Getting a user DN from a pool account (from emails on tbsupport)
Hi Simon,
Inode matching, no seriously. In /etc/grid-security/gridmapdir there are directory entries for each DN and for each pool account, the DN entry is a hard link to the pool account it is mapped to (and so vice versa).
Yours, Chris.
See the script (by Stephen Childs) described here:
http://gridirelandops.blogspot.com/2008/04/who-is-that-masked-user.html
David
We've scripted the inode matching, here it is...
- !/bin/sh
cd /etc/grid-security/gridmapdir || exit 1 ls -i %* |
while read inode fn; do find . -inum $inode | sort -r | sed -e 'sX^./XX' -e 'sX$X X' -e 'sX\%20X Xg' -e 'sX\%2dX-Xg' -e
'sX\%2eX.Xg ' -e 'sX\%2fX/Xg' -e 'sX\%3dX=X g' -e 'sX%40X@Xg' | paste - -
done | sort
-- David Ambrose-Griffith - d.e.ambrose-griffith@durham.ac.uk
Not that I don't like inodes, :) but it's also in /ver/log/messages
grep '<DN>' /var/log/messages | grep mapped |cut -f10- -d' ' | uniq
for example using my DN
grep '/C=UK/O=eScience/OU=Manchester/L=HEP/CN=alessandra forti' /var/log/messages|grep mapped |cut -f10- -d' ' | uniq mapped to atlas185 (15185/1002)
I'm atlas185. cut -f10 is arbitrary to isolate the last bit as some DN give different results. uniq is because you'll get more than one entry.
cheers alessandra
My improved one-liner version of that old "showusers" script of mine is:
find /etc/grid-security/gridmapdir -type f -links 2 -printf '%i\t%f\n' | sort -r | cut -f2 | sed -e 'sX%20X Xg' -e 'sX%2dX-Xg' -e 'sX%2eX.Xg' -e 'sX%2fX/Xg' -e 'sX%3dX=Xg' -e 'sX%40X@Xg' | paste -d: - - | sort
OK, it is a long line ;-)
Lawrie Lowe
