RALPP Work List ldap Accounts

From GridPP Wiki
Jump to: navigation, search

It's getting rather cumbersome to manage the thousands of pool accounts and local groups needed by LCG with local files on each node and it's only going to get worse as VOMS roles mean that changes will be more frequent. We would like to have a single place where all the grid accounts can be created and then picked up by all the nodes.

After considering NIS and ldap for this we have decided to test LDAP.

Next Steps

  1. Install ldap server on heplns10
  2. Upload current set of pool accounts/groups
  3. Point some of the new nodes under test to use the ldap server

Things to look at/think about

  • Failover - can you have something like the NIS Master/Slaves setup
  • Can we setup different classes of account and/or restrict logins to certain groups
  • Do we want to shift the local PPD users into this and use it on the UIs as well?

Chris brew 14:06, 4 Jul 2006 (BST)

Retrieved from "https://www.gridpp.ac.uk/w/index.php?title=RALPP_Work_List_ldap_Accounts&oldid=1497"