From 059b9a93d0ab827b4985423316f66ec691fc5eff Mon Sep 17 00:00:00 2001
From: Chris Hubing <chubing@internet2.edu>
Date: Tue, 4 Sep 2018 18:52:57 -0400
Subject: [PATCH] config changes for 2.4

---
 container_files/grouper.installer.properties  |  2 +-
 .../grouper/grouper-loader.properties         |  7 ++---
 .../grouper/subject.properties                | 26 ++++++++++++-------
 .../container_files/conf/subject.properties   | 26 ++++++++++++-------
 .../container_files/seed-data/bootstrap.gsh   |  7 +++++
 5 files changed, 44 insertions(+), 24 deletions(-)

diff --git a/container_files/grouper.installer.properties b/container_files/grouper.installer.properties
index 33c3edf6..be9cd2b0 100644
--- a/container_files/grouper.installer.properties
+++ b/container_files/grouper.installer.properties
@@ -40,4 +40,4 @@ grouperInstaller.autorun.rabbitMqWhereInstalled = /opt/grouper/2.4.0/grouper.api
 
 # disable installing pspng, for now
 grouperInstaller.autorun.installPspng = t
-grouperInstaller.autorun.installPsp = t
+grouperInstaller.autorun.installPsp = f
diff --git a/test-compose/configs-and-secrets/grouper/grouper-loader.properties b/test-compose/configs-and-secrets/grouper/grouper-loader.properties
index 07c4f56a..c406f91a 100644
--- a/test-compose/configs-and-secrets/grouper/grouper-loader.properties
+++ b/test-compose/configs-and-secrets/grouper/grouper-loader.properties
@@ -4,17 +4,18 @@
 # specify the ldap connection with user, pass, url
 # the string after "ldap." is the ID of the connection, and it should not have
 # spaces or other special chars in it.  In this case is it "personLdap"
- 
+
 #note the URL should start with ldap: or ldaps: if it is SSL.  
 #It should contain the server and port (optional if not default), and baseDn,
 #e.g. ldaps://ldapserver.school.edu:636/dc=school,dc=edu
-ldap.demo.url = ldap://data:389/dc=example,dc=edu
+ldap.demo.url = ldap://data:389/dc=internet2,dc=edu
  
 #optional, if authenticated
 ldap.demo.user = cn=admin,dc=internet2,dc=edu
  
 #optional, if authenticated note the password can be stored encrypted in an external file
-ldap.demo.pass = ${java.lang.System.getenv().get('SUBJECT_SOURCE_LDAP_PASSWORD_FILE') != null ? org.apache.commons.io.FileUtils.readFileToString(java.lang.System.getenv().get('SUBJECT_SOURCE_LDAP_PASSWORD_FILE'), "utf-8") : java.lang.System.getenv().get('SUBJECT_SOURCE_LDAP_PASSWORD')}
+#ldap.demo.pass = ${java.lang.System.getenv().get('SUBJECT_SOURCE_LDAP_PASSWORD_FILE') != null ? org.apache.commons.io.FileUtils.readFileToString(java.lang.System.getenv().get('SUBJECT_SOURCE_LDAP_PASSWORD_FILE'), "utf-8") : java.lang.System.getenv().get('SUBJECT_SOURCE_LDAP_PASSWORD')}
+ldap.demo.pass = password
  
 #optional, if you are using tls, set this to true.  Generally you will not be using an SSL URL to use TLS...
 ldap.demo.tls = false
diff --git a/test-compose/configs-and-secrets/grouper/subject.properties b/test-compose/configs-and-secrets/grouper/subject.properties
index fd5b25cd..c9329fdb 100644
--- a/test-compose/configs-and-secrets/grouper/subject.properties
+++ b/test-compose/configs-and-secrets/grouper/subject.properties
@@ -1,19 +1,25 @@
-subject.sources.xml.location =
+#subject.sources.xml.location =
+
+subjectApi.source.ldap.param.ldapServerId.value = demo
+
 
