How to generate the grid-map file from VOMS

DRAFT
Last Update: 2004-08-31

Preamble:

All Computing Elements (CEs) will need to become accepted clients of the VOMS server in order to run the edg-mkgridmap script from RPM location http://datagrid.in2p3.fr/distribution/autobuild/i386-rh7.3/wp6/RPMS/ and generate the grid-map file from VOMS.
The following procedure explains how these CEs (called remote_hosts further on in this document) become eligible to access the VOMS server and list the contents of the VOs defined there.

Procedure:

A good way to grant access to the compatibility interface for a remote_host is to change the ACL of the VO group (named /atlas, /dteam etc.). This can be done:

  1. Via the HTML VOMS administration interface.
    In the case of the CERN VOMS test server tbed0152.cern.ch the URL is:
    2. https://tbed0152.cern.ch:8443/edg-voms-admin/dteam/webui/Admin/groups/editacl?groupname=%2Fdteam

    Allow:allow
    Operation: list
    Admin DN, Admin CA: the remote_host 'DN & CA

  2. Alternatively, login as root on the VOMS server (tbed0152.cern.ch in the CERN case) and use the command line Perl client:

    edg-voms-admin --url=http://localhost:8080/edg-voms-admin/dteam add-acl-entry /dteam allow list .remote_host .pem

Another way to do it:

Create on the VOMS server side the Role=VO-List in the VO group. Add the client remote_host as a user and a member of this Role. Document http://beta.wsl.sinica.edu.tw/~ccchang/lcg/security/voms/edg-mkgridmap.html explains the steps in detail. The draw-back of this method is that the remote_host has to be registered as a VO member together with the actual users.

PENDING ACTIONS FOR MARIA:
I need to enter voms-httpd as alternative procedure here
http://grid-it.cnaf.infn.it/fileadmin/sysadm/voms-integration/voms-integration.html#SECTION00032000000000000000

Write about the exact lines needed in edg-mkdgridmap.conf for LHC exp. 
VOs.

Correct typos.

Maria Dimou with advice from Karoly Lorentey, IT/GD Grid Infrastructure Services.