On the web interface you will see the following options under 'User Management':
This functionality is also available for the client admin tools "gums" and "gums-service". Usage is:
[root@gums /]# su - username [username@gums /]# ./gums-service usage: gums command [command-options] Commands: clientVersion - Retrieve GUMS client version. generateEmailMapfile - Generate an Email-mapfile for a given service/host. generateFqanMapfile - Generate FQAN-mapfile for a given service/host . generateGridMapfile - Generate grid-mapfile for a given service/host. generateOsgUserVoMap - Generate OSG-user-VO-map for a given service/host. generateVoGridMapfile - Generate a VO grid-mapfile for a given service/host. manualGroupAdd - Includes a DN in a group. manualGroupRemove - Removes a DN from a group. manualMappingAdd - Adds a DN-to-account mapping. manualMappingRemove - Removes mapping for DN. mapAccount - Maps a local account to a grid identity. mapUser - Maps a grid identity to a local account. poolAddRange - Adds accounts to an account pool. poolGetAssignments - Get printout of current pool account assignments. poolRemoveRange - Removes accounts from an account pool. poolUnassignRange - Unassigns accounts from an account pool. serverVersion - Retrieve GUMS server version. updateGroups - Contact VO servers and retrieve user lists. For help on any command: gums command --help [root@gums /]# ./gums-service manualGroupAdd --help usage: gums manualGroupAdd [-g GUMSURL] [-f FQAN] [-e EMAIL] MANUALUSERGROUP USERDN0 USERDN1... Adds a user to a manually managed group. MANUALUSERGROUP is the name of the manual user group. Only one USERDN allowed at a time if email is specified. Options: -e,--email <arg> email Address -f,--fqan <arg> Fully Qualified Attribute Name -g,--gumsUrl <arg> Fully Qualified GUMS URL to override gums.location within the gums-client.properties file --help print this message [root@gums /]# ./gums-service manualGroupRemove --help usage: gums manualGroupRemove [-g GUMSURL] [-f FQAN] MANUALUSERGROUP USERDN1 [USERDN2] ... Removes a user from a manually managed group. USERGROUP is the name of the manual user group. Options: -f,--fqan <arg> Fully Qualified Attribute Name -g,--gumsUrl <arg> Fully Qualified GUMS URL to override gums.location within the gums-client.properties file --help print this message [root@gums /]# ./gums-service manualMappingAdd --help usage: gums manualMappingAdd [-g GUMSURL] ACCOUNTMAPPER USERDN USERNAME Maps a DN to a user in a manually managed mapping. ACCOUNTMAPPER is the name of the manual account mapper. Options: -g,--gumsUrl <arg> Fully Qualified GUMS URL to override gums.location within the gums-client.properties file --help print this message [root@gums /]# ./gums-service manualMappingRemove --help usage: gums manualMappingRemove [-g GUMSURL] MANUALACCOUNTMAPPER USERDN Maps a DN to a user in a manually managed mapping. ACCOUNTMAPPER is the name of the manual account mapper. Options: -g,--gumsUrl <arg> Fully Qualified GUMS URL to override gums.location within the gums-client.properties file --help print this message [root@gums /]# ./gums-service updateGroups --help usage: gums updateGroups [-g GUMSURL] Contact all VO servers and update the local lists of users. Options: -g,--gumsUrl <arg> Fully Qualified GUMS URL to override gums.location within the gums-client.properties file --help print this message [root@gums /]#
Only users and mappings managed by manual user groups and account mappers should be managed by an administrator through GUMS. All others should be handled via the appropriate callouts to the 3rd party servers (i.e. VOMS, LDAP) or handled automatically by GUMS (i.e. pool account mapper).