lcmaps_voms_localgroup.mod(8) LCMAPS plugin to switch user identity based on VOMS credentials by local groups

SYNOPSIS

lcmaps_voms_localgroup.mod [-groupmapfile groupmapfile] [--map-to-secondary-groups] [-mapall] [-mapmin number of minimal mappings]

DESCRIPTION

The VOMS localgroup acquisition plugin is a 'VOMS-aware' plugin. It uses the VOMS information to gather primary and secondary Group IDs. This is accomplished by matching VOMS FQANs in the so-called groupmapfile (gridmapfile style) with the credentials presented by the user. The resulting list of groups will be looked up in the /etc/groups and/or LDAP directories to determine which Group IDs to be added as a mapping result.

When enabled, the plug-in will map all the FQANs of the user to secondary Group IDs. There will be no primary Group ID set by this plug-in. This option is off by default, thus by default the plug-in will always set the first FQAN

OPTIONS

-groupmapfile groupmapfile
This option is used to determine the groupmapfile path. The plug-in will open the file and use the content for the FQAN to Group ID mapping. The same formatting rules of the grid-mapfile apply to the groupmapfile. Provide a full path.
--map-to-secondary-groups
When enabled, the plug-in will map all the FQANs of the user to secondary Group IDs. There will be no primary Group ID set by this plug-in when enabled.
-mapall
When enabled, a failure will be triggered if not all of the FQANs could be mapped to primary or secondary Group IDs.
-mapmin number of minimal mappings
When set the number of minimal mappings will be enforced by the plug-in to ensure that at least this number of FQAN to Group ID mappings has occured. When absent...

RETURN VALUES

LCMAPS_MOD_SUCCESS
Success.
LCMAPS_MOD_FAIL
Failure.

BUGS

Please report any errors to the Nikhef Grid Middleware Security Team <[email protected]>.

AUTHORS

LCMAPS and the LCMAPS plug-ins were written by the Grid Middleware Security Team <[email protected]>.