2. Setup User Mapping¶
Every HTTP request sent to the OnDemand portal triggers a call to the ood_auth_map script to map the remote authenticated user name to the local system user name. Mapping to the local system user not only restricts access of OnDemand to local users but it is also required by the OnDemand proxy to traffic the HTTP data to the user’s corresponding per-user NGINX (PUN) server.
The ood-portal-generator and its corresponding
config.yml are used
to configure both the system command that performs the mapping
(user_map_cmd) and the argument fed
to the system command (user_env). By
default these configuration options are defined as:
# /path/to/ood-portal-generator/config.yml --- user_map_cmd: '/opt/ood/ood_auth_map/bin/ood_auth_map.regex' user_env: 'REMOTE_USER'
which uses ood_auth_map for the mapping command and
(this variable holds the name of the authenticated user by the web server) as
its command line argument.
This is equivalent to calling from the command line:
$ /opt/ood/ood_auth_map/bin/ood_auth_map.regex "$REMOTE_USER"
which just echos back the value of
The default user mapping employed by an OnDemand portal directly maps
the remote authenticated user name to the local user name. So the Apache
authentication module used is expected to set the correct local user name in
2.1. Custom Mapping¶
As mentioned previously the ood-portal-generator configuration options of interest are:
It is recommended you read the discussion on ood_auth_map before modifying these values.
After modifying the
config.yml with the mapping you want you would then
build the new
ood-portal.conf from this configuration file with:
$ scl enable rh-ruby22 -- rake Rendering templates/ood-portal.conf.erb => build/ood-portal.conf
This will build
ood-portal.conf in the
build/ directory. Open that file
and confirm everything is accurate, then install it in the global location:
$ sudo scl enable rh-ruby22 -- rake install cp build/ood-portal.conf /opt/rh/httpd24/root/etc/httpd/conf.d/ood-portal.conf
Finally you will need to restart your Apache HTTP Server for the changes to take effect.