diff --git a/.gitignore b/.gitignore
index 811f8fa7..288333c8 100644
--- a/.gitignore
+++ b/.gitignore
@@ -7,3 +7,5 @@ bin/run.sh
bin/start.sh
bin/stop.sh
bin/test.sh
+/.project
+**/*~
diff --git a/Dockerfile b/Dockerfile
index 6fdf32bd..7be7f701 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,154 +1,56 @@
-FROM centos:centos7 as installing
-
-RUN yum update -y \
- && yum install -y wget tar unzip dos2unix \
- && yum clean all
-
-ARG GROUPER_CONTAINER_VERSION
-
-ENV GROUPER_VERSION=2.4.0 \
- JAVA_HOME=/usr/lib/jvm/zulu-8/ \
- GROUPER_CONTAINER_VERSION=$GROUPER_CONTAINER_VERSION
-
-# use Zulu package
-RUN rpm --import http://repos.azulsystems.com/RPM-GPG-KEY-azulsystems \
- && curl -o /etc/yum.repos.d/zulu.repo http://repos.azulsystems.com/rhel/zulu.repo \
- && yum -y install zulu-8
-
-#RUN java_version=8.0.172; \
-# zulu_version=8.30.0.1; \
-# echo 'Downloading the OpenJDK Zulu...' \
-# && wget -q http://cdn.azul.com/zulu/bin/zulu$zulu_version-jdk$java_version-linux_x64.tar.gz \
-# && echo "0a101a592a177c1c7bc63738d7bc2930 zulu$zulu_version-jdk$java_version-linux_x64.tar.gz" | md5sum -c - \
-# && tar -zxvf zulu$zulu_version-jdk$java_version-linux_x64.tar.gz -C /opt \
-# && ln -s /opt/zulu$zulu_version-jdk$java_version-linux_x64 $JAVA_HOME
-
-#RUN java_version=8u151; \
-# java_bnumber=12; \
-# java_semver=1.8.0_151; \
-# java_hash=123b1d755416aa7579abc03f01ab946e612e141b6f7564130f2ada00ed913f1d; \
-# echo 'Downloading the Oracle Java...' \
-# && wget --no-check-certificate --no-cookies --header "Cookie: oraclelicense=accept-securebackup-cookie" \
-# http://download.oracle.com/otn-pub/java/jdk/$java_version-b$java_bnumber/e758a0de34e24606bca991d704f6dcbf/server-jre-$java_version-linux-x64.tar.gz \
-# && echo "$java_hash server-jre-$java_version-linux-x64.tar.gz" | sha256sum -c - \
-# && tar -zxvf server-jre-$java_version-linux-x64.tar.gz -C /opt \
-# && ln -s /opt/jdk$java_semver/ $JAVA_HOME
-
-RUN echo 'Downloading Grouper Installer...' \
- && mkdir -p /opt/grouper/$GROUPER_VERSION \
- && wget -q -O /opt/grouper/$GROUPER_VERSION/grouperInstaller.jar http://software.internet2.edu/grouper/release/$GROUPER_VERSION/grouperInstaller.jar
-
-COPY container_files/grouper.installer.properties /opt/grouper/$GROUPER_VERSION
-# Temporary morphString file used for building, not used in production
-COPY container_files/morphString.properties /opt/grouper/$GROUPER_VERSION
-
-
-RUN echo 'Installing Grouper'; \
- PATH=$PATH:$JAVA_HOME/bin; \
- cd /opt/grouper/$GROUPER_VERSION/ \
- && $JAVA_HOME/bin/java -cp :grouperInstaller.jar edu.internet2.middleware.grouperInstaller.GrouperInstaller
-
-
-
-FROM centos:centos7 as cleanup
-
-ENV GROUPER_VERSION=2.4.0 \
- TOMCAT_VERSION=8.5.42 \
- TOMEE_VERSION=7.0.0
-
-COPY --from=installing /opt/grouper/$GROUPER_VERSION/grouperInstaller.jar /opt/grouper/
-COPY --from=installing /opt/grouper/$GROUPER_VERSION/grouper.apiBinary-$GROUPER_VERSION/ /opt/grouper/grouper.apiBinary/
-COPY --from=installing /opt/grouper/$GROUPER_VERSION/grouper.ui-$GROUPER_VERSION/dist/grouper/ /opt/grouper/grouper.ui/
-COPY --from=installing /opt/grouper/$GROUPER_VERSION/grouper.ws-$GROUPER_VERSION/grouper-ws/build/dist/grouper-ws/ /opt/grouper/grouper.ws/
-COPY --from=installing /opt/grouper/$GROUPER_VERSION/grouper.ws-$GROUPER_VERSION/grouper-ws-scim/targetBuiltin/grouper-ws-scim/ /opt/grouper/grouper.scim/
-#COPY --from=installing /opt/grouper/$GROUPER_VERSION/grouper.clientBinary-$GROUPER_VERSION/ /opt/grouper/grouper.clientBinary/
-COPY --from=installing /opt/grouper/$GROUPER_VERSION/apache-tomcat-$TOMCAT_VERSION/ /opt/tomcat/
-COPY --from=installing /opt/grouper/$GROUPER_VERSION/apache-tomee-webprofile-$TOMEE_VERSION/ /opt/tomee/
-COPY --from=installing /etc/alternatives/java /etc/alternatives/java
-
-ADD https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-core/2.11.0/log4j-core-2.11.0.jar /opt/tomcat/bin
-ADD https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-api/2.11.0/log4j-api-2.11.0.jar /opt/tomcat/bin
-ADD https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-jul/2.11.0/log4j-jul-2.11.0.jar /opt/tomcat/bin
-
-ADD https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-core/2.11.0/log4j-core-2.11.0.jar /opt/tomee/bin
-ADD https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-api/2.11.0/log4j-api-2.11.0.jar /opt/tomee/bin
-ADD https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-jul/2.11.0/log4j-jul-2.11.0.jar /opt/tomee/bin
-
-RUN cd /opt/grouper/grouper.apiBinary/; \
- rm -fr ddlScripts/ grouper.properties grouper.lck grouper.log grouper.script grouper.tmp/ gshAddGrouperSystemWsGroup.gsh logs/
-
-RUN cd /opt/tomcat/; \
- chmod +r bin/log4j-*.jar; \
- rm -fr webapps/docs/ webapps/examples/ webapps/host-manager/ webapps/manager/ webapps/ROOT/ logs/* temp/* work/* conf/logging.properties
-
-RUN cd /opt/tomee/; \
- chmod +r bin/log4j-*.jar; \
- rm -fr webapps/docs/ webapps/host-manager/ webapps/manager/ logs/* temp/* work/* conf/logging.properties
-
-COPY container_files/api/* /opt/grouper/grouper.apiBinary/conf/
-COPY container_files/ui/ /opt/grouper/grouper.ui/WEB-INF/
-COPY container_files/ws/ /opt/grouper/grouper.ws/WEB-INF/
-COPY container_files/tomcat/ /opt/tomcat/
-COPY container_files/tomee/ /opt/tomee/
-
-
-FROM tier/shibboleth_sp:3.0.4_03122019
+FROM --platform=$TARGETPLATFORM rockylinux:8
LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>" \
Vendor="TIER" \
ImageType="Grouper" \
ImageName=$imagename \
ImageOS=centos7
-
+
ARG GROUPER_CONTAINER_VERSION
-ENV JAVA_HOME=/usr/lib/jvm/zulu-8/ \
+ENV GROUPER_VERSION=5.1.0 \
+ GROUPER_CONTAINER_VERSION=5.1.0 \
+ JAVA_HOME=/usr/lib/jvm/java-17-amazon-corretto \
PATH=$PATH:$JAVA_HOME/bin \
- GROUPER_HOME=/opt/grouper/grouper.apiBinary \
- GROUPER_CONTAINER_VERSION=$GROUPER_CONTAINER_VERSION
-
-RUN ln -sf /usr/share/zoneinfo/UTC /etc/localtime
+ GROUPER_HOME=/opt/grouper/grouperWebapp/WEB-INF
+# net-tools curl mlocate strace telnet man vim rsyslog cron mod_ssl cronie
RUN yum update -y \
- && yum install -y cron logrotate python-pip \
- && pip install --upgrade pip \
- && pip install supervisor \
- && yum clean -y all
+ && yum install -y logrotate python3-pip rsync sudo patch wget tar unzip dos2unix file net-tools curl mlocate logrotate strace telnet man vim rsyslog cronie findutils \
+ && pip3 install --upgrade setuptools \
+ && yum clean -y all \
+ && groupadd -r tomcat \
+ && useradd -r -m -s /sbin/nologin -g tomcat tomcat \
+ && mkdir -p /opt/container_files
-COPY --from=installing $JAVA_HOME $JAVA_HOME
-COPY --from=cleanup /opt/tomcat/ /opt/tomcat/
-COPY --from=cleanup /opt/tomee/ /opt/tomee/
-COPY --from=cleanup /opt/grouper/ /opt/grouper/
+# Install Corretto Java JDK
+#Corretto download page: https://docs.aws.amazon.com/corretto/latest/corretto-8-ug/downloads-list.html
-RUN groupadd -r tomcat \
- && useradd -r -m -s /sbin/nologin -g tomcat tomcat \
- && mkdir -p /opt/tomcat/logs/ /opt/tomcat/temp/ /opt/tomcat/work/ \
- && chown -R tomcat:tomcat /opt/tomcat/logs/ /opt/tomcat/temp/ /opt/tomcat/work/ \
- && chown -R tomcat:tomcat /opt/tomee/logs/ /opt/tomee/temp/ /opt/tomee/work/ \
- && ln -s $JAVA_HOME/bin/java /etc/alternatives/java
+# Install Corretto Java JDK (newer more arch independent way)
+RUN rpm --import https://yum.corretto.aws/corretto.key \
+ && curl -L -o /etc/yum.repos.d/corretto.repo https://yum.corretto.aws/corretto.repo \
+ && yum install -y java-17-amazon-corretto-devel
-# does shib sp3 not generate these files?
