NAME
lcmaps: NCM component to manage LCMAPS configuration file(s)
DESCRIPTION
The lcmaps component writes the LCMAPS configuration file(s). The primary file is the LCMAPS database, listing the plugin modules to be defines and the policies to describe (in the specific order as specified in the list in the CDB).
RESOURCES
/software/components/lcmaps/dbpath
Location of the main LCMAPS database (list of plugin modules).
Default: /opt/edg/etc/lcmaps/lcmaps.db
/software/components/lcmaps/modulepath
The LCMAPS module search path.
/software/components/lcmaps/module
Named list (nlist) of modules to be used in the LCMAPS policies. The names here are the module symbolic references that are used to define the policies
/software/components/lcmaps/module/{}/path
Path of the module to load.
/software/components/lcmaps/module/{}/args
Arguments to the module (these are concatenated to the module path itself and quoted.
/software/components/lcmaps/policies
List (ordered) of LCMAPS policies
/software/components/lcmaps/policies
/[]/name
Name of the policy.
/software/components/lcmaps/policies
/[]/ruleset
List (ordered) of rulesets for this policy.
EXAMPLE
"/software/components/lcmaps/dbpath" = "/opt/edg/etc/lcmaps/policy.conf";
"/software/components/lcmaps/modulepath" = "/opt/edg/lib/lcmaps/modules";
"/software/components/lcmaps/module/localaccount/path" =
"lcmaps_localaccount.mod";
"/software/components/lcmaps/module/localaccount/args" =
"-gridmapfile `/etc/grid`-security/grid-mapfile";
"/software/components/lcmaps/module/poolaccount/path" = "lcmaps_poolaccount.mod";
"/software/components/lcmaps/module/poolaccount/args" =
" -override_inconsistency" +
" -gridmapfile `/etc/grid`-security/grid-mapfile" +
" -gridmapdir `/etc/grid`-security/gridmapdir";
"/software/components/lcmaps/module/posixenf/path" = "lcmaps_posix_enf.mod";
"/software/components/lcmaps/module/posixenf/args" =
" -maxuid 1 -maxpgid 1 -maxsgid 32";
"/software/components/lcmaps/policies" = list (
nlist(
"name", "standard",
"ruleset", list (
"localaccount -> posixenf | poolaccount",
"poolaccount -> posixenf"
)
),
nlist(
"name", "GridFTPacquisition",
"ruleset", list (
"vomsextract -> vomslocalgroup",
"vomslocalgroup -> vomspoolgroup",
"vomspoolgroup -> vomspoolaccount",
"vomspoolaccount -> ldap_enf"
)
)
);
Multi-file mode
If "/software/components/lcmaps/multifile" is set to True, the LCMAPS component will work in the experimental "multi-file" mode. The regular resources like "/software/components/lcmaps/dbpath" are ignored, and relocated, but similarly named ones in the array "/software/components/lcmaps/config[]" are used. Thus, multiple LCMAPS policy files can be written to support for example separate services (gatekeeper, gridftp) on the same host. For example, the ".../dbpath" resource becomes:
"/software/components/lcmaps/config/0/dbpath" = "/opt/edg/etc/lcmaps/policy.gridftp";
"/software/components/lcmaps/config/0/modulepath" = "/opt/edg/lib/lcmaps/modules";
...
"/software/components/lcmaps/config/1/dbpath" = "/opt/edg/etc/lcmaps/policy.gatekeeper";
...