteam/Role=lcgadmin
"*" "/dteam/Role=lcgadmin" sgmdtm01

The second section of file may map individual user DNs directly to abstract users. This is only needed to support users authenticating without include VO membership information in their proxy-ceritificate. This may happen when the proxy certificate was generated using the (depricate) grid-proxy-init command or when voms-proxy-init is used without the -voms option.

The following lists some sample entries taken from the dteam VO. The users are all mapped to the single abstract user dteam001. 

"/O=dutchgrid/O=users/O=sara/CN=Maarten Hendrik van Ingen" dteam001
"/O=GermanGrid/OU=DESY/CN=Owen Synge" dteam001
"/DC=es/DC=irisgrid/O=cesga/CN=tere-sanchez" dteam001
"/O=GRID-FR/C=FR/O=CNRS/OU=LPSC/CN=Christine Gondrand" dteam001
"/DC=ch/DC=cern/OU=Organic Units/OU=Users/CN=renshall/CN=425855/CN=Harry Renshall" dteam001
"/DC=es/DC=irisgrid/O=pic/CN=asainz" dteam001
Prev Up Next
The dcacheVoms2Gplasma.conf file Home The storage-authzdb file