[torqueusers] Directory server integration

David Golden dgolden at cp.dias.ie
Thu Dec 7 06:41:02 MST 2006


> b) With some kind of attribute, Torque understands which of these users
> are allowed to submit jobs to the cluster.

For linux (and probably solaris...):

This bit could just be done with posix group membership and acl_groups, 
couldn't it?  groups can be created in ldap fine (though I've always found 
the standardised representation for them slightly annoying), torque just uses 
system name services, if system nss+pam are pointed at ldap, it just works.

I've been running a cluster with an ldap-over-ssl user/group database for 
years, including using group membership to control access.

Main downside is the potential single-point-of-failure unless your budget 
springs to HA/replication (er. it may seem absurd that someone who can afford
a cluster can't afford one more node to make a HA pair for slapd, but hey..).
Also, did sometimes encounter situations where load on the ldap server became 
slightly surprisingly high, but in our case not enough to cause real 
problems.


More information about the torqueusers mailing list