Do not create accounts for users not in certain group

[jcklie]

Hi, this repository looks very nice and would solve a lot of problems for our Slurm cluster. Our infrastructure manages login via ldap. I set up creating slurm users as you described and it works nicely. But we have domain accounts for which we do not want to create slurm accounts, e.g. mailboxes and service users. We manage access to our slurm cluster by assigning the group slurm-user, accounts that do not have this group should be ignored. Is that somehow possible with your code? I had a look but did not find an easy place to add it. I would have used the homedir checking, but our users need to log in for it to be created and user data is saved on different storages based on their association. Thanks!

[OleHolmNielsen]

Hi, Thanks a lot for your nice comments! I would like to refer you also to my SLUG presentation Technical: Slurm Account Synchronization with UNIX Groups and Users which has a reference to an LDAP project from EPFL, see Technical: Keeping Accounts Consistent Across Clusters Using LDAP and YAML.

That said, let me try to understand your request: When you say the group slurm-user, do you mean a secondary UNIX group? Would you like to require membership of slurm-user in order for the account to be added to Slurm? And the user should be removed when he is no longer a member of slurm-user? Best regards, Ole

[jcklie]

Thanks for the quick reply! I also saw the project from EPFL but it has no recent commits, so I tried yours first. In our setup, every users' primary group is domain-user, and we assign each user that should be using slurm slurm-user and then account-specific groups like student or researcher. I ended up just adding a hard coded check for the group into your code and it worked.

[OleHolmNielsen]

Hi again.
I would be interested in any changes to the tool that might be needed to use LDAP for the user database. Others might want to use your work. Thanks, Ole