...
- Test B2ACCESS user console: https://b2access.eudat.psnc.pl:2443/home/home
- Test B2STAGE/iRODS site: eptest.eudat.psnc.pl
Demonstrator workflow
| 1. | Group "PRACE" is empty on B2ACCESS and there is no user like "Michal Jankowski" in B2ACCESS |
|
| 2. | User "/C=PL/O=GRID/O=PSNC/CN=Michal Jankowski" cannot access EUDAT resource at gsiftp://eptest.eudat.psnc.pl |  |
| 3. | There is no local user account mapped to "/C=PL/O=GRID/O=PSNC/CN=Michal Jankowski" on eptest.eudat.psnc.pl. |  |
| 4. | Users with attribute deisaUserProfile set to “EUDAT” are selected from PRACE LDAP. The same selection is done by prace_eudat_users_sync.py script, that synchronizes PRACE LDAP and B2ACCESS. Normally the script is called periodically (e.g. hourly), but for the demo it may be run manually by the admin. |  |
| 5. | After the script run, the user "/C=PL/O=GRID/O=PSNC/CN=Michal Jankowski" appear in B2ACCESS and group "PRACE" contains PRACE users. |  |
| 6. | User "/C=PL/O=GRID/O=PSNC/CN=Michal Jankowski" can access EUDAT resource at gsiftp://eptest.eudat.psnc.pl |  |
| 7. | Local user account provisioning and grid mapping are done automatically on user login. |  |
| 8. | Attribute deisaUserProfile with value “EUDAT” is removed from user "Michal Jankowski" in PRACE LDAP. |  |
| 9. | As the result of prace_eudat_users_sync.py script run the user is removed from PRACE group in B2ACCESS (but not completely from the service). |
|
| 10. | User "/C=PL/O=GRID/O=PSNC/CN=Michal Jankowski" cannot access EUDAT resource at gsiftp://eptest.eudat.psnc.pl |  |
| 11. | The local account still exists, but the user is removed from the grid mapping. |  |
Resources
...
- Being evaluated by EUDAT
- Group synchronisation will be added
B2ACCESS -> B2STAGE ”old” mechanism:
- Ready for evaluation
B2ACCESS -> B2STAGE ”new” mechanism:
- Proof of concept