wiki:Software/eAM/oFedAcc

Version 11 (modified by seskar, 10 years ago) ( diff )

Table of Contents

    1. Inventory Aggregate Manager
      1. Resources and Relationships
      2. Inventory Service Group
      3. Usage Examples
      4. Installation and Configuration
      1. Inventory Gathering
      1. Domain management
    1. Chassis Manager Controller
      1. Description
      2. Usage
      3. Installation and Configuration
    1. Frisbee Aggregate Manager
      1. Usage
      2. Notes
      3. Installation and Configuration
    1. PXE Aggregate Manager
      1. Usage Example
      2. Notes
      3. Installation and Configuration
    1. Save Image Aggregate Manager
      1. Usage
      2. Installation and Configuration
    1. Accounting and Scheduling
      1. Accounting Common
      2. Control Panel
    1. Account Management Aggregate Manager
      1. Installation and Configuration
    1. Scheduler Aggregate Manager
      1. Installation and Configuration
    1. Auto-Approver Aggregate Manager
      1. Installation and Configuration
    1. Result Aggregate Manager
      1. Notes
      2. Installation and Configuration
    1. Status Aggregate Manager
      1. Usage
      2. Notes
      3. Installation and Configuration
    1. Instrumentation Aggregate Manager
      1. set: Set a single attenuator value
      2. get: Get a single attenuation value
      3. default: Set all attenuators to default values
      4. status: Get all attenuator values
      5. list: List all stored configurations
      6. load: Load named configuration
      7. save: Save current attenuator settings
      8. delete: Delete named configuration
      9. show: Show named configuration
      10. selDevice: Select device connected to the matrix port
      11. OEDL Support
      1. Ready-made Topologies
    1. Interference Aggregate Manager
      1. Interference
      2. Usage Example
    1. Delegated Account Management
      1. deleteGroup - Delete delegated group
      2. getGroupsAndUsers - Get all delegated users and groups
      3. changeGroupAdmin - Change the leader of the group
      4. addUserForm - Show the form for uploading the new user LDIF
      5. saveForm - process the new user LDIF
      6. deleteUser - Delete user
      7. moveUser - Change users primary group
      8. addUserToGroup - Add user to the secondary group/project
      9. deleteGroupUser - Delete user from the secondary group/project
      10. Error Messages
      11. GENI Extension Schema for LDAP
    1. Network Aggregate Manager
      1. Pronto 3240 Management
      2. Pronto 3290 Management
    1. Directional Antenna Management

Delegated Account Management

This AM group is enabling remote account management. Users can belong to multiple groups

deleteGroup - Delete delegated group

<service name="deleteGroup">
  <info>Delete group/project created by external account manager</info>
  <args>
    <arg isRequired="true" name="groupname" value="groupname">
      <info>Group/project name to delete</info>
    </arg>
     <arg isRequired="false" name="baseDN" value="[baseDN]">
      <info>baseDN</info>
    </arg>
 </args>
</service>

getGroupsAndUsers - Get all delegated users and groups

<service name="getGroupsAndUsers">
  <info>Show inventory of delegated users and groups/projects</info>
  <args>
    <arg isRequired="false" name="baseDN" value="[baseDN]">
      <info>baseDN</info>
    </arg>
  </args>
</service>

changeGroupAdmin - Change the leader of the group

<service name="changeGroupAdmin">
  <info>Change the administrator of the group/project</info>
  <args>
     <arg isRequired="true" name="username" value="username">
       <info>User name of the new admin</info>
     </arg>
     <arg isRequired="true" name="groupname" value="groupname">
       <info>Group/project name</info>
     </arg>
    <arg isRequired="false" name="baseDN" value="[baseDN]">
      <info>baseDN</info>
    </arg>
  </args>
</service>

addUserForm - Show the form for uploading the new user LDIF

<service name="addUserForm">
  <info>Show browser form to upload new user's LDIF</info>
</service>

saveForm - process the new user LDIF

<service name="saveUser">
  <info>Parse uploaded LDIF and create user account</info>
</service>

