oracular (8) lcmaps_voms_localgroup.mod.8.gz

Provided by: lcmaps-plugins-voms_1.7.1-1ubuntu2_amd64 bug

NAME

       lcmaps_voms_localgroup.mod  -  LCMAPS  plugin  to  switch  user  identity  based  on  VOMS
       credentials by local groups

SYNOPSIS

       lcmaps_voms_localgroup.mod [-groupmapfile group-mapfile] [--map-to-secondary-groups]
       [-mapall] [-mapmin number of minimal mappings]

DESCRIPTION

       The   VOMS  localgroup  acquisition  plugin  is  a  'VOMS-aware'  plugin  similar  to  the
       lcmaps_voms_localaccount.mod.8 plugin, but for groups instead  of  accounts.   The  plugin
       tries to find local groups (more specifically GroupIDs) based on the VOMS information that
       is available from LCMAPS, in particular the Fully Qualified Attribute Names  (FQANs).   It
       tries  to  find FQAN to localgroup mapping using the so-called group-mapfile (similar to a
       grid-mapfile).  The resulting list of groups will be looked up in the  /etc/groups  and/or
       LDAP directories to determine which Group IDs should be added as a mapping result.

OPTIONS

       -groupmapfile group-mapfile
              This  file  must  contain  FQAN  to local group name mappings, similar to the grid-
              mapfile. The same formatting rules of the grid-mapfile apply to the  group-mapfile.
              It  is  strongly  advised to set it to an absolute path to avoid usage of the wrong
              file(path).  In a (setuid-)root application, relative paths are taken with  respect
              to  /etc/grid-security/.   It  is  important to not mix the grid-mapfile and group-
              mapfile.

       --map-to-secondary-groups
              When enabled, the plug-in will map also the first FQAN of  the  user  to  secondary
              Group  IDs,  hence  there  will  be  no  primary  Group ID set by this plug-in when
              enabled. Note that also if the first FQAN does not give a mapping, there will be no
              primary Group ID set by this plug-in.

       -mapall
              When enabled, a failure will be triggered if not all of the FQANs were successfully
              mapped to primary or secondary Group IDs.

       -mapmin minimum number of mappings
              This option will set a minimum amount of FQANs that  have  to  be  mapped  for  the
              plugin  to  succeed. Default is '0'.  Note: if the minimum is unset or set to 0 the
              plugin will succeed (if no other errors occur) even if no pool-groups were found.

RETURN VALUES

       LCMAPS_MOD_SUCCESS
              Success.

       LCMAPS_MOD_FAIL
              Failure.

BUGS

       Please report any errors to the Nikhef Grid Middleware  Security  Team  <grid-mw-security-
       support@nikhef.nl>.

SEE ALSO

       lcmaps.db(5), lcmaps(3).

AUTHORS

       LCMAPS and the LCMAPS plug-ins were written by the Grid Middleware Security Team <grid-mw-
       security@nikhef.nl>.