[torqueusers] Directory server integration

Prakash Velayutham Prakash.Velayutham at cchmc.org
Sat Dec 9 07:53:21 MST 2006


>>> David Golden <dgolden at cp.dias.ie> 12/07/06 8:41 AM >>>

> b) With some kind of attribute, Torque understands which of these
users
> are allowed to submit jobs to the cluster.

For linux (and probably solaris...):

This bit could just be done with posix group membership and acl_groups, 
couldn't it?  groups can be created in ldap fine (though I've always
found 
the standardised representation for them slightly annoying), torque just
uses 
system name services, if system nss+pam are pointed at ldap, it just
works.

I've been running a cluster with an ldap-over-ssl user/group database
for 
years, including using group membership to control access.

Main downside is the potential single-point-of-failure unless your
budget 
springs to HA/replication (er. it may seem absurd that someone who can
afford
a cluster can't afford one more node to make a HA pair for slapd, but
hey..).
Also, did sometimes encounter situations where load on the ldap server
became 
slightly surprisingly high, but in our case not enough to cause real 
problems.

Hi David,

Thanks for the idea. So basically make all the cluster users belong to a
different group (could be a secondary group) and enable group acl in
qmgr. Thanks again.

Prakash


More information about the torqueusers mailing list