Main Page | Modules | Data Structures | File List | Data Fields | Globals | Related Pages

voms localgroup plugin


lcmaps_voms_localgroup.mod -GROUPMAPFILE|-groupmapfile|-GROUPMAP|-groupmap <groupmapfile> [-mapall] [-mapmin <group count>]


The localgroup acquisition plugin is a 'VOMS-aware' plugin. It uses the VOMS information (acquired by the plugin lcmaps_voms.mod) to gather primary and secondary GIDs. This is accomplished by matching VO-GROUP-ROLE(-CAPABILITY) combinations in the so-called groupmapfile (gridmapfile style) and by finding the corresponding local GID. Wildcards can be used in the groupmapfile to match VO-GROUP-ROLE combinations.

EXAMPLE 'groupmapfile':

"/VO=atlas/GROUP=mcprod" atmcprod

"/VO=atlas/GROUP=*" atlasgrps

A VO-GROUP combination /VO=atlas/GROUP=mcprod matches "/VO=atlas/GROUP=mcprod", resulting in a mapping to the GID of the 'atmcprod' group. All the other groups within the 'atlas' VO will be mapped to 'atlasgrps'. A user with /VO=cms/GROUP=user will not be mapped to any local system group, unless there will be an extra row in the groupmapfile like '"/VO=*" allothers' resulting in a mapping from any other VO-GROUP-ROLE combination to 'allothers'. The mapping is based on the first match found for a VO-GROUP-ROLE combination, implying that the most significant row must be on top.

The poolgroup plugin will try to match each VO-GROUP-ROLE combination that was found by the plugin lcmaps_voms.mod. The first VO-GROUP-ROLE combination will become the primary group, the others secondary groups. As the primary GID may be used for auditing and accounting purposes it is important that the user uses the correct ordering of VO-GROUP-ROLE combinations in his grid credential (X509 certificate).


-GROUPMAPFILE \<groupmapfile\>

See -groupmap

-groupmapfile \<groupmapfile\>

See -groupmap

-GROUPMAP \<groupmapfile\>

See -groupmap

-groupmap \<groupmapfile\>

If this option is set, it will override the default path to the groupmapfile. It is advised to use an absolute path to the groupmapfile to avoid usage of the wrong file(path).


If this parameter is set, the plugin only succeeds if it manages to map all voms data entries to (system) groups and find their GID. There is no communication between different plugins (like the voms_poolgroup plugin) about the failures. A log entry will state the VO-GROUP-ROLE combination that made the plugin fail.

-mapmin \<group count\>

This option will set a minimum amount of groups that have to be resolved for later mapping. If the minimum is not set then the minimum amount is set to '0' by default. If the plugin is not able to the required number of local groups it will fail. Note: if the minimum is set to zero or the minimum is not set the plugin will return a success if no other errors occur, even if no local groups were found.



See bugzilla for known errors (


lcmaps_voms.mod, lcmaps_voms_poolaccount.mod, lcmaps_voms_poolgroup.mod, lcmaps_localaccount.mod, lcmaps_poolaccount.mod, lcmaps_posix_enf.mod, lcmaps_ldap_enf.mod,
Generated on Sun May 29 21:22:13 2005 for lcmaps by doxygen 1.3.5