 subjectApi.source.ldap.id = ldap
 subjectApi.source.ldap.name = EDU Ldap 
 subjectApi.source.ldap.types = person
 subjectApi.source.ldap.adapterClass = edu.internet2.middleware.grouper.subj.GrouperJndiSourceAdapter
-subjectApi.source.ldap.param.INITIAL_CONTEXT_FACTORY.value = com.sun.jndi.ldap.LdapCtxFactory
-subjectApi.source.ldap.param.PROVIDER_URL.value = ldap://data:389
-subjectApi.source.ldap.param.SECURITY_AUTHENTICATION.value = simple
-subjectApi.source.ldap.param.SECURITY_PRINCIPAL.value = cn=admin,dc=internet2,dc=edu
-subjectApi.source.ldap.param.SECURITY_CREDENTIALS.value.elConfig = ${java.lang.System.getenv().get('SUBJECT_SOURCE_LDAP_PASSWORD_FILE') != null ? org.apache.commons.io.FileUtils.readFileToString(java.lang.System.getenv().get('SUBJECT_SOURCE_LDAP_PASSWORD_FILE'), "utf-8") : java.lang.System.getenv().get('SUBJECT_SOURCE_LDAP_PASSWORD')}
+
+## replaced with new LDAPTIVE lib
+#subjectApi.source.ldap.param.INITIAL_CONTEXT_FACTORY.value = com.sun.jndi.ldap.LdapCtxFactory
+#subjectApi.source.ldap.param.PROVIDER_URL.value = ldap://data:389
+#subjectApi.source.ldap.param.SECURITY_AUTHENTICATION.value = simple
+#subjectApi.source.ldap.param.SECURITY_PRINCIPAL.value = cn=admin,dc=internet2,dc=edu
+#subjectApi.source.ldap.param.SECURITY_CREDENTIALS.value.elConfig = ${java.lang.System.getenv().get('SUBJECT_SOURCE_LDAP_PASSWORD_FILE') != null ? org.apache.commons.io.FileUtils.readFileToString(java.lang.System.getenv().get('SUBJECT_SOURCE_LDAP_PASSWORD_FILE'), "utf-8") : java.lang.System.getenv().get('SUBJECT_SOURCE_LDAP_PASSWORD')}
+#subjectApi.source.ldap.param.VTLDAP_VALIDATOR.value = ConnectLdapValidator
+
 subjectApi.source.ldap.param.SubjectID_AttributeType.value = uid
 subjectApi.source.ldap.param.SubjectID_formatToLowerCase.value = false
 subjectApi.source.ldap.param.Name_AttributeType.value = cn
 subjectApi.source.ldap.param.Description_AttributeType.value = cn
-subjectApi.source.ldap.param.VTLDAP_VALIDATOR.value = ConnectLdapValidator
 subjectApi.source.ldap.param.subjectVirtualAttribute_0_searchAttribute0.value = ${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('uid'), "")},${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('cn'), "")},${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('exampleEduRegId'), "")}
 subjectApi.source.ldap.param.sortAttribute0.value = cn
 subjectApi.source.ldap.param.searchAttribute0.value = searchAttribute0
@@ -55,7 +61,7 @@ subjectApi.source.ldap.param.searchAttribute0.value = searchAttribute0
 #  Each subject has one and only on ID.  Returns one result when searching for one ID.
 subjectApi.source.ldap.search.searchSubject.param.filter.value = (&(uid=%TERM%)(objectclass=person))
 subjectApi.source.ldap.search.searchSubject.param.scope.value = SUBTREE_SCOPE
-subjectApi.source.ldap.search.searchSubject.param.base.value = ou=people,dc=internet2,dc=edu
+subjectApi.source.ldap.search.searchSubject.param.base.value = ou=people
 
