script:/usr/local/sbin/gridmap-lcmaps.pl
From Dgiref
#!/usr/bin/perl -w # This script create hard links in gridmapdir (/etc/grid-security/gridmapdir). # It allows to map user to several accounts based on the VO-name in his voms-certificate # hard link has format: URL-encoded DN + : (as separator) + Unix Group ID # %2fo%3dgermangrid%2fou%3dfzk%2fcn%3ddimitri%20nilsen:dgtest # # Use function getDependAccount (edit on line 70. Uncomment line 150) # if using differen accounts names for d-grid pools # # If you don't want to run script, to get dgrid-map-file from Juelich # Und just use static file, comment the lines: 21, 114, 198 ######################### ### Global ### use Getopt::Long; $gridmap_file_jul="/etc/grid-security/dgrid-mapfile"; $gridmap_exec_jul="/usr/local/sbin/dgridmap"; $path="/etc/grid-security/gridmapdir"; # without slash on the end of path!! my @acarr; ######################### ### functions() ### # logging output sub logging { $msg=$_[0]; print $msg; } # system/bash commands sub mysystem { $cmd=$_[0]; system $cmd; #logging $cmd; if ( $? == -1) { die ("Couldn't run '$cmd'"); } } # URL encoding sub URLEncode { my $theURL = $_[0]; $theURL =~ s/([\W])/"%" . uc(sprintf("%2.2x",ord($1)))/eg; return $theURL; } sub getAcc { # required global @acarr my $acstr=$_[0]; $acstr =~ s/\ *//; if(index($acstr, ",") != -1){ my $nstr=substr($acstr, index($acstr, ",") + 1); #print substr($acstr, 0, index($acstr, ","))."\n"; getAcc($nstr); my $ac=substr($acstr, 0, index($acstr, ",")); push(@acarr, $ac); } else { push(@acarr,$acstr); } } # This function convert dgrid accounts in ohter accounts on your host # If the names are different. Example 'dgmd0*' in 'medi*' # make sure your search string in if-statement is unique. sub getDependAccount { my $input = $_[0]; if(index($input, "md") != -1){ $input_num = substr($input, -3); $input="medi".$input_num; } elsif (index($input, "c3") != -1){ $input_num = substr($input, -3); $input="c3g".$input_num; } return $input; } # print help information sub printhelp{ print "\nUsage: create fix accounts-links in gridmap-dir. Links are URL-encoded DNs\n\n"; } ######################### ### MAIN ### my $now = localtime time; logging("START: $now\n"); # handling arguments if ( @ARGV > 0 ) { GetOptions ( 'help|h' => \$help ); } if($help){ printhelp(); exit(0); } ## Execute Julich script mysystem("$gridmap_exec_jul -output-g=$gridmap_file_jul"); ## Open Julich-Gridmapfile, create array @julich with each line: $gm_file=$gridmap_file_jul; open(FILE, $gm_file) || die("Could not open julich-gridmap file!"); @FROWS=<FILE>; close(FILE); foreach $line(@FROWS) { push(@julich, $line); } ### foreach line_of @julich: ## ## #"/O=GermanGrid/OU=ITWM/CN=Ely de Oliveira" dgdt0034,dgkg0032 #"/O=GermanGrid/OU=TUD/CN=Ralph Mueller-Pfefferkorn" dghp0008,dgkg0010,dgmd0021 #"/O=GermanGrid/OU=TUD/CN=Samatha Kottha" dgmd0022 #"/O=GermanGrid/OU=UP/CN=Andre Luckow" dgad0042 #"/O=GermanGrid/OU=Uni-Dortmund/CN=Stefan Freitag" dgdt0031,dghp0007 my $dostatus = 0; foreach $jline(@julich){ #$jmap="dgdt0012" von Julich-gridmap chomp($vjmap = substr($jline, rindex($jline,"\" ")+2)); #parsing VOS getAcc($vjmap); # forach Account $jmap (for exm.: $jmap="dgdt003") foreach $jmap(@acarr){ # RUN THIS FUNCTION, TO USE DIFFERENT ACCOUNTS #$jmap = getDependAccount($jmap); # get $vo von user with name $jmap=dgdt0012 if(-e "$path/$jmap"){ chomp($grsting = `groups $jmap`); $vo=substr($grsting, rindex($grsting, "\:")+2); $ $vo="$vo"; } else { logging("ERROR: mapping for $jline $jmap-file not found! Nothing done.\n\n"); next; } # Create name for fix mapping $dn=%2fo%3dgermangrid%2fou%3dfzk%2fcn%3ddimitri%20nilsen:dgtest $dn=substr( $jline, 1, rindex($jline, "\"") - 1); $dn =URLEncode($dn); $dn = lc($dn); $dn .= ":".$vo; # check if maping exists( -e %2fo%3dgermangrid%2fou%3dfzk%2fcn%3ddimitri%20nilsen:dgtest) if(-e "$path/$dn"){ chomp($nodemk = `ls -i $path/$dn`); chomp($nodeac = `ls -i $path/$jmap`); $nodemk = substr($nodemk, 1); $nodeac = substr($nodeac, 1); $nodemk = substr($nodemk, 0, index($nodemk, " ")); $nodeac = substr($nodeac, 0, index($nodeac, " ")); if($nodemk ne $nodeac){ # Mapping exist, but to the wrong account -> recreat mapping logging( "RE-created:\n".$dn."::::".$jmap."\n".$nodemk."::::".$nodeac."\n\n" ); mysystem( "rm -f $path/$dn" ); mysystem( "ln $path/$jmap $path/$dn" ); $dostatus++; #just for end-logging } } else { # Create new mapping logging ("Created:\n".$dn."::::".$jmap."\n"); mysystem ("ln $path/$jmap $path/$dn"); #logging ("ln $path/$jmap $path/$dn"."\n"); $dostatus++; # just for end-logging } } @acarr=(); } # /end foreach $jline(@julich) # remove temp-file, created by julich-gridmap-scritp mysystem("rm -f $gridmap_file_jul"); $now = localtime time; if($dostatus == 0){ logging("NO lines created\n"); } else { logging("\n".$dostatus." lines created\n"); } logging("STOP: $now\n");
