2. Setup User Mapping¶
Every HTTP request sent to the OnDemand portal triggers a call to the ood_auth_map script to map the remote authenticated user name to the local system user name. Mapping to the local system user not only restricts access of OnDemand to local users but it is also required by the OnDemand proxy to traffic the HTTP data to the user’s corresponding per-user NGINX (PUN) server.
The ood-portal-generator and its corresponding Configuration are used to configure both the system command that performs the mapping (user_map_cmd) and the argument fed to the system command (user_env). By default these configuration options are defined as:
# /etc/ood/config/ood_portal.yml
---
# ...
user_map_cmd: '/opt/ood/ood_auth_map/bin/ood_auth_map.regex'
user_env: 'REMOTE_USER'
which uses ood_auth_map for the mapping command and REMOTE_USER
(this variable holds the name of the authenticated user by the web server) as
its command line argument.
This is equivalent to calling from the command line:
$ /opt/ood/ood_auth_map/bin/ood_auth_map.regex "$REMOTE_USER"
which just echos back the value of REMOTE_USER
.
Note
The default user mapping employed by an OnDemand portal directly maps
the remote authenticated user name to the local user name. So the Apache
authentication module used is expected to set the correct local user name in
REMOTE_USER
.
2.1. Custom Mapping¶
As mentioned previously the ood-portal-generator configuration options of interest are:
It is recommended you read the discussion on ood_auth_map before modifying these values.
After modifying /etc/ood/config/ood_portal.yml
with the mapping you
want you would then build and install the new Apache configuration file with:
$ sudo /opt/ood/ood-portal-generator/sbin/update_ood_portal
Finally you will need to restart your Apache HTTP Server for the changes to take effect.