NAME¶
lcmaps_voms_localgroup.mod - LCMAPS plugin to switch user identity based on VOMS
credentials by local groups
SYNOPSIS¶
lcmaps_voms_localgroup.mod [
-groupmapfile groupmapfile]
[
--map-to-secondary-groups] [
-mapall] [
-mapmin number
of minimal mappings]
DESCRIPTION¶
The VOMS localgroup acquisition plugin is a 'VOMS-aware' plugin. It uses the
VOMS information to gather primary and secondary Group IDs. This is
accomplished by matching VOMS FQANs in the so-called groupmapfile (gridmapfile
style) with the credentials presented by the user. The resulting list of
groups will be looked up in the /etc/groups and/or LDAP directories to
determine which Group IDs to be added as a mapping result.
When enabled, the plug-in will map all the FQANs of the user to secondary Group
IDs. There will be no primary Group ID set by this plug-in. This option is off
by default, thus by default the plug-in will always set the first FQAN
OPTIONS¶
- -groupmapfile groupmapfile
- This option is used to determine the groupmapfile path. The plug-in will
open the file and use the content for the FQAN to Group ID mapping. The
same formatting rules of the grid-mapfile apply to the groupmapfile.
Provide a full path.
- --map-to-secondary-groups
- When enabled, the plug-in will map all the FQANs of the user to secondary
Group IDs. There will be no primary Group ID set by this plug-in when
enabled.
- -mapall
- When enabled, a failure will be triggered if not all of the FQANs could be
mapped to primary or secondary Group IDs.
- -mapmin number of minimal mappings
- When set the number of minimal mappings will be enforced by the
plug-in to ensure that at least this number of FQAN to Group ID mappings
has occured. When absent...
RETURN VALUES¶
- LCMAPS_MOD_SUCCESS
- Success.
- LCMAPS_MOD_FAIL
- Failure.
BUGS¶
Please report any errors to the Nikhef Grid Middleware Security Team
<grid-mw-security-support@nikhef.nl>.
SEE ALSO¶
lcmaps.db(5),
lcmaps(3).
AUTHORS¶
LCMAPS and the LCMAPS plug-ins were written by the Grid Middleware Security Team
<grid-mw-security@nikhef.nl>.