Ticket #269 (new feature)
Opened 11 years ago
Feature: wildcard in the vorolemap file
| Reported by: | irinak | Owned by: | timur |
|---|---|---|---|
| Priority: | major | Milestone: | |
| Component: | core | Keywords: | |
| Cc: | Sub Version: |
Description
Ticket #4671: http://www.dcache.org/rt/index.html?q=4671
There is no possibility to have a wildcard in the VO section of the grid-vorolemap file and this introduces problem when you want to enable and support VO. You need to enable for all subgroups, so the typical entries are:
"*" "/dteam/Role=lcgadmin" dteamsgm000
"*" "/dteam/Role=production" dteamprd000
"*" "/dteam" dteamusr000
so for cms it's ~20 lines. And to be on safe side you need to check
voms server of the vo regularly that there are no new subgroups or when
you want to ban specific user (to do it you need to list all
vo/subgroups with this DN).
If you don't know to which VO user belongs and your sites supports many VOs, than the list to ban one user will be long.
So the request is to have such possibility: wildcard in the vorolemap file.