-# RUN rm /etc/shibboleth/sp-key.pem /etc/shibboleth/sp-cert.pem
+# real copy command (if not caching), uncomment this and change comments of COPY above to work on install script
+COPY container_files/ /opt/container_files/
-COPY container_files/tier-support/ /opt/tier-support/
-COPY container_files/usr-local-bin/ /usr/local/bin/
-COPY container_files/httpd/* /etc/httpd/conf.d/
-COPY container_files/shibboleth/* /etc/shibboleth/
+# TODO put this back in one command
+RUN chmod +x /opt/container_files/docker-build-bin/*.sh
+RUN /opt/container_files/docker-build-bin/containerDockerfileInstallDos2unix.sh /opt/container_files
+RUN /opt/container_files/docker-build-bin/containerDockerfileInstallGrouper.sh $JAVA_HOME $GROUPER_VERSION
+RUN /opt/container_files/docker-build-bin/containerDockerfileInstall.sh $JAVA_HOME $GROUPER_VERSION
-RUN cp /dev/null /etc/httpd/conf.d/ssl.conf \
- && sed -i 's/LogFormat "/LogFormat "httpd;access_log;%{ENV}e;%{USERTOKEN}e;/g' /etc/httpd/conf/httpd.conf \
- && echo -e "\nErrorLogFormat \"httpd;error_log;%{ENV}e;%{USERTOKEN}e;[%{u}t] [%-m:%l] [pid %P:tid %T] %7F: %E: [client\ %a] %M% ,\ referer\ %{Referer}i\"" >> /etc/httpd/conf/httpd.conf \
- && sed -i 's/CustomLog "logs\/access_log"/CustomLog "\/tmp\/logpipe"/g' /etc/httpd/conf/httpd.conf \
- && sed -i 's/ErrorLog "logs\/error_log"/ErrorLog "\/tmp\/logpipe"/g' /etc/httpd/conf/httpd.conf \
- && echo -e "\nPassEnv ENV" >> /etc/httpd/conf/httpd.conf \
- && echo -e "\nPassEnv USERTOKEN" >> /etc/httpd/conf/httpd.conf
-WORKDIR /opt/grouper/grouper.apiBinary/
+# testing container
+# see output with docker build . --tag my:grouper
+# DOCKER_BUILDKIT=0 docker build --progress=plain -t mygrouper .
+# docker run --detach --name mygrouper mygrouper:latest
+# docker exec -it mygrouper bash
+WORKDIR /opt/grouper/grouperWebapp/WEB-INF/
EXPOSE 80 443
-
HEALTHCHECK NONE
ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
-
-CMD ["bin/gsh", "-loader"]
+#ENTRYPOINT ["ping"]
+#CMD ["google.com"]
diff --git a/Dockerfile2 b/Dockerfile2
new file mode 100644
index 00000000..8293e6ed
--- /dev/null
+++ b/Dockerfile2
@@ -0,0 +1,74 @@
+FROM --platform=$TARGETPLATFORM rockylinux:8.6
+
+LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>" \
+ Vendor="TIER" \
+ ImageType="Grouper" \
+ ImageName=$imagename \
+ ImageOS=centos7
+
+ARG GROUPER_CONTAINER_VERSION
+
+ENV GROUPER_VERSION=4.1.0 \
+ GROUPER_CONTAINER_VERSION=5.0.0 \
+ JAVA_HOME=/usr/lib/jvm/java-1.8.0-amazon-corretto \
+ PATH=$PATH:$JAVA_HOME/bin \
+ GROUPER_HOME=/opt/grouper/grouperWebapp/WEB-INF
+
+RUN ln -sf /usr/share/zoneinfo/UTC /etc/localtime \
+ && echo "NETWORKING=yes" > /etc/sysconfig/network
+RUN rm -fr /var/cache/yum/* && yum clean all && yum -y install --setopt=tsflags=nodocs epel-release && yum -y update && \
+ yum -y install net-tools wget curl tar unzip mlocate logrotate strace telnet man vim rsyslog cron mod_ssl dos2unix cronie && \
+ yum clean all
+
+RUN yum update -y \
+ && yum install -y logrotate python3-pip rsync sudo patch wget tar unzip dos2unix file \
+ && pip3 install --upgrade setuptools \
+ && yum clean -y all \
+ && groupadd -r tomcat \
+ && useradd -r -m -s /sbin/nologin -g tomcat tomcat \
+ && mkdir -p /opt/container_files
+
+# Install Corretto Java JDK
+#Corretto download page: https://docs.aws.amazon.com/corretto/latest/corretto-8-ug/downloads-list.html
+
+ARG JAVA_VERSION=1.8.0
+
+
+COPY container_files/docker-build-bin /opt/container_files/docker-build-bin/
+COPY container_files/morphString.properties /opt/container_files/
+COPY container_files/grouper.installer.properties /opt/container_files/
+RUN mkdir /opt/container_files/java-corretto
+COPY container_files/java-corretto/corretto-signing-key.pub /opt/container_files/java-corretto
+COPY container_files/tier-support /opt/container_files/tier-support/
+RUN cd /tmp \
+ && chmod +x /opt/container_files/docker-build-bin/*.sh \
+ && /opt/container_files/docker-build-bin/containerDockerfileInstallDos2unix.sh /opt/container_files \
+ && /opt/container_files/docker-build-bin/containerDockerfileInstallJava.sh $JAVA_VERSION \
+ && /opt/container_files/docker-build-bin/containerDockerfileInstallGrouper.sh $JAVA_HOME $GROUPER_VERSION
+
+
+# real copy command (if not caching), uncomment this and change comments of COPY above to work on install script
+COPY container_files/ /opt/container_files/
+
+RUN cd /tmp \
+ && chmod +x /opt/container_files/docker-build-bin/*.sh \
+ && /opt/container_files/docker-build-bin/containerDockerfileInstallDos2unix.sh /opt/container_files \
+ && /opt/container_files/docker-build-bin/containerDockerfileInstall.sh $JAVA_HOME $GROUPER_VERSION
+
+
+# testing container
+# see output with docker build . --tag my:grouper
+# DOCKER_BUILDKIT=0 docker build --progress=plain -t mygrouper .
+# docker run --detach --name mygrouper mygrouper:latest
+# docker exec -it mygrouper bash
+
+WORKDIR /opt/grouper/grouperWebapp/WEB-INF/
+EXPOSE 80 443
+HEALTHCHECK NONE
+
+#ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
+
+# LOCAL start uncomment ping, and comment out other entrypoint to just have a simple runnable container
+ENTRYPOINT ["ping"]
+CMD ["google.com"]
+# LOCAL end
\ No newline at end of file
diff --git a/Jenkinsfile b/Jenkinsfile
index 3ed439e5..e0d2e946 100644
--- a/Jenkinsfile
+++ b/Jenkinsfile
@@ -1,10 +1,12 @@
pipeline {
- agent any
+ agent { node { label 'docker-multi-arch' } }
environment {
maintainer = "t"
- imagename = 'g'
+ imagename = 's'
tag = 'l'
+ DOCKERHUBPW=credentials('tieradmin-dockerhub-pw')
+
}
stages {
stage('Setting build context') {
@@ -12,7 +14,7 @@ pipeline {
script {
maintainer = maintain()
imagename = imagename()
- if(env.BRANCH_NAME == "master") {
+ if(env.BRANCH_NAME == "main") {
tag = "latest"
} else {
tag = env.BRANCH_NAME
@@ -51,12 +53,16 @@ pipeline {
steps {
script {
try{
- docker.withRegistry('https://registry.hub.docker.com/', "dockerhub-$maintainer") {
- baseImg = docker.build("$maintainer/$imagename", "--build-arg GROUPER_CONTAINER_VERSION=$tag --no-cache .")
- }
+ sh 'docker login -u tieradmin -p $DOCKERHUBPW'
+ // fails if already exists
+ // sh 'docker buildx create --use --name multiarch --append'
+ sh 'docker buildx inspect --bootstrap'
+ sh 'docker buildx ls'
+ sh "docker buildx build --platform linux/amd64 -t ${imagename} --build-arg GROUPER_CONTAINER_VERSION=${tag} --load ."
+ sh "docker buildx build --platform linux/arm64 -t ${imagename}:arm64 --build-arg GROUPER_CONTAINER_VERSION=${tag} --load ."
} catch(error) {
def error_details = readFile('./debug');
- def message = "BUILD ERROR: There was a problem building ${imagename}:${tag}. \n\n ${error_details}"
+ def message = "BUILD ERROR: There was a problem building ${maintainer}/${imagename}:${tag}. \n\n ${error_details}"
sh "rm -f ./debug"
handleError(message)
}
@@ -67,40 +73,79 @@ pipeline {
steps {
script {
try {
- sh 'bin/test.sh 2>&1 | tee debug ; test ${PIPESTATUS[0]} -eq 0'
+ // echo "Starting tests..."
+ // sh 'bin/test.sh 2>&1 | tee debug ; test ${PIPESTATUS[0]} -eq 0'
+ // ===> need bats, webisoget on jenkins node
+ echo "Skipping tests for now"
} catch (error) {
def error_details = readFile('./debug')
- def message = "BUILD ERROR: There was a problem testing ${imagename}:${tag}. \n\n ${error_details}"
+ def message = "BUILD ERROR: There was a problem testing ${maintainer}/${imagename}:${tag}. \n\n ${error_details}"
sh "rm -f ./debug"
handleError(message)
}
}
}
}
+ stage('Scan') {
+ steps {
+ script {
+ try {
+ echo "Starting security scan..."
