Enabling users who do not have OS user accounts to use IBM Spectrum LSF Application Center

When users do not have operating system user accounts on the Platform Application Center server, you can enable them to log in and use IBM Spectrum LSF Application Center by creating a user mapping script that maps login user accounts to operating system user accounts. This applies to both the graphical user interface as well as Web Services.

About this task

You specify the location of your user mapping script to IBM Spectrum LSF Application Center with the parameter USER_MAP_SCRIPT in $GUI_CONFDIR/pmc.conf. A user that logs in to Platform Application Center is authenticated, then mapped to the operating system user account specified in the user mapping script. The user is then able to perform all operations in Platform Application Center as the mapped user account. The mapped user account is displayed in Platform Application Center pages. You can view the login user accounts in System & Settings > Logged In Users.

Procedure

Create a script that maps login user accounts to operating system user accounts and test it.
Script requirements:
- The root user must have read and execute permissions on the specified script.
- If High Availability is enabled, the script must be accessed with the same path by all IBM Spectrum LSF Application Center instances.
- Script input: The script must take user name as input. For example:
```
./auth_map_user.sh user_name
```
- Script output:
  - If successful, the script must exit with an exit code of 0 and write the name of the mapped operating system user account to stdout
  - If an error occurs, the script must exit with a non-zero exit code and write the error to stderr. IBM Spectrum LSF Application Center writes the error message to the following log file: $GUI_CONFDIR/../logs/host_name/messages.log.
For example:
```
       !/bin/sh

        if [ "X$1" = "X" ]; then
           echo "Specify a user name." 1>&2
           exit 1
        fi

        case "$1" in
          user2)
            echo "user9"
            exit 0
            ;;
          user3)
            echo "user10"
            exit 0
            ;;
          *)
            echo "User name: $1 is not mapped." 1>&2
            exit 1 
```
As root, log on to the IBM Spectrum LSF Application Center server.
Edit $GUI_CONFDIR/pmc.conf and add the parameter USER_MAP_SCRIPT to specify the location of your user mapping script. For example:
```
USER_MAP_SCRIPT=/etc/myscript.sh 
```
Restart IBM Spectrum LSF Application Center with pmcadmin stop and pmcadmin start to make changes take effect.
Assign roles to the operating system user accounts specified in your user mapping script in System & Settings > Users & Groups.