A Brief Note on grid-mapfile

This file defines a set of authorized grid users by mapping grid subject names (Distinguished Names) to local user account names on the system. This mapping may be one-to-one or many-to-one, but cannot be many-to-many. It is the system administrator’s responsibility to generate the grid-mapfile in the /etc/grid-security directory, and to verify that the Distinguished Names (DNs) in the file are owned by and match the local user names. The grid-mapfile is a plain text file, containing quoted DNs (credential names that are the subjects of X.509 certificates) and unquoted local user names, both separated by white space. To find out your certificate's subject name, do grid-cert-info -subject. The default location of the grid-mapfile is in /etc/grid-security. The GRIDMAP environment variable should point to this location or wherever the file resides. The GIIS back end checks the grid-mapfile only when anonymousbind is set to no (i.e.,security is enabled) in the grid-info-slapd.conf file. The following is an example of grid-mapfile: "/O=Grid/O=APBioGrid/CN=Ong Guan Sin" globusx "/O=Grid/O=APBioGrid/CN=Wang Jun" wangjun "/O=Grid/O=APBioGrid/CN=Globus" globus In this example, all processes/jobs submitted by the authenticated user with subject name of "/O=Grid/O=APBioGrid/CN=Ong Guan Sin" will be run as local user called globusx. As a grid user, if you want to access certain resources in the grid, you would send in a request to the resource owner (i.e. the system administrator) to add your certificate subject name into the grid-mapfile.