+ // Install trivy and HTML template
+ sh 'curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin v0.31.1'
+ sh 'curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/html.tpl > html.tpl'
+ // Scan container for all vulnerability levels
+ echo "Scanning for all vulnerabilities..."
+ sh 'mkdir -p reports'
+ sh "trivy image --ignore-unfixed --vuln-type os,library --severity CRITICAL,HIGH --no-progress --security-checks vuln --format template --template '@html.tpl' -o reports/container-scan.html ${imagename}"
+ sh "trivy image --ignore-unfixed --vuln-type os,library --severity CRITICAL,HIGH --no-progress --security-checks vuln --format template --template '@html.tpl' -o reports/container-scan-arm.html ${imagename}:arm64"
+ publishHTML target : [
+ allowMissing: true,
+ alwaysLinkToLastBuild: true,
+ keepAll: true,
+ reportDir: 'reports',
+ reportFiles: 'container-scan.html',
+ reportName: 'Security Scan',
+ reportTitles: 'Security Scan'
+ ]
+ publishHTML target : [
+ allowMissing: true,
+ alwaysLinkToLastBuild: true,
+ keepAll: true,
+ reportDir: 'reports',
+ reportFiles: 'container-scan-arm.html',
+ reportName: 'Security Scan (ARM)',
+ reportTitles: 'Security Scan (ARM)'
+ ]
+ // Scan again and fail on CRITICAL vulns
+ //below can be temporarily commented to prevent build from failing
+ //echo "Scanning for CRITICAL vulnerabilities only (fatal)..."
+ //sh "trivy image --ignore-unfixed --vuln-type os,library --exit-code 1 --severity CRITICAL ${imagename}"
+ //sh "trivy image --ignore-unfixed --vuln-type os,library --exit-code 1 --severity CRITICAL ${imagename}:arm64"
+ echo "Skipping scan for CRITICAL vulnerabilities (temporary)..."
+ } catch(error) {
+ def error_details = readFile('./debug');
+ def message = "BUILD ERROR: There was a problem scanning ${imagename}:${tag}. \n\n ${error_details}"
+ sh "rm -f ./debug"
+ handleError(message)
+ }
+ }
+ }
+ }
stage('Push') {
steps {
script {
- //// scan the image with clair
- // sh 'docker run -p 5432:5432 -d --name clairdb arminc/clair-db:latest'
- // sh 'docker run -p 6060:6060 --link clairdb:postgres -d --name clair arminc/clair-local-scan:v2.0.5'
- // sh 'curl -L -o clair-scanner https://github.com/arminc/clair-scanner/releases/download/v8/clair-scanner_linux_amd64'
- // sh 'chmod 755 clair-scanner'
- // sh "./clair-scanner --ip 172.17.0.1 -r test.out $maintainer/$imagename:latest"
- //// test the environment
- // sh 'docker kill clairdb'
- // sh 'docker rm clairdb'
- // sh 'docker kill clair'
- // sh 'docker rm clair'
- // sh 'cd test-compose && ./compose.sh'
- //// bring down after testing
- //sh 'cd test-compose && docker-compose down'
- docker.withRegistry('https://registry.hub.docker.com/', "dockerhub-$maintainer") {
- baseImg.push("$tag")
+ sh 'docker login -u tieradmin -p $DOCKERHUBPW'
+ // fails if already exists
+ // sh 'docker buildx create --use --name multiarch --append'
+ sh 'docker buildx inspect --bootstrap'
+ sh 'docker buildx ls'
+ echo "Pushing image to dockerhub..."
+ sh "docker buildx build --push --platform linux/arm64,linux/amd64 -t ${maintainer}/${imagename}:${tag} ."
}
}
}
- }
stage('Notify') {
steps{
echo "$maintainer"
diff --git a/LICENSE b/LICENSE
index 8dada3ed..2df95452 100644
--- a/LICENSE
+++ b/LICENSE
@@ -7,7 +7,7 @@
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
- and distribution as defined by Sections 1 through 9 of this document.
+ and distribution as defined by Sections 1 through 9 of this document
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
diff --git a/README.md b/README.md
index 691033e4..6e26ced3 100644
--- a/README.md
+++ b/README.md
@@ -1,374 +1,11 @@
-[](https://jenkins.testbed.tier.internet2.edu/buildStatus/icon?job=docker/grouper/master)
+Documentation for this container is located at the following URL:
+https://spaces.at.internet2.edu/pages/viewpage.action?pageId=163119272
-
-This repository contains the source code used to create the InCommon Trusted Access Platform Grouper container. This standalone container is pushed to Dockerhub, various tags are available at the following URL: https://hub.docker.com/r/tier/grouper/tags. This repo can also be cloned and the container built locally.
-
-The test-compose directory contains an example Grouper environment that starts up the various Grouper components. This example demonstrates how one might go about customizing and deploying their Grouper containers, using the TIER Grouper image as a base image. If evaluating Grouper, this is a good place to start.
-
-
-# Upgrading from 2.3 to 2.4
-
-If upgrading from Grouper version 2.3 to 2.4 and using LDAP, modifications will be needed in subject.properties and grouper-loaders.proprties. Further details about this can be found at the following URL:
-https://spaces.at.internet2.edu/display/Grouper/vt-ldap+to+ldaptive+migration+for+LDAP+access
-
-In particular, in subject.properties, *.param.base.value should be adjusted to only contain the RDN (Relative Distinguished Name), not the full DN. For example, "OU=People", not "OU=People,DC=domain,DC=edu"
-
-Additional upgrade information can be found at the following URL: https://spaces.at.internet2.edu/display/Grouper/v2.4+Upgrade+Instructions+from+v2.3
-
-
-
-# Supported tags
-
-- latest
-- patch specific tags with date timestamp* (i.e. 2.4.0-80-u51-w10-p11-20191118)
-
-\* Patch builds are routinely produced, but not necessarily for each patch release. The following monikers are used to construct the tag name:
-
-- a = api patch number
-- u = ui patch number
-- w = ws patch number
-- p = pspng patch number
-- last field = the year, month and day the image was built
-
-# Quick reference
-
-- **Where to get help**:
- [tier-packaging@internet2.edu](mailto:tier-packaging@internet2.edu?subject=Grouper%20Image%20Help)
-
-- **Where to file issues**:
- [https://github.internet2.edu/docker/grouper/issues](https://github.internet2.edu/docker/grouper/issues)
-
-- **Maintained by**:
- [TIER Packaging Working Group](https://spaces.internet2.edu/display/TPWG)
-
-- **Supported Docker versions**:
- [the latest release](https://github.com/docker/docker-ce/releases/latest) (down to 1.6 on a best-effort basis)
-
-# What is Grouper?
-
-Grouper is an enterprise access management system designed for the highly distributed management environment and heterogeneous information technology environment common to universities. Operating a central access management system that supports both central and distributed IT reduces risk.
-
-> [www.internet2.edu/products-services/trust-identity/grouper/](https://www.internet2.edu/products-services/trust-identity/grouper/)
-
-
-
-# How to use this image
-
-This image provides support for each of the Grouper components/roles: Grouper Daemon/Loader, Grouper UI, Grouper Web Services, and Grouper SCIM Server.
-
-## Starting each role
-
-While TIER recommends/supports using Docker Swarm for orchestrating the Grouper environment, these containers can be run directly (or with other orchestration products). Both examples are shown below. It should be noted that these examples will not run independently, but required additional configuration to be provided before each container will start as expected.
-
-### Daemon/Loader
-
-Run the Grouper Daemon/Loader as a service. If the daemon/loader container dies unexpectedly, it may be due to memory contraints. Refer to the "Grouper Shell/Loader" section below for information on how to tweak memory settings.
-
-```console
-$ docker service create --detach --name grouper-daemon tier/grouper:latest daemon
-```
-
-Run the Grouper Daemon/Loader as a standalone container.
-
-```console
-$ docker run --detach --name grouper-daemon tier/grouper:latest daemon
-```
-
-### SCIM Server
-
-Runs the Grouper SCIM Server as a service.
-
-```console
-$ docker service create --detach --publish 9443:443 --name grouper-ws tier/grouper:latest scim
-```
-
-Runs the Grouper Web Services in a standalone container.
-
-```console
-$ docker run --detach --publish 9443:443 --name grouper-daemon tier/grouper:latest scim
-```
-
-### UI
-
-Runs the Grouper UI as a service.
-
-```console
-$ docker service create --detach --publish 443:443 --name grouper-ui tier/grouper:latest ui
-```
-
-Runs the Grouper UI in a standalone container.
-
-```console
-$ docker run --detach --name --publish 443:443 grouper-ui tier/grouper:latest ui
-```
-
-### Web Services
-
-Runs the Grouper Web Services as a service.
-
-```console
-$ docker service create --detach --publish 8443:443 --name grouper-ws tier/grouper:latest ws
-```
-
-Runs the Grouper Web Services in a standalone container.
-
-```console
-$ docker run --detach --publish 8443:443 --name grouper-daemon tier/grouper:latest ws
-```
-
-### UI and Web Services
-
-> This method is good when first starting to work with Grouper, but when scaling Grouper UI or Web Services it is advisable to use the individual roles noted above.
-
-Runs the Grouper UI and Web Services as a combined service. (You should really run these as individual roles to take advantage of Docker service replicas.)
