Main Page   Modules   Data Structures   File List   Data Fields   Globals   Related Pages  

voms localgroup plugin

SYNOPSIS

lcmaps_voms_localgroup.mod -GROUPMAPFILE|-groupmapfile|-GROUPMAP|-groupmap <groupmapfile> [-mapall]

DESCRIPTION

The localgroup acquisition plugin is a voms-'aware' plugin. The plugin's main purpose is to gather credential information from the given Voms \bAcquisition plugin. This plugin will gather a primary GID and additional secundary GIDs. In the credential data datastructure in the Plugin Manager are all the VO-GROUP-ROLE(-CAPABILITY) values stored. This plugin will get this data and compare all the VO-GROUP-ROLE values with the that is by default known as \b'groupmapfile'\b. The plugin will lookup each value (a VO-GROUP-ROLE combination) and will search in the groupmapfile for a match. Wildcards can be used in the groupmapfile to match VO-GROUP-ROLE combinations.

EXAMPLE 'groupmapfile':

/VO=atlas/GROUP=mcprod atmcprod

/VO=atlas/GROUP=* atlasgrps

/VO=atlas/GROUP=mcprod as VO-GROUP combination from the gathered credential data will match with /VO=atlas/GROUP=mcprod and there will be a mapping made to the GID of the 'atmcprod' group. All the other groups within the 'atlas' VO will be mapped to 'atlasgrps'. If there is a user with /VO=cms that user can not be mapped to any local system group unless there will be an extra row in the groupmapfile like '/VO=* allothers' making a mapping from anyother VO-GROUP-ROLE combination to 'allothers'. What u can allready read between the lines that the most significant row must be on top and the least significant row must be on the bottom side of the groupmapfile.

For every value in the Plugin Manager there will be a search in the groupmapfile. The first extracted and gathered VO-GROUP-ROLE combination will find it's way to be primary group. Unless there has been another plugin already run that filled up the primary group. The userinterface software has the possibility to set a userdefined order in the VOMS values that will be put on user's proxy certificate. With this feature the user can controle the primary group what could have more functionality in the future then of now (audit/billing/etc.).

OPTIONS

-GROUPMAPFILE <groupmapfile>

 See -groupmap

-groupmapfile <groupmapfile>

See -groupmap

-GROUPMAP <groupmapfile>

See -groupmap

-groupmap <groupmapfile>

When this option is set in the initialization string it will override the default path of to the groupmapfile. It is advised to use a absolute path to the groupmapfile to avoid usage of the wrong file(path). When this option is set but without a path to the groupmapfile will fail the initialisation of the plugin and the plugin will not run untill it has been disposed and reloaded.

-mapall

If this parameter is set the plugin is forced to map all voms data entries to (system) groups and find there GID. If not all voms data (VO-GROUP-ROLE) entries on the certificate match with rows in the groupmapfile the plugin will fail. There is no communication between different plugins (like the poolgroup plugin) about the failures. A log entry will state the VO-GROUP-ROLE combination what made the plugin fail.

RETURN VALUES

ERRORS

 See bugzilla for known errors (http://marianne.in2p3.fr/datagrid/bugzilla/)

SEE ALSO

lcmaps_ldap_enf.mod, lcmaps_poolaccount.mod, lcmaps_posix_enf.mod, lcmaps_voms.mod

Generated at Fri Jul 11 18:38:23 2003 for edg-lcmaps by doxygen1.2.8.1 written by Dimitri van Heesch, © 1997-2001