 #searchSubjectByIdentifier: find a subject by identifier.  Identifier is anything that uniquely
 #  identifies the user, e.g. jsmith or jsmith@institution.edu.
@@ -63,13 +69,13 @@ subjectApi.source.ldap.search.searchSubject.param.base.value = ou=people,dc=inte
 #  even across sources.  Returns one result when searching for one identifier.
 subjectApi.source.ldap.search.searchSubjectByIdentifier.param.filter.value = (&(|(uid=%TERM%)(employeeNumber=%TERM%))(objectclass=person))
 subjectApi.source.ldap.search.searchSubjectByIdentifier.param.scope.value = SUBTREE_SCOPE
-subjectApi.source.ldap.search.searchSubjectByIdentifier.param.base.value = ou=people,dc=internet2,dc=edu
+subjectApi.source.ldap.search.searchSubjectByIdentifier.param.base.value = ou=people
 
 #   search: find subjects by free form search.  Returns multiple results.
 
 subjectApi.source.ldap.search.search.param.filter.value = (&(|(|(uid=%TERM%)(cn=*%TERM%*))(uid=%TERM%*))(objectclass=person))
 subjectApi.source.ldap.search.search.param.scope.value = SUBTREE_SCOPE
-subjectApi.source.ldap.search.search.param.base.value = ou=people,dc=internet2,dc=edu
+subjectApi.source.ldap.search.search.param.base.value = ou=people
 
 subjectApi.source.ldap.attributes = givenName, sn, uid, mail, employeeNumber
 subjectApi.source.ldap.internalAttributes = searchAttribute0
diff --git a/test-compose/data/container_files/conf/subject.properties b/test-compose/data/container_files/conf/subject.properties
index a8231911..c9329fdb 100644
--- a/test-compose/data/container_files/conf/subject.properties
+++ b/test-compose/data/container_files/conf/subject.properties
@@ -1,19 +1,25 @@
-subject.sources.xml.location =
+#subject.sources.xml.location =
+
+subjectApi.source.ldap.param.ldapServerId.value = demo
+
 
 subjectApi.source.ldap.id = ldap
 subjectApi.source.ldap.name = EDU Ldap 
 subjectApi.source.ldap.types = person
 subjectApi.source.ldap.adapterClass = edu.internet2.middleware.grouper.subj.GrouperJndiSourceAdapter
-subjectApi.source.ldap.param.INITIAL_CONTEXT_FACTORY.value = com.sun.jndi.ldap.LdapCtxFactory
-subjectApi.source.ldap.param.PROVIDER_URL.value = ldap://localhost:389
-subjectApi.source.ldap.param.SECURITY_AUTHENTICATION.value = simple
-subjectApi.source.ldap.param.SECURITY_PRINCIPAL.value = cn=admin,dc=internet2,dc=edu
-subjectApi.source.ldap.param.SECURITY_CREDENTIALS.value = password
+
+## replaced with new LDAPTIVE lib
+#subjectApi.source.ldap.param.INITIAL_CONTEXT_FACTORY.value = com.sun.jndi.ldap.LdapCtxFactory
+#subjectApi.source.ldap.param.PROVIDER_URL.value = ldap://data:389
+#subjectApi.source.ldap.param.SECURITY_AUTHENTICATION.value = simple
+#subjectApi.source.ldap.param.SECURITY_PRINCIPAL.value = cn=admin,dc=internet2,dc=edu
+#subjectApi.source.ldap.param.SECURITY_CREDENTIALS.value.elConfig = ${java.lang.System.getenv().get('SUBJECT_SOURCE_LDAP_PASSWORD_FILE') != null ? org.apache.commons.io.FileUtils.readFileToString(java.lang.System.getenv().get('SUBJECT_SOURCE_LDAP_PASSWORD_FILE'), "utf-8") : java.lang.System.getenv().get('SUBJECT_SOURCE_LDAP_PASSWORD')}
+#subjectApi.source.ldap.param.VTLDAP_VALIDATOR.value = ConnectLdapValidator
+
 subjectApi.source.ldap.param.SubjectID_AttributeType.value = uid
 subjectApi.source.ldap.param.SubjectID_formatToLowerCase.value = false
 subjectApi.source.ldap.param.Name_AttributeType.value = cn
 subjectApi.source.ldap.param.Description_AttributeType.value = cn
-subjectApi.source.ldap.param.VTLDAP_VALIDATOR.value = ConnectLdapValidator
 subjectApi.source.ldap.param.subjectVirtualAttribute_0_searchAttribute0.value = ${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('uid'), "")},${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('cn'), "")},${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('exampleEduRegId'), "")}
 subjectApi.source.ldap.param.sortAttribute0.value = cn
 subjectApi.source.ldap.param.searchAttribute0.value = searchAttribute0
@@ -55,7 +61,7 @@ subjectApi.source.ldap.param.searchAttribute0.value = searchAttribute0
 #  Each subject has one and only on ID.  Returns one result when searching for one ID.
 subjectApi.source.ldap.search.searchSubject.param.filter.value = (&(uid=%TERM%)(objectclass=person))
 subjectApi.source.ldap.search.searchSubject.param.scope.value = SUBTREE_SCOPE
-subjectApi.source.ldap.search.searchSubject.param.base.value = ou=people,dc=internet2,dc=edu
+subjectApi.source.ldap.search.searchSubject.param.base.value = ou=people
 