-
-```console
-$ docker service create --detach --publish 443:443 --name grouper-web tier/grouper:latest ui-ws
-```
-
-Runs the Grouper UI and Web Services in a combined container. This good when first starting to work with Grouper, but when scaling Grouper UI or Web Services it is advisable to use the individual roles noted above.
-
-```console
-$ docker run --detach --publish 443:443 --name grouper-web tier/grouper:latest ui-ws
-```
-
-### GSH
-
-Runs the Grouper Shell in a throwaway container. This makes it easy to run Grouper commands and Grouper Shell scripts. Since it is interactive it does not run as a service.
-
-```console
-$ docker run -it --rm tier/grouper:latest bin/gsh <optional GSH args>
-```
-
-# Configuration
-
-## Grouper Configurations
-
-There are several things that are required for this image to successfully start. At a minimum, the `grouper.hibernate.properties` and `subject.properties` (or the old `sources.xml` equivalent) files need to be customized and available to the container at start-up.
-
-Grouper config files maybe placed into `/opt/grouper/conf` and these files will be put into the appropriate location based on the role the container assumes. Docker Secrets starting with the name `grouper_` should take precedence over these files. (See below.)
-
-## Web Apps Configuration
-
-If starting the container to serve the Grouper UI, Grouper Web Services, Grouper SCIM Server components, a TLS key and cert(s) need to be applied to those containers.
-
-The Grouper UI also requires some basic Shibboleth SP configuration. The `/etc/shibboleth/shibboleth2.xml` file should be modified to set:
-- an entityId for the SP
-- load IdP or federation metadata
-- set the SP's encryption keys
-- the identity attribute of the subject to be passed to Grouper
-
-If encryption keys are defined in the `shibboleth2.xml` file, then the key/cert files should be provided as well. The `attribute-map.xml` file has most of the common identity attributes pre-configured, but it (and other Shibboleth SP files) can be overlaid/replaced as necessary.
-
-(See the section below.)
-
-## General Configuration Mechanism
-
-There are three primary ways to provide Grouper and additional configuration files to the container: Docker Config/Secrets, customized images, and bind mounts. Depending upon your needs you may use a combination of two or three of these options.
-
-### Secrets/Configs
-
-Docker Config and Docker Secrets are Docker's way of providing configurations files to a container at runtime. The primary difference between the Config and Secrets functionality is that Secrets is designed to protect resources/files that are sensitive.
-
-For passing full files into the container, this container will make any secrets with secret names prepended with `grouper_` available to the appropriate Grouper component's conf directory (i.e. `<GROUPER_HOME>/conf` or `WEB-INF/classes`). Any secrets with secret names starting with `shib_` will be available in the Shibboleth SP `/etc/shibboleth/` directory. Any secrets with secret names starting with `httpd_` will be available to `/etc/httpd/conf.d` directory. Finally, if a secret with the name of `host-key.pem` will be mapped to the httpd TLS cert used by Grouper UI, Grouper WS, and Grouper SCIM Server containers. These files will supercede any found in the underlying image.
-
-Docker Secrets can also be used to pass in strings, such as a database connection string password, into the component config. To pass in the Grouper database connection string, one might set the property and value as such:
-
-```text
-hibernate.connection.password.elConfig = ${java.lang.System.getenv().get('GROUPER_DATABASE_PASSWORD_FILE') != null ? org.apache.commons.io.FileUtils.readFileToString(new("java.io.File", java.lang.System.getenv().get('GROUPER_DATABASE_PASSWORD_FILE')), "utf-8") : java.lang.System.getenv().get('GROUPER_DATABASE_PASSWORD') }
-```
-
-Note that the default property name has been changed by appending `.elConfig`. (This causes Grouper to evaluate the string before saving the value.) The expression allows deployers to use a file containing only the database password as a Docker Secret and reference the file name via the `GROUPER_DATABASE_PASSWORD_FILE` environment property. This allows the config files to be baked into the image, if desired. Also, but not recommended, the database password could just be set in the Docker Service definition as an environment variable, `GROUPER_DATABASE_PASSWORD`. (Technically the expression can be broken up and just the desired functionality used.) Of course, using Grouper's MorphString functionality is supported and likely is the best option, but does require more effort in setting it up.
-
-Secrets can be managed using the `docker secret` command: `docker secret create grouper_grouper.hibernate.properties ./grouper.hibernate.properties`. This will securely store the file in the swarm. Secrets can then be assigned to the service `docker service create -d --name daemon --secret grouper_grouper.hibernate.properties --secret grouper_sources.xml tier/grouper daemon`.
-
-> `docker run` does not support secrets; Bind mounts need to be used instead, which is technically what Docker Compose does when not running against a Swarm.
-
-### Bind Mounts
-
-Bind mounts can be used to connect files/folders on the Docker host into the container's file system. Unless running in swarm mode, Docker Secrets are not supported, so we can use a bind mount to provide the container with the configuration files.
-
-```console
-$ docker run --detach --name daemon \
- --mount type=bind,src=$(pwd)/grouper.hibernate.properties,dst=/run/secrets/grouper_grouper.hibernate.properties \
- --mount type=bind,src=$(pwd)/sources.xml,dst=/run/secrets/grouper_sources.xml \
- tier/grouper daemon
-```
-
-### Customized Images
-
-Deployers will undoubtedly want to add in their files to the container. Things like additional jar files defining Grouper Hooks, or things like images and css files. This can be accomplished by building custom images. **Deployers should NOT use this method to store sensitive configuration files.**
-
-To add a favicon to the Grouper UI, we use the tier/grouper images as a base and `COPY` our local `favicon.ico` into the image. While we are at it, we define this image as a UI image by specifying the default commnd (i.e `CMD`) of `ui`.
-
-```Dockerfile
-FROM tier/grouper:latest
-
-COPY favicon.ico /opt/grouper/grouper.ui/
-
-CMD ui
-```
-
-To build our image:
-
-```console
-$ docker build --tag=org/grouper-ui .
-```
-
-This image can now be used locally or pushed to an organization's Docker repository.
-
-
-## Environment Variables
-
-Deployers can set runtime variables to both the Grouper Shell and Loader/Daemon and to Tomcat/Tomcat EE using environment variables. These can be set using the `docker run` and `docker service creates`'s `--env` paramater.
-
-### Grouper Shell/Loader
-
-The following environment variables are used by the Grouper Shell/Loader:
-- MEM_START: corresponds to the java's `-Xms`. (default is 64m)
-- MEM_MAX: corresponds to java's `-Xmx`. (default is 750m)
-
-### Tomcat/TomEE
-
-Amongst others variables defined in the `catalina.sh`, the following variables would like be useful for deployers:
-- CATALINA_OPTS: Java runtime options to only be used by Tomcat itself.
-
-# File System Endpoints
-
-Here is a list of significant directories and files that deployers should be aware of:
-
-- `/opt/grouper/conf/`: a common directory to place non-sensitive config files that will be placed into the appropriate location for each Grouper component at container start-up.
-- `/opt/grouper/lib/`: a common directory to place additional jar files that will be placed into the appropriate location for each Grouper component at container start-up.
-- `/opt/grouper/grouper.apiBinary/`: location to overlay Grouper GSH or Daemon/Loader files.
-`/opt/grouper/grouper.scim/`: location for overlaying Grouper SCIM Server web application files (expanded `grouper-ws-scim.war`).
-- `/opt/grouper/grouper.ui/`: location for overlaying Grouper UI web application files (expanded `grouper.war`).
-- `/opt/grouper/grouper.ws/`: location for overlaying Grouper Web Services web application files (expanded `grouper-ws.war`).
-- `/etc/httpd/conf.d/ssl-enabled.conf`: Can be overlaid to change the TLS settings when running Grouper UI or Web Servicse.
-- `/etc/shibboleth/`: location to overlay the Shibboleth SP configuration files used by the image.
-- `/opt/tomcat/`: used to run Grouper UI and Grouper WS
-- `/opt/tomee/`: used to run the Grouper SCIM Server.
-- `/var/run/secrets`: location where Docker Secrets are mounted into the container. Secrets starting with `grouper_`, `shib_`, and `httpd_` have special meaning. See `Secrets/Configs` above.
-- `/usr/lib/jvm/zulu-8/jre/lib/security/cacerts`: location of the Java trust store.
-
-To examine baseline image files, one might run `docker run --name=temp -it tier/grouper bash` and browse through these file system endpoints. While the container is running one may copy files out of the image/container using something like `docker cp containerId:/opt/grouper/grouper.api/conf/grouper.properties .`, which will copy the `grouper.properties` to the Docker client's present working directory. These files can then be edited and applied via the mechanisms outlined above.
-
-# Web Application Endpoints
-
-Here is a list of significant web endpoints that deployers should be aware of:
-
-- `/grouper/`: location of the Grouper UI application
-- `grouper-ws/`: location of the Grouper WS application.
-- `/grouper-ws-scim/`: location of the Grouper SCIM Server application.
-
-The endpoint that is available is dependent upon the role of the container.
-
-# Provisioning a Grouper Database
-
-Using standard methods, create a MariaDb Server and an empty Grouper database. Create a database user with privileges to create and populate schema objects. Set the appropriate database connection properties in `grouper.hibernate.properties`. Be sure to the user created with schema manipulation privileges as the db user.
-
-Next populate the database by using the following command.
-
-```console
-$ docker run -it --rm \
- --mount type=bind,src=$(pwd)/grouper.hibernate.properties,dst=/run/secrets/grouper_grouper.hibernate.properties \
- tier/grouper gsh -registry -check -runscript -noprompt
-```
-
-Note: a less privileged database user maybe used when running the typical Grouper roles. This user needs SELECT, INSERT, UPDATE, and DELETE privileges on the schema objects.
