Lcmaps plugin to switch user identity based on voms credentials by local groups
lcmaps_voms_localgroup.mod [-groupmapfile groupmapfile] [--map-to-secondary-groups] [-mapall] [-mapmin number of minimal mappings]
The VOMS localgroup acquisition plugin is a 'VOMS-aware' plugin. It uses the VOMS information to gather primary and secondary Group IDs. This is accomplished by matching VOMS FQANs in the so-called groupmapfile (gridmapfile style) with the credentials presented by the user. The resulting list of groups will be looked up in the /etc/groups and/or LDAP directories to determine which Group IDs to be added as a mapping result.
When enabled, the plug-in will map all the FQANs of the user to secondary Group IDs. There will be no primary Group ID set by this plug-in. This option is off by default, thus by default the plug-in will always set the first FQAN
-groupmapfile groupmapfile
This option is used to determine the groupmapfile path. The plug-in will open the file and use the content for the FQAN to Group ID mapping. The same formatting rules of the grid-mapfile apply to the groupmapfile. Provide a full path.
--map-to-secondary-groups
When enabled, the plug-in will map all the FQANs of the user to secondary Group IDs. There will be no primary Group ID set by this plug-in when enabled.
-mapall
When enabled, a failure will be triggered if not all of the FQANs could be mapped to primary or secondary Group IDs.
-mapmin number of minimal mappings
When set the number of minimal mappings will be enforced by the plug-in to ensure that at least this number of FQAN to Group ID mappings has occured. When absent...
LCMAPS_MOD_SUCCESS
Success.
LCMAPS_MOD_FAIL
Failure.
Please report any errors to the Nikhef Grid Middleware Security Team <[email protected]>.
lcmaps.db(5), lcmaps(3).
LCMAPS and the LCMAPS plug-ins were written by the Grid Middleware Security Team <[email protected]>.