Version 10 (modified by 10 years ago) ( diff ) | ,
---|
Table of Contents
- Instrumentation Aggregate Manager
- set: Set a single attenuator value
- get: Get a single attenuation value
- default: Set all attenuators to default values
- status: Get all attenuator values
- list: List all stored configurations
- load: Load named configuration
- save: Save current attenuator settings
- delete: Delete named configuration
- show: Show named configuration
- selDevice: Select device connected to the matrix port
- OEDL Support
- Instrumentation Aggregate Manager
- Delegated Account Management
- deleteGroup - Delete delegated group
- getGroupsAndUsers - Get all delegated users and groups
- changeGroupAdmin - Change the leader of the group
- addUserForm - Show the form for uploading the new user LDIF
- saveForm - process the new user LDIF
- deleteUser - Delete user
- moveUser - Change users primary group
- addUserToGroup - Add user to the secondary group/project
- deleteGroupUser - Delete user from the secondary group/project
- Error Messages
- GENI Extension Schema for LDAP
- Delegated Account Management
Delegated Account Management
This AM group is enabling remote account management. Users can belong to multiple groups
deleteGroup - Delete delegated group
<service name="deleteGroup"> <info>Delete group/project created by external account manager</info> <args> <arg isRequired="true" name="groupname" value="groupname"> <info>Group/project name to delete</info> </arg> <arg isRequired="false" name="baseDN" value="[baseDN]"> <info>baseDN</info> </arg> </args> </service>
getGroupsAndUsers - Get all delegated users and groups
<service name="getGroupsAndUsers"> <info>Show inventory of delegated users and groups/projects</info> <args> <arg isRequired="false" name="baseDN" value="[baseDN]"> <info>baseDN</info> </arg> </args> </service>
changeGroupAdmin - Change the leader of the group
<service name="changeGroupAdmin"> <info>Change the administrator of the group/project</info> <args> <arg isRequired="true" name="username" value="username"> <info>User name of the new admin</info> </arg> <arg isRequired="true" name="groupname" value="groupname"> <info>Group/project name</info> </arg> <arg isRequired="false" name="baseDN" value="[baseDN]"> <info>baseDN</info> </arg> </args> </service>
addUserForm - Show the form for uploading the new user LDIF
<service name="addUserForm"> <info>Show browser form to upload new user's LDIF</info> </service>
saveForm - process the new user LDIF
<service name="saveUser"> <info>Parse uploaded LDIF and create user account</info> </service>
deleteUser - Delete user
<service name="deleteUser"> <info>Delete user created by external source</info> <args> <arg isRequired="true" name="username" value="username"> <info>User name to delete</info> </arg> <arg isRequired="false" name="baseDN" value="[baseDN]"> <info>baseDN</info> </arg> </args> </service>
moveUser - Change users primary group
<service name="moveUser"> <info>Change user's project</info> <args> <arg isRequired="true" name="username" value="username"> <info>User name</info> </arg> <arg isRequired="true" name="groupname" value="groupname"> <info>User's new primary group/project name</info> </arg> <arg isRequired="false" name="baseDN" value="[baseDN]"> <info>baseDN</info> </arg> </args> </service>
addUserToGroup - Add user to the secondary group/project
<service name="addUserToGroup"> <info>Add user to new secondary group/project</info> <args> <arg isRequired="true" name="username" value="username"> <info>User name</info> </arg> <arg isRequired="true" name="groupname" value="groupname"> <info>Group/project name</info> </arg> <arg isRequired="false" name="baseDN" value="[baseDN]"> <info>baseDN</info> </arg> </args> </service>
deleteGroupUser - Delete user from the secondary group/project
<service name="deleteUserFromGroup"> <info>Delete user from the group/project</info> <args> <arg isRequired="true" name="username" value="username"> <info>User name</info> </arg> <arg isRequired="true" name="groupname" value="groupname"> <info>Group/project name</info> </arg> <arg isRequired="false" name="baseDN" value="[baseDN]"> <info>baseDN</info> </arg> </args> </service>
Error Messages
Generic errors
- ERROR 1: UID and OU and DC match
- ERROR 2: UID and DC match but OU is different
- ERROR 3: UID matches but DC and OU are different
- ERROR 4: UID and OU match but DC is different
- ERROR 5: Uknonw user DN:
- ERROR 6: Cannot delete user: User is a admin for a group
- ERROR 7: Unknown group DN:
- ERROR 8: Group/project not deleted because it contains admin(s):
- ERROR 9: Cannot move users: different DCs
- ERROR 10: Missing OU LDIF entry
- ERROR 11: Missing group name attribute in OU entry
- ERROR 12: Missing objectClass attribute (organizationalUnit/organizationalRole/organizationalUnit) for:
- ERROR 17: Missing PI entry
Group manipulation errors
- ERROR 20: Group exists
- ERROR 21: Missing PI mail:
- ERROR 22: Missing PI ssh public key:
User manipulation errors
- ERROR 30: Missing username (UID)
- ERROR 31: Organization does not exist for this user. Missing organization LDIF entry
- ERROR 32: Missing user's email address
- ERROR 33: Missing user's ssh public key:
GENI Extension Schema for LDAP
In order to automate delegated account creation/deletion, the AM uses following LDAP schema extension (in this example stored in file: geni.schema):
# octetString SYNTAX attributetype ( 1.3.6.1.4.1.4203.666.1.90 NAME 'remoteDN' DESC 'MANDATORY: baseDN from remote' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) attributetype ( 1.3.6.1.4.1.4203.666.1.91 NAME 'listOfChildren' DESC 'MANDATORY: List of children with this account cloned' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) # printableString SYNTAX yes|no objectclass ( 1.3.6.1.4.1.4203.666.1.100 NAME 'geniAttributes' SUP top AUXILIARY DESC 'MANDATORY: GENI related attributes' MAY ( remoteDN $ listOfChildren ) )
In order for it to be loaded at start-up, this schema needs to be placed in server schema directory (for the latest version of slapd in /etc/ldap/schema) and the following line has to be added to the LDAP configuration file (typically in /etc/ldap/slapd.conf):
include /etc/ldap/schema/geni.schema
Note:
See TracWiki
for help on using the wiki.