-
-# Provisioning a Grouper Database
-
-Using standard methods, create a MariaDb Server and an empty Grouper database. Create a database user with privileges to create and populate schema objects. Set the appropriate database connection properties in `grouper.hibernate.properties`. Be sure that the user is created with schema manipulation privileges.
-
-Next populate the database by using the following command.
-
-```console
-$ docker container run -it --rm \
- --mount type=bind,src=$(pwd)/grouper.hibernate.properties,dst=/run/secrets/grouper_grouper.hibernate.properties \
- tier/grouper gsh -registry -check -runscript -noprompt
-```
-
-Also, it is possible to just connect directly to the container, create the DDL, and copy it out. This is necessary if your DBAs would prefer to manually execute the DDL to create the schema objects:
-
-```console
-$ docker container run -it --name grouper \
- --mount type=bind,src=$(pwd)/grouper.hibernate.properties,dst=/run/secrets/grouper_grouper.hibernate.properties \
- tier/grouper
-
- gsh -registry -check
-
- exit
-
-$ docker container cp grouper:/opt/grouper/grouper.apiBinary/ddlScripts/ .
-$ docker container rm -f grouper
-```
-The generated DDL will be on the host in the `ddlScripts` directory.
-
-Note: A less privileged database user maybe used when running the typical Grouper roles. This user just needs SELECT, INSERT, UPDATE, and DELETE privileges on the tables and views. Running in this configuration requires DBAs to manually run the DDL scripts.
-
-# Configuring the embedded Shibboleth SP
-
-The Shibboleth SP needs to be configured to integrate with one or more SAML IdPs. Reference the Shibboleth SP documentation for specific instructions, but here is information on generating an encryption key/cert pair and mounting them (all of which are environment specific) and the shibboleth2.xml into the container.
-
-1. Start a temporary container and generate the key/cert pair:
- ```
- $ docker container run -it --name grouper \
- tier/grouper bash
-
- cd /etc/shibboleth
- ./keygen.sh -f -h <public_hostname>
- exit
- ```
-
-1. Copy the key, cert, and `shibboleth2.xml` files out of the container (and remove the container)
- ```console
- $ docker container cp grouper:/etc/shibboleth/shibboleth2.xml .
- $ docker container cp grouper:/etc/shibboleth/sp-cert.pem .
- $ docker container cp grouper:/etc/shibboleth/sp-key.pem .
-
- $ docker container rm grouper
- ```
-
-1. After updating the `shibboleth2.xml` file, save the key, cert, and shibboleth2.xml as secrets/config:
- ```console
- $ docker secret create sp-key.pem sp-key.pem
- $ docker config create sp-cert.pem sp-cert.pem
- $ docker config create shibboleth2.xml shibboleth2.xml
- ```
-
-1. Add the following to the UI service creation command to mount the environment specific settings:
- ```
- --secret source=sp-key.pem.pem,target=shib_sp-key.pem \
- --config source=sp-cert.pem,target=/etc/shibboleth/sp-cert.pem \
- --config source=shibboleth2.xml,target=/etc/shibboleth/shibboleth2.xml \
- ```
-
-# Logging
-
-This image outputs logs in a manner that is consistent with Docker Logging. Each log entry is prefaced with the submodule name (e.g. shibd, httpd, tomcat, grouper), the logfile name (e.g. access_log, grouper_error.log, catalina.out) and user definable environment name and a user definable token. Content found after the preface will be specific to the application ands its logging configuration.
-
-> Note: If customizing a particular component's logging, it is recommended that the file be source from the image (`docker container cp`) or from the image's source repository.
-
-To assign the "environment" string, set the environment variable `ENV` when defining the Docker service. For the "user defined token" string, use the environment variable of `USERTOKEN`.
-
-An example might look like the following, with the env of "dev" and the usertoken of "build-2"
-
-```text
-shibd shibd.log dev build-2 2018-03-27 20:42:22 INFO Shibboleth.Listener : listener service starting
-grouper-api grouper_event.log dev build-2 2018-03-27 21:10:00,046: [DefaultQuartzScheduler_Worker-1] INFO EventLog.info(156) - - [fdbb0099fe9e46e5be4371eb11250d39,'GrouperSystem','application'] session: start (0ms)
-tomcat console dev build-2 Grouper starting up: version: 2.3.0, build date: null, env: <no label configured>
-```
-
-# Misc Notes
-
-- [HTTP Strict Transport Security (HSTS)](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) is enabled on the Apache HTTP Server.
-- morphStrings functionality in Grouper is supported. It is recommended that the various morphString files be associated with the containers as Docker Secrets. Set the configuration file properties to use `/var/run/secrets/secretname`.
-- Grouper UI has been pre-configured to authenticate users via Shibboleth SP.
-- By default, Grouper WS (hosted by `/opt/tomcat/`) and the Grouper SCIM Server (hosted by `/opt/tomee/`) use tomcat-users.xml for authentication, but by default no users are enabled. LDAP-backed authentication or other methods can be used and must be configured by the deployer.
+[](https://jenkins.testbed.tier.internet2.edu/buildStatus/icon?job=docker/grouper/2.5.22)
# License
-View [license information](https://www.apache.org/licenses/LICENSE-2.0) for the software contained in this image.
+View [license information](https://www.apache.org/licenses/LICENSE-2.0) for the software contained in this image
As with all Docker images, these likely also contain other software which may be under other licenses (such as Bash, etc from the base distribution, along with any direct or indirect dependencies of the primary software being contained).
diff --git a/build.sh b/build.sh
new file mode 100755
index 00000000..6a1b0f46
--- /dev/null
+++ b/build.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+
+docker build -t my-grouper .
diff --git a/build2.sh b/build2.sh
new file mode 100755
index 00000000..f51bd2f2
--- /dev/null
+++ b/build2.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+
+docker build -t my-grouper -f Dockerfile2 .
diff --git a/common.bash b/common.bash
index 22fbc6a9..cc96a899 100644
--- a/common.bash
+++ b/common.bash
@@ -1,2 +1,2 @@
-maintainer="tier"
+maintainer="i2incommon"
imagename="grouper"
diff --git a/container_files/api/log4j.properties b/container_files/api/log4j.properties
deleted file mode 100644
index 9b9c5d4e..00000000
--- a/container_files/api/log4j.properties
+++ /dev/null
@@ -1,144 +0,0 @@
-
-#
-# Copyright 2014 Internet2
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-#${grouper.home} will be substituted with the System property "grouper.home", which must have a trailing \ or /
-# depending on your OS. Of course you can use absolute paths if you prefer
-
-
-#
-# log4j Configuration
-# $Id: log4j.example.properties,v 1.13 2009-12-18 13:56:51 tzeller Exp $
-#
-
-# Appenders
-
-## Grouper API event logging
-log4j.appender.grouper_event = org.apache.log4j.FileAppender
-log4j.appender.grouper_event.file = /tmp/logpipe
-log4j.appender.grouper_event.append = true
-log4j.appender.grouper_event.layout = org.apache.log4j.PatternLayout
-log4j.appender.grouper_event.layout.ConversionPattern = grouper-api;grouper_event.log;${ENV};${USERTOKEN};%d{ISO8601}: [%t] %-5p %C{1}.%M(%L) - %x - %m%n
-
-## Grouper API error logging
-log4j.appender.grouper_error = org.apache.log4j.FileAppender
-log4j.appender.grouper_error.file = /tmp/logpipe
-log4j.appender.grouper_errot.append = true
-log4j.appender.grouper_error.layout = org.apache.log4j.PatternLayout
-log4j.appender.grouper_error.layout.ConversionPattern = grouper-api;grouper_error.log;${ENV};${USERTOKEN};%d{ISO8601}: [%t] %-5p %C{1}.%M(%L) - %x - %m%n
-#log4j.appender.grouper_error.layout.ConversionPattern = %d{ISO8601}: %m%n
-
-# Debug logging (Or: logging that I haven't cleaned up yet to send elsewhere)
-log4j.appender.grouper_debug = org.apache.log4j.FileAppender
-log4j.appender.grouper_debug.file = /tmp/logpipe
-log4j.appender.grouper_debug.append = true
-log4j.appender.grouper_debug.layout = org.apache.log4j.PatternLayout
-#log4j.appender.grouper_debug.layout.ConversionPattern = %d{ISO8601} %5p %c{2}: %m%n
-log4j.appender.grouper_debug.layout.ConversionPattern = grouper-api;grouper_debug.log;${ENV};${USERTOKEN};%d{ISO8601}: [%t] %-5p %C{1}.%M(%L) - %x - %m%n
-
-## Benchmark logging
-log4j.appender.grouper_gb = org.apache.log4j.FileAppender
-log4j.appender.grouper_gb.file = /tmp/logpipe
-log4j.appender.grouper_gb.append = true
-log4j.appender.grouper_gb.layout = org.apache.log4j.PatternLayout
-#log4j.appender.grouper_gb.layout.ConversionPattern = %d{ISO8601} %5p %c{2}: %m%n
-log4j.appender.grouper_gb.layout.ConversionPattern = grouper-api;grouper_bench.log;${ENV};${USERTOKEN};%d{ISO8601}: [%t] %-5p %C{1}.%M(%L) - %x - %m%n
-
-# Loggers
-
-## Default logger; will log *everything*
-log4j.rootLogger = ERROR, grouper_error
-
-## All Internet2 (warn to grouper_error per default logger)
-log4j.logger.edu.internet2.middleware = WARN
-
-
-# Provisioning : PSP (version 2.1+)
-log4j.logger.edu.internet2.middleware.psp = INFO
-
-# Provisioning : vt-ldap
-# log4j.logger.edu.vt.middleware.ldap = INFO
-
-# Provisioning : Grouper plugin to Shibboleth attribute resolver
-# log4j.logger.edu.internet2.middleware.grouper.shibboleth = INFO
-
-
-# For more precise (or verbose) logging, enable one or more of the
-# following logging directives. To remove duplicate entries, just change the
-# level, and not where to send the logs
-# http://robertmarkbramprogrammer.blogspot.com/2007/06/log4j-duplicate-lines-in-output.html
-
-## Grouper Event Logging
-## * Logs at _info_ only
-log4j.logger.edu.internet2.middleware.grouper.log.EventLog = INFO, grouper_event
-log4j.logger.edu.internet2.middleware.grouper.RegistryInstall = INFO, grouper_event
-
-## Grouper Error Logging
-## * Logs at _warn_, _fatal_ and _error_ only (by default this is WARN due to internet2 below)
-#log4j.logger.edu.internet2.middleware.grouper = WARN, grouper_error
-
-## Grouper Debug Logging
-## * NOTE: There is currently VERY LITTLE (useful) information sent to this.
