Main Page   Modules   Data Structures   File List   Data Fields   Globals   Related Pages  

voms localgroup plugin

SYNOPSIS

lcmaps_voms_localgroup.mod -GROUPMAPFILE|-groupmapfile|-GROUPMAP|-groupmap <groupmapfile> [-mapall] [-mapmin <group count>]

DESCRIPTION

The localgroup acquisition plugin is a 'VOMS-aware' plugin. It uses the VOMS information (acquired by the plugin lcmaps_voms.mod) to gather primary and secondary GIDs. This is accomplished by matching VO-GROUP-ROLE(-CAPABILITY) combinations in the so-called groupmapfile (gridmapfile style) and by finding the corresponding local GID. Wildcards can be used in the groupmapfile to match VO-GROUP-ROLE combinations.

EXAMPLE 'groupmapfile':

"/VO=atlas/GROUP=mcprod" atmcprod

"/VO=atlas/GROUP=*" atlasgrps

A VO-GROUP combination /VO=atlas/GROUP=mcprod matches "/VO=atlas/GROUP=mcprod", resulting in a mapping to the GID of the 'atmcprod' group. All the other groups within the 'atlas' VO will be mapped to 'atlasgrps'. A user with /VO=cms/GROUP=user will not be mapped to any local system group, unless there will be an extra row in the groupmapfile like '"/VO=*" allothers' resulting in a mapping from any other VO-GROUP-ROLE combination to 'allothers'. The mapping is based on the first match found for a VO-GROUP-ROLE combination, implying that the most significant row must be on top.

The poolgroup plugin will try to match each VO-GROUP-ROLE combination that was found by the plugin lcmaps_voms.mod. The first VO-GROUP-ROLE combination will become the primary group, the others secondary groups. As the primary GID may be used for auditing and accounting purposes it is important that the user uses the correct ordering of VO-GROUP-ROLE combinations in his grid credential (X509 certificate).

OPTIONS

-GROUPMAPFILE <groupmapfile>

 See -groupmap

-groupmapfile <groupmapfile>

See -groupmap

-GROUPMAP <groupmapfile>

See -groupmap

-groupmap <groupmapfile>

If this option is set, it will override the default path to the groupmapfile. It is advised to use an absolute path to the groupmapfile to avoid usage of the wrong file(path).

-mapall

If this parameter is set, the plugin only succeeds if it manages to map all voms data entries to (system) groups and find their GID. There is no communication between different plugins (like the voms_poolgroup plugin) about the failures. A log entry will state the VO-GROUP-ROLE combination that made the plugin fail.

-mapmin <group count>

This option will set a minimum amount of groups that have to be resolved for later mapping. If the minimum is not set then the minimum amount is set to '0' by default. If the plugin is not able to the required number of local groups it will fail. Note: if the minimum is set to zero or the minimum is not set the plugin will return a success if no other errors occur, even if no local groups were found.

RETURN VALUES

ERRORS

 See bugzilla for known errors (http://marianne.in2p3.fr/datagrid/bugzilla/)

SEE ALSO

lcmaps_voms.mod, lcmaps_voms_poolaccount.mod, lcmaps_voms_poolgroup.mod, lcmaps_localaccount.mod, lcmaps_poolaccount.mod, lcmaps_posix_enf.mod, lcmaps_ldap_enf.mod,

Generated at Tue Sep 23 15:48:52 2003 for edg-lcmaps by doxygen1.2.8.1 written by Dimitri van Heesch, © 1997-2001