2. Setup User Mapping

Every HTTP request sent to the OnDemand portal triggers a call to the ood_auth_map script to map the remote authenticated user name to the local system user name. Mapping to the local system user not only restricts access of OnDemand to local users but it is also required by the OnDemand proxy to traffic the HTTP data to the user’s corresponding per-user NGINX (PUN) server.

The ood-portal-generator and its corresponding Configuration are used to configure both the system command that performs the mapping (user_map_cmd) and the argument fed to the system command (user_env). By default these configuration options are defined as:

# /etc/ood/config/ood_portal.yml
---
# ...
user_map_cmd: '/opt/ood/ood_auth_map/bin/ood_auth_map.regex'
user_env: 'REMOTE_USER'

which uses ood_auth_map for the mapping command and REMOTE_USER (this variable holds the name of the authenticated user by the web server) as its command line argument.

This is equivalent to calling from the command line:

$ /opt/ood/ood_auth_map/bin/ood_auth_map.regex "$REMOTE_USER"

which just echos back the value of REMOTE_USER.

Note

The default user mapping employed by an OnDemand portal directly maps the remote authenticated user name to the local user name. So the Apache authentication module used is expected to set the correct local user name in REMOTE_USER.

2.1. Custom Mapping

As mentioned previously the ood-portal-generator configuration options of interest are:

It is recommended you read the discussion on ood_auth_map before modifying these values.

After modifying /etc/ood/config/ood_portal.yml with the mapping you want you would then build and install the new Apache configuration file with:

$ sudo /opt/ood/ood-portal-generator/sbin/update_ood_portal

Finally you will need to restart your Apache HTTP Server for the changes to take effect.