-## * Logs at _info_ only currently
-#log4j.logger.edu.internet2.middleware.grouper = INFO, grouper_debug
-
-## Grouper XML Export + Import Logging
-## TODO Integrate with normal logging
-log4j.logger.edu.internet2.middleware.grouper.xml.XmlExporter = INFO, grouper_event
-log4j.logger.edu.internet2.middleware.grouper.xml.XmlImporter = INFO, grouper_event
-
-## Grouper Benchmark Logging
-log4j.logger.edu.internet2.middleware.grouper.bench = INFO, grouper_gb
-
-## Grouper script to add missing group sets
-log4j.logger.edu.internet2.middleware.grouper.misc.AddMissingGroupSets = INFO, grouper_event
-
-## Grouper Sync Point in Time Tables
-log4j.logger.edu.internet2.middleware.grouper.misc.SyncPITTables = INFO, grouper_event
-
-## Grouper Sync Stem Set Table
-log4j.logger.edu.internet2.middleware.grouper.misc.SyncStemSets = INFO, grouper_event
-
-## Grouper Migrate Legacy Attributes
-log4j.logger.edu.internet2.middleware.grouper.misc.MigrateLegacyAttributes = INFO, grouper_event
-
-### Subject API
-#log4j.logger.edu.internet2.middleware.subject = ERROR, grouper_error
-#log4j.logger.edu.internet2.middleware.subject.provider = ERROR, grouper_error
-### Hibernate
-#log4j.logger.org.hibernate = ERROR, grouper_error
-### ehcache
-#log4j.logger.net.sf.ehcache = ERROR, grouper_error
-### Spring
-#log4j.logger.org.springframework = ERROR, grouper_error
-
-## Grouper Stress Testing
-log4j.logger.edu.internet2.middleware.grouper.stress = INFO, grouper_debug
-
-
-#######################################################
-##Optional settings for debug logs
-#######################################################
-
-## Hooks debug info
-#log4j.logger.edu.internet2.middleware.grouper.hooks.examples.GroupTypeTupleIncludeExcludeHook = DEBUG
-#log4j.logger.edu.internet2.middleware.grouper.Group = DEBUG
-
-#log4j.logger.edu.internet2.middleware.grouper.hooks.examples.GroupTypeSecurityHook = DEBUG
-
-
-# added by grouper-installer
-log4j.logger.org.apache.tools.ant = WARN
diff --git a/container_files/certs/TestSsl.class b/container_files/certs/TestSsl.class
new file mode 100644
index 00000000..6ce4c196
Binary files /dev/null and b/container_files/certs/TestSsl.class differ
diff --git a/container_files/certs/TestSsl.java b/container_files/certs/TestSsl.java
new file mode 100644
index 00000000..29677b7a
--- /dev/null
+++ b/container_files/certs/TestSsl.java
@@ -0,0 +1,39 @@
+import javax.net.ssl.SSLParameters;
+import javax.net.ssl.SSLSocket;
+import javax.net.ssl.SSLSocketFactory;
+import java.io.*;
+
+/**
+ * Establish a SSL connection to a host and port, writes a byte and
+ */
+public class TestSsl {
+ public static void main(String[] args) {
+ if (args.length != 2) {
+ System.out.println("Usage: "+TestSsl.class.getName()+" <host> <port>");
+ System.exit(1);
+ }
+ try {
+ SSLSocketFactory sslsocketfactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
+ SSLSocket sslsocket = (SSLSocket) sslsocketfactory.createSocket(args[0], Integer.parseInt(args[1]));
+
+ SSLParameters sslparams = new SSLParameters();
+ sslparams.setEndpointIdentificationAlgorithm("HTTPS");
+ sslsocket.setSSLParameters(sslparams);
+
+ InputStream in = sslsocket.getInputStream();
+ OutputStream out = sslsocket.getOutputStream();
+
+ // Write a test byte to get a reaction :)
+ out.write(1);
+
+ while (in.available() > 0) {
+ System.out.print(in.read());
+ }
+ System.out.println("Successfully connected");
+
+ } catch (Exception exception) {
+ exception.printStackTrace();
+ System.exit(1);
+ }
+ }
+}
diff --git a/container_files/certs/get_tls_cert.py b/container_files/certs/get_tls_cert.py
new file mode 100644
index 00000000..f1989659
--- /dev/null
+++ b/container_files/certs/get_tls_cert.py
@@ -0,0 +1,122 @@
+import sys
+import pprint
+import struct
+import socket
+import ssl
+from time import sleep
+
+# Standard "HELLO" message for TDS
+prelogin_msg = bytearray([ 0x12, 0x01, 0x00, 0x2f, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x1a, 0x00, 0x06, 0x01, 0x00, 0x20,
+ 0x00, 0x01, 0x02, 0x00, 0x21, 0x00, 0x01, 0x03, 0x00, 0x22, 0x00, 0x04, 0x04, 0x00, 0x26, 0x00,
+ 0x01, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ])
+
+# Prep Header function
+def prep_header(data):
+ data_len = len(data)
+ prelogin_head = bytearray([ 0x12, 0x01 ])
+ header_len = 8
+ total_len = header_len + data_len
+ data_head = prelogin_head + total_len.to_bytes(2, 'big')
+ data_head += bytearray([ 0x00, 0x00, 0x01, 0x00])
+ return data_head + data
+
+def read_header(data):
+ if len(data) != 8:
+ raise ValueError("prelogin header is > 8-bytes", data)
+
+ format = ">bbhhbb"
+ sct = struct.Struct(format)
+ unpacked = sct.unpack(data)
+ return { "type": unpacked[0],
+ "status": unpacked[1],
+ "length": unpacked[2],
+ "channel": unpacked[3],
+ "packet": unpacked[4],
+ "window": unpacked[5]
+ }
+
+tdspbuf = bytearray()
+def recv_tdspacket(sock):
+ global tdspbuf
+ tdspacket = tdspbuf
+ header = {}
+
+ for i in range(0,5):
+ tdspacket += sock.recv(4096)
+ print("\n# get_tdspacket: {}, tdspacket len: {} ".format(i, len(tdspacket)))
+ if len(tdspacket) >= 8:
+ header = read_header(tdspacket[:8])
+ print("# Header: ", header)
+ if len(tdspacket) >= header['length']:
+ tdspbuf = tdspacket[header['length']:]
+ print("# Remaining tdspbuf length: {}\n".format(len(tdspbuf)))
+ return header, tdspacket[8:header['length']]
+
+ sleep(0.05)
+
+# Ensure we have a commandline
+if len(sys.argv) != 3:
+ print("Usage: {} <hostname> <port>".format(sys.argv[0]))
+ sys.exit(1)
+
+hostname = sys.argv[1]
+port = int(sys.argv[2])
+
+
+# Setup SSL
+if hasattr(ssl, 'PROTOCOL_TLS'):
+ sslProto = ssl.PROTOCOL_TLS
+else:
+ sslProto = ssl.PROTOCOL_SSLv23
+
+sslctx = ssl.SSLContext(sslProto)
+sslctx.check_hostname = False
+tls_in_buf = ssl.MemoryBIO()
+tls_out_buf = ssl.MemoryBIO()
+
+# Create the SSLObj connected to the tls_in_buf and tls_out_buf
+tlssock = sslctx.wrap_bio(tls_in_buf, tls_out_buf)
+
+# create an INET, STREAMing socket
+s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+s.setblocking(0)
+s.settimeout(1)
+
+# Connect to the SQL Server
+s.connect(( hostname, port ))
+
+# Send the first TDS PRELOGIN message
+s.send(prelogin_msg)
+
+# Get the response and ignore. We will try to negotiate encryption anyway.
+header, data = recv_tdspacket(s)
+while header['status']==0:
+ header, ext_data = recv_tdspacket(s)
+ data += ext_data
+
+
+print("# Starting TLS handshake loop..")
+# Craft the packet
+for i in range(0,5):
+ try:
+ tlssock.do_handshake()
+ print("# Handshake completed, dumping certificates")
+ peercert = ssl.DER_cert_to_PEM_cert(tlssock.getpeercert(True))
+ print(peercert)
+ sys.exit(0)
+ except ssl.SSLWantReadError as err:
+ # TLS wants to keep shaking hands, but because we're controlling the R/W buffers it throws an exception
+ print("# Shaking ({}/5)".format(i))
+
+ tls_data = tls_out_buf.read()
+ s.sendall(prep_header(tls_data))
+ # TDS Packets can be split over two frames, each with their own headers.
