Migration2016:User Accounts and Groups
Currently CC and the regions have a two-layer user management system:
- National Layer with accounts created and tracked in the CCDBCompute Canada Data Base.
- Regional Layer with usernames and login accounts created by each region.
In coordination with the infrastructure renewal, Compute Canada has created a national, LDAP-based user management system. LDAP is a standard, widely-used database system for user authentication and authorization. The new systems will use the National LDAP system for authentication and authorization (the legacy systems will remain with the current two-layer system).
The Compute Canada Database (CCDB) user creation process will create a record in the National LDAP database, and then each new computer system will query the National LDAP for its authentication and authorization needs. You, the user, will have a single password for the four new systems which will be the same as your CCDBCompute Canada Data Base password.
Your current usernames and passwords will continue to work on the old, legacy systems.
We understand this may result in some confusion while the two layers (National and Regional) continue to exist, but it is quite difficult to change ownership, etc. for the various file structures and systems in use by the individual legacy sites.
Will my username be the same?
Due to the history of the legacy systems there are some overlaps and inconsistencies in naming schemes. While most users will have the same username on the new systems as they had on legacy systems, it's not possible to do this for everyone. A small number of users will have a different login name on the new systems.
If the username you use to log in to CCDBCompute Canada Data Base is different from the username you use to log in to a compute system, then you have a conflict. In order to log in to a new system you will use your central Compute Canada account information. Note that the CCDBCompute Canada Data Base accepts both your username and your email address to log in. For the new systems, it is the username that must be used.
To log in to a legacy system you will continue to use your existing username and password for that system. We will not change the existing login methods on legacy systems.
Testing your Account Information
The simplest way to test your account information is to login to ccdb.computecanada.ca. If you can login then your National LDAP user information is correct. If not you will need to reset your password (see next section). If this does not work then send email to firstname.lastname@example.org. Note that the CCDBCompute Canada Data Base accepts both your username and your email address to log in. For the new systems, it is the username that must be used.