# Eaccounts (Experiment Account) The eaccounts are managed via the Digital User Office (DUO) and used for single experiments at the beamlines. Eaccounts reside in the AD in the subtree `OU=users,OU=experiment,OU=it,DC=d,DC=psi,DC=ch` whereas normal accounts are found below `OU=Users,OU=PSI,DC=d,DC=psi,DC=ch` Normally eaccounts start with `e` followed by their uid. Some eaccounts where used not only for single experiments, more like GAC accounts, and have thus been renamed: ``` gac-alvra gac-cristall gac-bernina gac-femto gac-furka gac-maloja gac-slab gac-x01dc gac-x02da gac-x03da gac-x03ma gac-x04db gac-x04sa gac-x05da gac-x05la gac-x06da gac-x06sa gac-x07da gac-x07db gac-x07ma gac-x07mb gac-x09la gac-x09lb gac-x10da gac-x10sa gac-x11ma gac-x12sa gac-x12saop gac-x96sa ``` An eaccount is usually exactly bound to one beamline/endstations and is part of the beamlines/endstations group BEAMLINE (e.g. X06DA) ## Allow Eaccounts ``` aaa::allow_experiment_accounts: true ``` in Hiera enables eaccounts on a system, default is `false`. ## Eaccounts and `override_homedir` By default the `override_homedir` setting (in Hiera `aaa::override_homedir` ore `base::local_homes`) is ignored for eaccounts. The way this has been solved causes problems with group member lookups with eaccounts enabled. Without eaccounts only normal users are found as part of the group (which is correct): ``` [root@lxdev04 ~]# getent group SARESA SARESA:*:35184:babic_a,ebner,kapeller,...,huppert_m,carulla_m,schoel_m [root@lxdev04 ~]# ``` but with eaccounts enabled only the eaccount members are listed: ``` [root@lxdev01 ~]# getent group SARESA SARESA:*:35184:e21996,e21997,e21992,...,e17806,e17589,gac-alvra [root@lxdev01 ~]# ``` If for a system this is a problem, and at the same time there is no need for ignoring `override_homedir`, you may enable the eaccounts with ``` aaa::allow_experiment_accounts: true aaa::enable_eaccounts::ignore_override_homedir: false ``` then you get both type of members: ``` [root@lxdev07 ~]# getent group SARESA SARESA:*:35184:e21996,...,e17589,ext-kapetanaki_s,...,ext-tyrala_k [root@lxdev07 ~]# ``` There is a [open case](https://access.redhat.com/support/cases/#/case/03912615) at RedHat on how to deal best with this problem.