+ # We have to concat these for TLS to handle nego properly
+ header, data = recv_tdspacket(s)
+ while header['status']==0:
+ header, ext_data = recv_tdspacket(s)
+ data += ext_data
+
+ tls_in_buf.write(data)
+
+print("# Handshake did not complete / exiting")
\ No newline at end of file
diff --git a/container_files/docker-build-bin/containerDockerfileInstall.sh b/container_files/docker-build-bin/containerDockerfileInstall.sh
new file mode 100644
index 00000000..5fc89a72
--- /dev/null
+++ b/container_files/docker-build-bin/containerDockerfileInstall.sh
@@ -0,0 +1,207 @@
+#!/bin/bash
+
+# $1 ARG JAVA_HOME=/usr/lib/jvm/java-17-amazon-corretto
+# $2 ARG GROUPER_VERSION=2.6.14
+JAVA_HOME=$1
+GROUPER_VERSION=$2
+
+chmod 775 $(find /opt/container_files -type d)
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) chmod 775 \$(find /opt/container_files -type d), result: $returnCode"
+if [ $returnCode != 0 ]; then exit $returnCode; fi
+
+chmod 664 $(find /opt/container_files -type f)
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) chmod 664 \$(find /opt/container_files -type f), result: $returnCode"
+if [ $returnCode != 0 ]; then exit $returnCode; fi
+
+chmod 775 $(find /opt/container_files -type f -name "*.sh")
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) chmod 775 \$(find /opt/container_files -type f -name \"*.sh\"), result: $returnCode"
+if [ $returnCode != 0 ]; then exit $returnCode; fi
+
+mkdir -p /opt/grouper/grouperWebapp/
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) mkdir -p /opt/grouper/grouperWebapp/, result: $returnCode"
+if [ $returnCode != 0 ]; then exit $returnCode; fi
+
+mkdir -p /opt/grouper/logs/
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) mkdir -p /opt/grouper/logs/, result: $returnCode"
+if [ $returnCode != 0 ]; then exit $returnCode; fi
+
+chown -R tomcat.root /opt/grouper/logs/
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) chown tomcat.root /opt/grouper/logs/, result: $returnCode"
+if [ $returnCode != 0 ]; then exit $returnCode; fi
+
+chmod -R g+rwxs /opt/grouper/logs/
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) chmod g+rwxs /opt/grouper/logs/, result: $returnCode"
+if [ $returnCode != 0 ]; then exit $returnCode; fi
+
+mkdir -p /opt/tomcat/
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) mkdir -p /opt/tomcat/, result: $returnCode"
+if [ $returnCode != 0 ]; then exit $returnCode; fi
+
+mv /opt/grouper/$GROUPER_VERSION/grouperInstaller.jar /opt/grouper/
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) mv /opt/grouper/$GROUPER_VERSION/grouperInstaller.jar /opt/grouper/, result: $returnCode"
+if [ $returnCode != 0 ]; then exit $returnCode; fi
+
+mv /opt/grouper/$GROUPER_VERSION/container/tomcat/* /opt/tomcat/
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) mv /opt/grouper/$GROUPER_VERSION/container/tomcat/* /opt/tomcat/, result: $returnCode"
+if [ $returnCode != 0 ]; then exit $returnCode; fi
+
+mkdir -p /opt/tomcat/temp
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) mkdir -p /opt/tomcat/temp, result: $returnCode"
+if [ $returnCode != 0 ]; then exit $returnCode; fi
+
+mkdir -p /opt/tomcat/work
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) mkdir -p /opt/tomcat/work, result: $returnCode"
+if [ $returnCode != 0 ]; then exit $returnCode; fi
+
+mv /opt/grouper/$GROUPER_VERSION/container/webapp/* /opt/grouper/grouperWebapp/
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) mv /opt/grouper/$GROUPER_VERSION/container/webapp/* /opt/grouper/grouperWebapp/, result: $returnCode"
+if [ $returnCode != 0 ]; then exit $returnCode; fi
+
+rm -rf /opt/grouper/$GROUPER_VERSION
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) rm -rf /opt/grouper/$GROUPER_VERSION, result: $returnCode"
+if [ $returnCode != 0 ]; then exit $returnCode; fi
+
+rm -rf /opt/tomcat/webapps/docs/ /opt/tomcat/webapps/host-manager/ /opt/tomcat/webapps/manager/ /opt/tomcat/logs/* /opt/tomcat/temp/* /opt/tomcat/work/* /opt/tomcat/conf/logging.properties
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) rm -rf /opt/tomcat/webapps/docs/ /opt/tomcat/webapps/host-manager/ /opt/tomcat/webapps/manager/ /opt/tomcat/logs/* /opt/tomcat/temp/* /opt/tomcat/work/*\ /opt/tomcat/conf/logging.properties, result: $returnCode"
+if [ $returnCode != 0 ]; then exit $returnCode; fi
+
+cp -R /opt/container_files/grouperWebapp/* /opt/grouper/grouperWebapp
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) cp -R /opt/container_files/grouperWebapp/* /opt/grouper/grouperWebapp, result: $returnCode"
+if [ $returnCode != 0 ]; then exit $returnCode; fi
+
+cp -R /opt/container_files/tomcat/* /opt/tomcat/
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) cp -R /opt/container_files/tomcat/* /opt/tomcat/, result: $returnCode"
+if [ $returnCode != 0 ]; then exit $returnCode; fi
+
+mkdir -p /opt/tomcat/conf/Catalina/localhost/
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) mkdir -p /opt/tomcat/conf/Catalina/localhost/, result: $returnCode"
+if [ $returnCode != 0 ]; then exit $returnCode; fi
+
+ln -sf /usr/share/zoneinfo/UTC /etc/localtime
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) ln -sf /usr/share/zoneinfo/UTC /etc/localtime, result: $returnCode"
+if [ $returnCode != 0 ]; then exit $returnCode; fi
+
+rm -f /etc/alternatives/java
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) rm -f /etc/alternatives/java, result: $returnCode"
+if [ $returnCode != 0 ]; then exit $returnCode; fi
+
+ln -s $JAVA_HOME/bin/java /etc/alternatives/java
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) ln -s $JAVA_HOME/bin/java /etc/alternatives/java, result: $returnCode"
+if [ $returnCode != 0 ]; then exit $returnCode; fi
+
+mv /opt/container_files/usr-local-bin/* /usr/local/bin/
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) mv /opt/container_files/usr-local-bin/* /usr/local/bin/, result: $returnCode"
+if [ $returnCode != 0 ]; then exit $returnCode; fi
+
+rm -f /opt/tomcat/bin/log4j-*
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) rm -f /opt/tomcat/bin/log4j-*, result: $returnCode"
+if [ $returnCode != 0 ]; then exit $returnCode; fi
+
+mv /opt/tier-support/log4j_fix/tomcatBin/log4j-* /opt/tomcat/bin/
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) mv /opt/tier-support/log4j_fix/tomcatBin/log4j-* /opt/tomcat/bin/, result: $returnCode"
+if [ $returnCode != 0 ]; then exit $returnCode; fi
+
+rm -f /opt/tomcat/lib/slf4j-*
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) rm -f /opt/tomcat/lib/slf4j-*, result: $returnCode"
+if [ $returnCode != 0 ]; then exit $returnCode; fi
+
+mv /opt/tier-support/log4j_fix/tomcatLib/slf4j-* /opt/tomcat/lib/
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) mv /opt/tier-support/log4j_fix/tomcatLib/slf4j-* /opt/tomcat/lib/, result: $returnCode"
+if [ $returnCode != 0 ]; then exit $returnCode; fi
+
+rm -f /opt/grouper/grouperWebapp/WEB-INF/lib/slf4j-api-*
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) rm -f /opt/grouper/grouperWebapp/WEB-INF/lib/slf4j-api-*, result: $returnCode"
+if [ $returnCode != 0 ]; then exit $returnCode; fi
+
+mv /opt/tier-support/log4j_fix/webinfLib/* /opt/grouper/grouperWebapp/WEB-INF/lib/
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) mv /opt/tier-support/log4j_fix/webinfLib/* /opt/grouper/grouperWebapp/WEB-INF/lib/, result: $returnCode"
+if [ $returnCode != 0 ]; then exit $returnCode; fi
+
+touch /opt/grouper/grouperEnv.sh
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) touch /opt/grouper/grouperEnv.sh, result: $returnCode"
+if [ $returnCode != 0 ]; then exit $returnCode; fi
+
+mkdir -p /opt/tomcat/work/Catalina/localhost/
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) mkdir -p /opt/tomcat/work/Catalina/localhost/, result: $returnCode"
+if [ $returnCode != 0 ]; then exit $returnCode; fi
+
+mkdir -p /opt/grouper/certs/client
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) mkdir -p /opt/grouper/certs/client, result: $returnCode"
+if [ $returnCode != 0 ]; then exit $returnCode; fi
+
+mkdir -p /opt/grouper/certs/anchors
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) mkdir -p /opt/grouper/certs/anchors, result: $returnCode"
+if [ $returnCode != 0 ]; then exit $returnCode; fi
+
+mv /opt/container_files/certs/* /opt/grouper/certs/
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) mv /opt/container_files/certs/* /opt/grouper/certs/, result: $returnCode"
+if [ $returnCode != 0 ]; then exit $returnCode; fi
+
+echo 'umask 002' >> /home/tomcat/.bashrc
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) echo 'umask 002' >> /home/tomcat/.bashrc, result: $returnCode"
+if [ $returnCode != 0 ]; then exit $returnCode; fi
+
+mkdir -p /opt/tier-support/originalFiles
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) mkdir -p /opt/tier-support/originalFiles, result: $returnCode"
+if [ $returnCode != 0 ]; then exit $returnCode; fi
+
+cp /opt/grouper/grouperWebapp/WEB-INF/classes/log4j2.xml /opt/tier-support/originalFiles 2>/dev/null
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) cp /opt/grouper/grouperWebapp/WEB-INF/classes/log4j2.xml /opt/tier-support/originalFiles 2>/dev/null, result: $returnCode"
+if [ $returnCode != 0 ]; then exit $returnCode; fi
+
+cp /opt/tomcat/conf/server.xml /opt/tier-support/originalFiles 2>/dev/null
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) cp /opt/tomcat/conf/server.xml /opt/tier-support/originalFiles 2>/dev/null, result: $returnCode"
+if [ $returnCode != 0 ]; then exit $returnCode; fi
+
+cp /opt/tomcat/conf/Catalina/localhost/grouper.xml /opt/tier-support/originalFiles 2>/dev/null
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) cp /opt/tomcat/conf/Catalina/localhost/grouper.xml /opt/tier-support/originalFiles 2>/dev/null, result: $returnCode"
+if [ $returnCode != 0 ]; then exit $returnCode; fi
+
+cp /opt/grouper/grouperWebapp/WEB-INF/web.xml /opt/tier-support/originalFiles 2>/dev/null
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) cp /opt/grouper/grouperWebapp/WEB-INF/web.xml /opt/tier-support/originalFiles 2>/dev/null, result: $returnCode"
+if [ $returnCode != 0 ]; then exit $returnCode; fi
+
+/opt/container_files/docker-build-bin/containerDockerfileInstallPermissions.sh tomcat root
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) /opt/container_files/docker-build-bin/containerDockerfileInstallPermissions.sh tomcat root, result: $returnCode"
+if [ $returnCode != 0 ]; then exit $returnCode; fi
+
diff --git a/container_files/docker-build-bin/containerDockerfileInstallDos2unix.sh b/container_files/docker-build-bin/containerDockerfileInstallDos2unix.sh
new file mode 100644
index 00000000..9c26c3c3
--- /dev/null
+++ b/container_files/docker-build-bin/containerDockerfileInstallDos2unix.sh
@@ -0,0 +1,9 @@
+#!/bin/bash
+
+lines=$(find $1 -type f -name "*.sh" -exec file "{}" ";" | grep CRLF | cut -d: -f1 | wc -l)
+if [ $lines -ne 0 ]; then
+ dos2unix $(find $1 -type f -name "*.sh" -exec file "{}" ";" | grep CRLF | cut -d: -f1)
+ returnCode=$?
