|LCMAPS_VOMS_LOCALGROUP.MOD(8)||Site Access Control||LCMAPS_VOMS_LOCALGROUP.MOD(8)|
NAME¶lcmaps_voms_localgroup.mod - LCMAPS plugin to switch user identity based on VOMS credentials by local groups
SYNOPSIS¶lcmaps_voms_localgroup.mod [-groupmapfile group-mapfile] [--map-to-secondary-groups] [-mapall] [-mapmin number of minimal mappings]
DESCRIPTION¶The VOMS localgroup acquisition plugin is a 'VOMS-aware' plugin similar to the lcmaps_voms_localaccount.mod.8 plugin, but for groups instead of accounts. The plugin tries to find local groups (more specifically GroupIDs) based on the VOMS information that is available from LCMAPS, in particular the Fully Qualified Attribute Names (FQANs). It tries to find FQAN to localgroup mapping using the so-called group-mapfile (similar to a grid-mapfile). The resulting list of groups will be looked up in the /etc/groups and/or LDAP directories to determine which Group IDs should be added as a mapping result.
- -groupmapfile group-mapfile
- This file must contain FQAN to local group name mappings, similar to the grid-mapfile. The same formatting rules of the grid-mapfile apply to the group-mapfile. It is strongly advised to set it to an absolute path to avoid usage of the wrong file(path). In a (setuid-)root application, relative paths are taken with respect to /etc/grid-security/. It is important to not mix the grid-mapfile and group-mapfile.
- When enabled, the plug-in will map also the first FQAN of the user to secondary Group IDs, hence there will be no primary Group ID set by this plug-in when enabled. Note that also if the first FQAN does not give a mapping, there will be no primary Group ID set by this plug-in.
- When enabled, a failure will be triggered if not all of the FQANs were successfully mapped to primary or secondary Group IDs.
- -mapmin minimum number of mappings
- This option will set a minimum amount of FQANs that have to be mapped for the plugin to succeed. Default is '0'. Note: if the minimum is unset or set to 0 the plugin will succeed (if no other errors occur) even if no pool-groups were found.
BUGS¶Please report any errors to the Nikhef Grid Middleware Security Team <email@example.com>.
SEE ALSO¶lcmaps.db(5), lcmaps(3).
AUTHORS¶LCMAPS and the LCMAPS plug-ins were written by the Grid Middleware Security Team <firstname.lastname@example.org>.
|February 6, 2015||Stichting FOM/Nikhef|