[torqueusers] Directory server integration
Prakash.Velayutham at cchmc.org
Sat Dec 9 07:53:21 MST 2006
>>> David Golden <dgolden at cp.dias.ie> 12/07/06 8:41 AM >>>
> b) With some kind of attribute, Torque understands which of these
> are allowed to submit jobs to the cluster.
For linux (and probably solaris...):
This bit could just be done with posix group membership and acl_groups,
couldn't it? groups can be created in ldap fine (though I've always
the standardised representation for them slightly annoying), torque just
system name services, if system nss+pam are pointed at ldap, it just
I've been running a cluster with an ldap-over-ssl user/group database
years, including using group membership to control access.
Main downside is the potential single-point-of-failure unless your
springs to HA/replication (er. it may seem absurd that someone who can
a cluster can't afford one more node to make a HA pair for slapd, but
Also, did sometimes encounter situations where load on the ldap server
slightly surprisingly high, but in our case not enough to cause real
Thanks for the idea. So basically make all the cluster users belong to a
different group (could be a secondary group) and enable group acl in
qmgr. Thanks again.
More information about the torqueusers