NAME

       lcmaps_voms_localgroup.mod  -  LCMAPS  plugin  to switch user identity based on VOMS credentials by local
       groups

SYNOPSIS

       lcmaps_voms_localgroup.mod [-groupmapfile group-mapfile] [--map-to-secondary-groups] [-mapall] [-mapmin
       number of minimal mappings]

DESCRIPTION

       The VOMS localgroup acquisition plugin is a  'VOMS-aware'  plugin  similar  to  the  lcmaps_voms_localac‐
       count.mod.8  plugin,  but  for  groups  instead of accounts.  The plugin tries to find local groups (more
       specifically GroupIDs) based on the VOMS information that is available from  LCMAPS,  in  particular  the
       Fully Qualified Attribute Names (FQANs).  It tries to find FQAN to localgroup mapping using the so-called
       group-mapfile  (similar  to  a  grid-mapfile).   The  resulting  list  of groups will be looked up in the
       /etc/groups and/or LDAP directories to determine which Group IDs should be added as a mapping result.

OPTIONS

       -groupmapfile group-mapfile
              This file must contain FQAN to local group name mappings, similar to the  grid-mapfile.  The  same
              formatting rules of the grid-mapfile apply to the group-mapfile.  It is strongly advised to set it
              to an absolute path to avoid usage of the wrong file(path).  In a (setuid-)root application, rela‐
              tive  paths  are  taken with respect to /etc/grid-security/.  It is important to not mix the grid-
              mapfile and group-mapfile.

       --map-to-secondary-groups
              When enabled, the plug-in will map also the first FQAN of the user to secondary Group  IDs,  hence
              there  will  be  no primary Group ID set by this plug-in when enabled. Note that also if the first
              FQAN does not give a mapping, there will be no primary Group ID set by this plug-in.

       -mapall
              When enabled, a failure will be triggered if not all of the FQANs were successfully mapped to pri‐
              mary or secondary Group IDs.

       -mapmin minimum number of mappings
              This option will set a minimum amount of FQANs that have to be mapped for the plugin  to  succeed.
              Default  is  '0'.   Note: if the minimum is unset or set to 0 the plugin will succeed (if no other
              errors occur) even if no pool-groups were found.

RETURN VALUES

       LCMAPS_MOD_SUCCESS
              Success.

       LCMAPS_MOD_FAIL
              Failure.

BUGS

       Please  report  any  errors  to  the  Nikhef  Grid  Middleware   Security   Team   <grid-mw-security-sup‐
       port@nikhef.nl>.

SEE ALSO

       lcmaps.db(5), lcmaps(3).

AUTHORS

       LCMAPS  and  the  LCMAPS  plug-ins  were  written  by  the Grid Middleware Security Team <grid-mw-securi‐
       ty@nikhef.nl>.

Stichting FOM/Nikhef                            February 6, 2015                   LCMAPS_VOMS_LOCALGROUP.MOD(8)