Hi Gabriel, Could you explain the "workgroups" a little further? I would think the easiest thing would be to have the OS recognize the ldap workgroups as actual unix groups using nss_ldap or nss_ldapd.
An alternative could be to write some scripts to sync the ldap workgroups with slurm's accounting database. If I recall correctly you can limit which partitions a given slurm account can access using the accounting database to achieve the same effect as the AllowGroups flag on a partition. The script could synchronize the association of slurm users and slurm accounts account with the ldap workgroup memberships. If that doesn't meet your needs, slurm is fairly easy to modify (speaking from experience) but I don't believe there's any API that would allow you to modify the behavior of AllowGroups. I could be wrong, however, so I'd wait for one of the devs to chime in :) I hope that helps! Sent from my iPhone On Nov 9, 2011, at 9:12 PM, David Gabriel Simas <[email protected]> wrote: > > Hello, > > From reading slurm.conf(5), it seems that SLURM controls access to partitions > via Unix groups, with the "AllowGroups" configuration directive. Around here, > we have a locally-developed access control mechanism using LDAP "workgroups" > and PAM. (I don't know if "workgroup" is a standard LDAP schema, or our own > invention - I suspect the latter.) Would SLURM's plugin API allow > modification of its access control mechanism to allow the use of out LDAP > workgroups? > > David Gabriel Simas > Stanford University
