TWiki> CLIC Web>Detector>CLICSoftwareComputing>Software>DiracUsage>DiracForAdmins>RegisteringNewUsersToDirac (2015-06-03, MarkoPetric) EditAttachPDF
When someone wants to use ILCDIRAC, they should have sent a mail to ilcdirac-register@cernNOSPAMPLEASE.ch with full name, Institution, experiment.

First thing: put a ticket on JIRA about new registration (title should include user's name, and assign it to you.)

With the info in the mail, one needs to make sure they are registered in the ILC VO members.

  1. ) dirac-proxy-init
  2. ) dirac-ilc-list-users -u family_name
If the family name does not return anything, try without option, and it will list ALL the users.

This script will show the user specific info /DC=ch/DC=cern/OU=Organic Units/OU=Users/CN=sposs/CN=641989/CN=Stephane Guillaume Poss, /DC=ch/DC=cern/CN=CERN Trusted Certification Authority, stephane.guillaume.poss@cernNOSPAMPLEASE.ch The first part is the DN, then the second is the CN, and finally the mail. The 3 are needed for a proper DIRAC registration.

One last bit is essential: a username. It can be useful to check if the user has an account at CERN (phonebook) and use that as a user name. If not, I usually take the first letter of the first name, and the full last name (a bit like CERN does).

There are 2 possibilities to register a user once this is obtained:

  1. ) using the web portal: Manage Remote Configuration, in the section /DIRAC/Registry/Users, you need to add a section 'username' in which you will add the options DN, CN, Email having the values previously obtained. Then you will add the 'username' to the relevant group in /DIRAC/Registry/Groups. The base groups are ilc_user and private_proxy (although I'm not sure that one is still needed). And then Commit configuration and you are done
  2. ) run (with a diracAdmin proxy) dirac-admin-add-user -N username -D "DN" -M Email -G ilc_user. This one will not set the CN (not needed for the moment, maybe in the future) and will add the user to the ilc_user group (should be enough)
  3. ) run (with a diracAdmin proxy) dirac-ilc-add-user -U username -D "DN" -C "CN" -E Email -G ilc_user,private_pilot -o /Security/egroupAdmin=a -o /Security/egroupPass=a as this will do the same as 2), but will also add the user to the FC, and create the directories and register the Owner metadata tag (execute under dirac-proxy-init -g diracAdmin). Note the quotation marks around the DN and CN, as they can contain spaces and "=", which can be specially interpreted by the shell

If you used 1) or 2), you need to also add the user to the File Catalog. Run dirac-dms-filecatalog-cli 

user add username
cd /ilc/user/
Check if the initial already exists, if not create it first 
mkdir <initial>
cd <initial>
mkdir <username>
cd <username>
meta set . Owner <username>
cd ..
chgrp ilc_user <username>
chown <username> <username>

Add the new user to the ilc-dirac@cernNOSPAMPLEASE.ch egroup. Use external email if needed.

Then you can send a mail to the new registered user, and close the issue.

Edit | Attach | Watch | Print version | History: r6 < r5 < r4 < r3 < r2 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r6 - 2015-06-03 - MarkoPetric
 
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    CLIC All webs login

This site is powered by the TWiki collaboration platform Powered by PerlCopyright &© 2008-2020 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback