[torqueusers] Directory server integration
David Golden
dgolden at cp.dias.ie
Thu Dec 7 06:41:02 MST 2006
> b) With some kind of attribute, Torque understands which of these users
> are allowed to submit jobs to the cluster.
For linux (and probably solaris...):
This bit could just be done with posix group membership and acl_groups,
couldn't it? groups can be created in ldap fine (though I've always found
the standardised representation for them slightly annoying), torque just uses
system name services, if system nss+pam are pointed at ldap, it just works.
I've been running a cluster with an ldap-over-ssl user/group database for
years, including using group membership to control access.
Main downside is the potential single-point-of-failure unless your budget
springs to HA/replication (er. it may seem absurd that someone who can afford
a cluster can't afford one more node to make a HA pair for slapd, but hey..).
Also, did sometimes encounter situations where load on the ldap server became
slightly surprisingly high, but in our case not enough to cause real
problems.
More information about the torqueusers
mailing list