Manage Manual Users

On the web interface you will see the following options under 'User Management':

  • Manual User Group Members - for manually adding or removing individual users to a manual user group. Click 'add' to add or the trash icon next to an entry to delete.
  • Manual Account Mappings - for manually adding or removing individual DN to account mappings to a manual account mapper. Click 'add' to add or the trash icon next to an entry to delete.
  • Update VO Members - for user groups that specify a server and a persistence factory, the DNs are retrieved from the server and put into the persistence factory, which is the source of the matching. This happens at a regular interval, but you may want to update manually after new users have been added.

This functionality is also available for the client admin tools "gums" and "gums-service". Usage is:

[root@gums /]# su - username
[username@gums /]# ./gums-service
usage: gums command [command-options]
Commands:
  generateOsgUserVoMap - Generate OSG-user-VO-map.txt for a given service/host.
  generateGridMapfile - Generate grid-mapfile for a given service/host.
  generateVoGridMapfile - Generate a VO grid-mapfile for a given service/host.
  manualGroupAdd - Includes a DN in a group.
  manualGroupRemove - Removes a DN from a group.
  manualMappingAdd - Adds a DN-to-account mapping.
  manualMappingRemove - Removes mapping for DN.
  mapAccount - Maps a local account to a grid identity.
  mapUser - Maps a grid identity to a local account.
  poolAddRange - Adds accounts to an account pool.
  poolGetAssignments - Get printout of current pool account assignments.
  poolRemoveRange - Removes accounts from an account pool.
  poolUnassignRange - Unassigns accounts from an account pool.
  updateGroups - Contact VO servers and retrieve user lists.
  version - Retrieve GUMS client version.
For help on any command:
  gums command --help
[root@gums /]# ./gums-service manualGroupAdd --help
usage: gums manualGroupAdd USERGROUP USERDN1 [USERDN2] ...
Adds a user to a manually managed group. USERGROUP is the name of the
manual user group.
[root@gums /]# ./gums-service manualGroupRemove --help
usage: gums manualGroupRemove USERGROUP USERDN1 [USERDN2] ...
Removes a user from a manually managed group. USERGROUP is the name of the
manual user group.
[root@gums /]# ./gums-service manualMappingAdd --help
usage: gums manualMappingAdd ACCOUNTMAPPER USERDN USERNAME
Maps a DN to a user in a manually managed mapping. ACCOUNTMAPPER is the
name of the manual account mapper.
[root@gums /]# ./gums-service manualMappingRemove --help
usage: gums manualMappingRemove ACCOUNTMAPPER USERDN
Maps a DN to a user in a manually managed mapping. ACCOUNTMAPPER is the
name of the manual account mapper.
[root@gums /]# ./gums-service updateGroups --help
usage: gums updateGroups
Contact all VO servers and update the local lists of users.
[root@gums /]#

Only users and mappings managed by manual user groups and account mappers should be managed by an administrator through GUMS. All others should be handled by the appropriate methods of accessing the 3rd party server (i.e. VOMS, LDAP) or handled automatically by GUMS (i.e. pool account mapper).