Hi all! I would like to know if it is possible to use one DN with multiple local logins for GRAM, especially WS-GRAM.
Understood is already that a grid-mapfile can contain entries like "/O=GermanGrid/OU=Uni-Dortmund/CN=Stefan Freitag" hp0007,dt0031 so that a user can login as hp0007 or dt0031 using gsissh. But what about job submission? Unfortunately I was not able to find any useful information.... What I have done so far: My grid-mapfile in /etc/grid-security/ contains the following mapping [EMAIL PROTECTED]:/usr/local/globus/var> grep -i freitag /etc/grid-security/grid-mapfile "/O=GermanGrid/OU=Uni-Dortmund/CN=Stefan Freitag" hp0007,dt0031 So my DN is mapped to two local accounts hp0007 and dt0031 on the node udo-gt01. I expected that I can submit with globusrun-ws jobs as one or the other user by specifying the localUserId. Here are my two test jobs: 1) <job> <localUserId>dt0031</localUserId> <executable>/usr/bin/id</executable> <directory>/tmp</directory> <stdout>/tmp/stdout</stdout> <stderr>/tmp/stderr</stderr> <queue>dgiseq</queue> </job> 2) <job> <localUserId>hp0007</localUserId> <executable>/usr/bin/id</executable> <directory>/tmp</directory> <stdout>/tmp/stdout</stdout> <stderr>/tmp/stderr</stderr> <queue>dgiseq</queue> </job> The only difference between the jobs is the localUserId. Now, when I submit the jobs to Globus I get for 1) [EMAIL PROTECTED]:~/jobs/xml/id> globusrun-ws -submit -F udo-gt01 -Ft PBS -s -f id_dt0031.xml Submitting job...Done. Job ID: uuid:74a29c36-39fe-11dc-a4db-0050560bd129 Termination time: 07/25/2007 15:56 GMT Current job state: Failed Destroying job...Done. globusrun-ws: Job failed: Error code: 201 Script stderr: dt0031 is not in the grid mapfile 2) [EMAIL PROTECTED]:~/jobs/xml/id> globusrun-ws -submit -F udo-gt01 -Ft PBS -s -f id_hp0007.xml Submitting job...Done. Job ID: uuid:7a30c024-39fe-11dc-98f5-0050560bd129 Termination time: 07/25/2007 15:56 GMT Current job state: Pending Current job state: Active Current job state: CleanUp-Hold uid=25007(hp0007) gid=20005(hp) groups=20000(glite),20001(globus),20002(unicore),20005(hp) context=user_u:system_r:unconfined_t Current job state: CleanUp Current job state: Done Destroying job...Done. I was surprised about this result and inspected the ongoing things... After doing a "su" I tried the following from the local account dt0031 [EMAIL PROTECTED]:/usr/local/globus/var> /usr/local/globus/libexec/globus-gridmap-and-execute -g /etc/grid-security/grid-mapfile /bin/date dt0031 is not in the grid mapfile and then for hp0007 [EMAIL PROTECTED]:/usr/local/globus/var> /usr/local/globus/libexec/globus-gridmap-and-execute -g /etc/grid-security/grid-mapfile /bin/date Tue Jul 24 17:59:00 CEST 2007 All in all I came to the result, that there is something strange with globus-gridmap-and-execute Do you have any idea what went wrong? Best regards Stefan