 #searchSubjectByIdentifier: find a subject by identifier.  Identifier is anything that uniquely
 #  identifies the user, e.g. jsmith or jsmith@institution.edu.
@@ -63,13 +69,13 @@ subjectApi.source.ldap.search.searchSubject.param.base.value = ou=people,dc=inte
 #  even across sources.  Returns one result when searching for one identifier.
 subjectApi.source.ldap.search.searchSubjectByIdentifier.param.filter.value = (&(|(uid=%TERM%)(employeeNumber=%TERM%))(objectclass=person))
 subjectApi.source.ldap.search.searchSubjectByIdentifier.param.scope.value = SUBTREE_SCOPE
-subjectApi.source.ldap.search.searchSubjectByIdentifier.param.base.value = ou=people,dc=internet2,dc=edu
+subjectApi.source.ldap.search.searchSubjectByIdentifier.param.base.value = ou=people
 
 #   search: find subjects by free form search.  Returns multiple results.
 
 subjectApi.source.ldap.search.search.param.filter.value = (&(|(|(uid=%TERM%)(cn=*%TERM%*))(uid=%TERM%*))(objectclass=person))
 subjectApi.source.ldap.search.search.param.scope.value = SUBTREE_SCOPE
-subjectApi.source.ldap.search.search.param.base.value = ou=people,dc=internet2,dc=edu
+subjectApi.source.ldap.search.search.param.base.value = ou=people
 
 subjectApi.source.ldap.attributes = givenName, sn, uid, mail, employeeNumber
 subjectApi.source.ldap.internalAttributes = searchAttribute0
diff --git a/test-compose/data/container_files/seed-data/bootstrap.gsh b/test-compose/data/container_files/seed-data/bootstrap.gsh
index e2a018aa..b8d9c9f7 100644
--- a/test-compose/data/container_files/seed-data/bootstrap.gsh
+++ b/test-compose/data/container_files/seed-data/bootstrap.gsh
@@ -1,3 +1,10 @@
 gs = GrouperSession.startRootSession()
 
+addStem("","app", "enterprise applications access control policy")
+addStem("","basis", "groups used exclusively by the IAM team to build reference groups")
+addStem("","bundle", "sets of reference groups used in policy for many services")
+addStem("","org", "delegated authority, ad-hoc groups, org owned apps or reference groups")
+addStem("","ref", "reference groups (i.e. institutional meaningful cohorts)")
+addStem("","test", "test folder for system verification")
+
 addMember("etc:sysadmingroup","banderson");