SYNOPSIS
lcmaps_poolaccount.mod [-gridmapfile|-GRIDMAPFILE|-gridmap|-GRIDMAP <location grid-mapfile>] [-gridmapdir|-GRIDMAPDIR <location gridmapdir>]
The plugin is a Acquisition Plugin and will provide the LCMAPS system with Pool Account credential information. To do this it needs to look up the Distinghuished Name (DN) from a user's certificate in the grid-mapfile. If this DN is found in the grid-mapfile the plugin now knows to which pool of local system account the user wil be mapped. To convert the poolname (starting with a dot or point in stead of a alfanumeric character) will be checked with a special list of availeble local accounts. This list is located in the \i gridmapdir and is made of filenames. These filenames correspond to the system account's username. (Like a DN is mapped to .test and you will find a bunch of test001, test002, etc. in the gridmapdir)
When there are no pool accounts taken and the user is new the plugin will get a directory listing of the gridmapdir. This list will contain usernames corrisponding to system accounts specially designated for pool accounting. The plugin resolved the mapping of a certain pool name, let say '.test'. The plugin will look in the directory list en will find the first file in the list corrisponding with 'test', like the string 'test001'. This 'test001' is linked to an i-node (a filename 'in' a directory is linked to an pointer structure that forms the base of a Unix file system). This i-node can belinked to another file, besides this 'test001' file. Since we indicated a clean setup there is no other link, just the link between 'test001' and a i-node. This means that this username 'test001' corrisponding to a system account is not yet used by anyone else. To make a link between the user and this pool account the plugin will make a new file named as the Distinghuished Name (in a URL-Encode string) of the user. The nice part is that this new file will be attached to the same i-node as the file 'test001' indicating a link between the pool account and the user.
When a user returns to this site the plugin will look for the distinghuished name of the user (URL encoded) in this directory. Nice the user already left his trace in the directory with a link to it's already assigned pool account the user will now be mapped again to this (already) assigned pool account.
When the plugin assigned the pool account it will resolve all the data that can be known about this system account. The plugin will resolve the UID, GID and all the secundary GIDs. When this all has been done and there weren't any problems detected the plugin will add this information to a datastructure in the Plugin Manager. The plugin will finish it's run with a LCMAPS_MOD_SUCCESS. This result will be reported to the Plugin Manager which started this plugin and it will forward this result to the Evaluation Manager which will take appropriate actions for the next plugin to run. Normally this plugin would be followed by a Enforcement plugin that can apply these gathered credentials in a way that is appropriate to a system administration's needs.
OPTIONS
-GRIDMAPFILE <gridmapfile>
See -gridmap
-gridmapfile <gridmapfile>
See -gridmap
-GRIDMAP <gridmapfile>
See -gridmap
-gridmap <gridmapfile>
When this option is set in the initialization string it will override the default path of to the grid-mapfile. It is advised to use a absolute path to the grid-mapfile to avoid usage of the wrong file(path). When this option is set but without a path to the grid-mapfile will fail the initialisation of the plugin and the plugin will not run untill it has been disposed and reloaded.
-GRIDMAPDIR <gridmapdir>
See -gridmapdir
-gridmapdir <gridmapdir>
When this option is set in the initialization string it will override the default path of to the gridmapdir. It is advised to use a absolute path to the gridmapdir to avoid usage of the wrong path. When this option is set but without a path to the gridmapdir will fail the initialisation of the plugin and the plugin will not run untill it has been disposed and reloaded.
SEE ALSO
lcmaps_ldap_enf.mod, lcmaps_localaccount.mod, lcmaps_posix_enf.mod, lcmaps_voms.mod
1.2.8.1 written by Dimitri van Heesch,
© 1997-2001