deleteUser - Delete user

<service name="deleteUser">
  <info>Delete user created by external source</info>
  <args>
    <arg isRequired="true" name="username" value="username">
      <info>User name to delete</info>
    </arg>
    <arg isRequired="false" name="baseDN" value="[baseDN]">
      <info>baseDN</info>
    </arg>
  </args>
</service>

moveUser - Change users primary group

<service name="moveUser">
  <info>Change user's project</info>
  <args>
    <arg isRequired="true" name="username" value="username">
      <info>User name</info>
    </arg>
    <arg isRequired="true" name="groupname" value="groupname">
      <info>User's new primary group/project name</info>
    </arg>
    <arg isRequired="false" name="baseDN" value="[baseDN]">
      <info>baseDN</info>
    </arg>
  </args>
</service>

addUserToGroup - Add user to the secondary group/project

<service name="addUserToGroup">
  <info>Add user to new secondary group/project</info>
  <args>
    <arg isRequired="true" name="username" value="username">
      <info>User name</info>
    </arg>
    <arg isRequired="true" name="groupname" value="groupname">
      <info>Group/project name</info>
    </arg>
    <arg isRequired="false" name="baseDN" value="[baseDN]">
      <info>baseDN</info>
    </arg>
  </args>
</service>

deleteGroupUser - Delete user from the secondary group/project

<service name="deleteUserFromGroup">
  <info>Delete user from the group/project</info>
  <args>
    <arg isRequired="true" name="username" value="username">
      <info>User name</info>
    </arg>
    <arg isRequired="true" name="groupname" value="groupname">
      <info>Group/project name</info>
    </arg>
    <arg isRequired="false" name="baseDN" value="[baseDN]">
      <info>baseDN</info>
    </arg>
  </args>
</service>

Error Messages

Generic errors

  1. ERROR 1: UID and OU and DC match
  2. ERROR 2: UID and DC match but OU is different
  3. ERROR 3: UID matches but DC and OU are different
  4. ERROR 4: UID and OU match but DC is different
  5. ERROR 5: Uknonw user DN:
  6. ERROR 6: Cannot delete user: User is a admin for a group
  7. ERROR 7: Unknown group DN:
  8. ERROR 8: Group/project not deleted because it contains admin(s):
  9. ERROR 9: Cannot move users: different DCs
  10. ERROR 10: Missing OU LDIF entry
  11. ERROR 11: Missing group name attribute in OU entry
  12. ERROR 12: Missing objectClass attribute (organizationalUnit/organizationalRole/organizationalUnit) for:
  13. ERROR 17: Missing PI entry

Group manipulation errors

  1. ERROR 20: Group exists
  2. ERROR 21: Missing PI mail:
  3. ERROR 22: Missing PI ssh public key:

User manipulation errors

  1. ERROR 30: Missing username (UID)
  2. ERROR 31: Organization does not exist for this user. Missing organization LDIF entry
  3. ERROR 32: Missing user's email address
  4. ERROR 33: Missing user's ssh public key:

GENI Extension Schema for LDAP

In order to automate delegated account creation/deletion, the AM uses following LDAP schema extension (in this example stored in a file named geni.schema): 

# octetString SYNTAX
attributetype ( 1.3.6.1.4.1.4203.666.1.90 
        NAME 'remoteDN' 
	DESC 'MANDATORY: baseDN from remote' 
	EQUALITY caseIgnoreIA5Match
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )

attributetype ( 1.3.6.1.4.1.4203.666.1.91 
        NAME 'listOfChildren' 
	DESC 'MANDATORY: List of children with this account cloned' 
	EQUALITY caseIgnoreIA5Match
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )


# printableString SYNTAX yes|no
objectclass ( 1.3.6.1.4.1.4203.666.1.100 
        NAME 'geniAttributes' SUP top AUXILIARY
	DESC 'MANDATORY: GENI related attributes'
	MAY ( remoteDN $ listOfChildren ) 
	)

In order for it to be loaded at start-up, this schema needs to be placed in server schema directory (for the latest version of slapd in /etc/ldap/schema) and the following line has to be added to the LDAP configuration file (typically in /etc/ldap/slapd.conf): 

include		/etc/ldap/schema/geni.schema
Note: See TracWiki for help on using the wiki.