+ echo "grouperDockerfile; INFO: (containerDockerfileInstallDos2unix.sh) dos2unix \$(find $1 -type f -name \"*.sh\" -exec file \"{}\" \";\" | grep CRLF | cut -d: -f1), result: $returnCode"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+fi
diff --git a/container_files/docker-build-bin/containerDockerfileInstallGrouper.sh b/container_files/docker-build-bin/containerDockerfileInstallGrouper.sh
new file mode 100644
index 00000000..9d2f6d50
--- /dev/null
+++ b/container_files/docker-build-bin/containerDockerfileInstallGrouper.sh
@@ -0,0 +1,47 @@
+#!/bin/bash
+
+# $1 ARG JAVA_HOME=/usr/lib/jvm/java-17-amazon-corretto
+# $2 ARG GROUPER_VERSION=2.6.14
+JAVA_HOME=$1
+GROUPER_VERSION=$2
+
+mv /opt/container_files/tier-support /opt
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstallGrouper.sh) mv /opt/container_files/tier-support /opt, result: $returnCode"
+if [ $returnCode != 0 ]; then exit $returnCode; fi
+
+mkdir -p /opt/grouper/$GROUPER_VERSION
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstallGrouper.sh) , result: $returnCode"
+if [ $returnCode != 0 ]; then exit $returnCode; fi
+
+wget -q -O /opt/grouper/$GROUPER_VERSION/grouperInstaller.jar https://oss.sonatype.org/service/local/repositories/releases/content/edu/internet2/middleware/grouper/grouper-installer/$GROUPER_VERSION/grouper-installer-$GROUPER_VERSION.jar
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstallGrouper.sh) wget -q -O /opt/grouper/$GROUPER_VERSION/grouperInstaller.jar https://oss.sonatype.org/service/local/repositories/releases/content/edu/internet2/middleware/grouper/grouper-installer/$GROUPER_VERSION/grouper-installer-$GROUPER_VERSION.jar, result: $returnCode"
+if [ $returnCode != 0 ]; then exit $returnCode; fi
+
+mv /opt/container_files/grouper.installer.properties /opt/grouper/$GROUPER_VERSION
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstallGrouper.sh) mv /opt/container_files/grouper.installer.properties /opt/grouper/$GROUPER_VERSION, result: $returnCode"
+if [ $returnCode != 0 ]; then exit $returnCode; fi
+
+# Temporary morphString file used for building, not used in production
+mv /opt/container_files/morphString.properties /opt/grouper/$GROUPER_VERSION
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstallGrouper.sh) mv /opt/container_files/morphString.properties /opt/grouper/$GROUPER_VERSION, result: $returnCode"
+if [ $returnCode != 0 ]; then exit $returnCode; fi
+
+cd /opt/grouper/$GROUPER_VERSION/
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstallGrouper.sh) cd /opt/grouper/$GROUPER_VERSION/, result: $returnCode"
+if [ $returnCode != 0 ]; then exit $returnCode; fi
+
+$JAVA_HOME/bin/java -cp :grouperInstaller.jar edu.internet2.middleware.grouperInstaller.GrouperInstaller
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstallGrouper.sh) $JAVA_HOME/bin/java -cp :grouperInstaller.jar edu.internet2.middleware.grouperInstaller.GrouperInstaller, result: $returnCode"
+if [ $returnCode != 0 ]; then exit $returnCode; fi
+
+rm -rf /root/.m2
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstallGrouper.sh) rm -rf /root/.m2, result: $returnCode"
+if [ $returnCode != 0 ]; then exit $returnCode; fi
diff --git a/container_files/docker-build-bin/containerDockerfileInstallJava.sh b/container_files/docker-build-bin/containerDockerfileInstallJava.sh
new file mode 100644
index 00000000..e39ff36c
--- /dev/null
+++ b/container_files/docker-build-bin/containerDockerfileInstallJava.sh
@@ -0,0 +1,20 @@
+#!/bin/bash
+
+# $1 ARG JAVA_VERSION=17
+JAVA_VERSION=$1
+
+
+rpm --import https://yum.corretto.aws/corretto.key
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstallJava.sh) rpm --import https://yum.corretto.aws/corretto.key, result: $returnCode"
+if [ $returnCode != 0 ]; then exit $returnCode; fi
+
+curl -L -o /etc/yum.repos.d/corretto.repo https://yum.corretto.aws/corretto.repo
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstallJava.sh) curl -L -o /etc/yum.repos.d/corretto.repo https://yum.corretto.aws/corretto.repo, result: $returnCode"
+if [ $returnCode != 0 ]; then exit $returnCode; fi
+
+yum install -y java-$JAVA_VERSION-amazon-corretto-devel
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstallJava.sh) yum install -y java-$JAVA_VERSION-amazon-corretto-devel, result: $returnCode"
+if [ $returnCode != 0 ]; then exit $returnCode; fi
diff --git a/container_files/docker-build-bin/containerDockerfileInstallPermissions.sh b/container_files/docker-build-bin/containerDockerfileInstallPermissions.sh
new file mode 100644
index 00000000..82288c89
--- /dev/null
+++ b/container_files/docker-build-bin/containerDockerfileInstallPermissions.sh
@@ -0,0 +1,106 @@
+#!/bin/bash
+
+if [ $# -lt 2 ]; then
+ echo 'pass in user and group, e.g. /opt/container_files/docker-build-bin/containerDockerfileInstallPermissions.sh tomcat root'
+ exit 1
+fi
+
+user=$1
+group=$2
+
+# this needs to exist
+mkdir -p /opt/tier
+
+lines=$(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomcat /home/tomcat /usr/local/bin.d $JAVA_HOME/lib/security/cacerts -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o ! -user $user -print | wc -l)
+if [ $lines -ne 0 ]; then
+ chown $user:$group $(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomcat /home/tomcat /usr/local/bin.d $JAVA_HOME/lib/security/cacerts -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o ! -user $user -print)
+ returnCode=$?
+ echo "grouperDockerfile; INFO: ($0) chown $user:$group \$(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomcat /home/tomcat /usr/local/bin.d $JAVA_HOME/lib/security/cacerts -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o ! -user $user -print), result: $returnCode"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+fi
+
+lines=$(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomcat /home/tomcat /usr/local/bin.d $JAVA_HOME/lib/security/cacerts -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o ! -group $group -print | wc -l)
+if [ $lines -ne 0 ]; then
+ chown $user:$group $(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomcat /home/tomcat /usr/local/bin.d $JAVA_HOME/lib/security/cacerts -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o ! -group $group -print)
+ returnCode=$?
+ echo "grouperDockerfile; INFO: ($0) chown $user:$group \$(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomcat /home/tomcat /usr/local/bin.d $JAVA_HOME/lib/security/cacerts -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o ! -group $group -print), result: $returnCode"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+fi
+
+lines=$(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomcat /home/tomcat /usr/local/bin.d -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o -type d ! -perm -g+rwxs -print | wc -l)
+if [ $lines -ne 0 ]; then
+ chmod g+rwxs $(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomcat /home/tomcat /usr/local/bin.d -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o -type d ! -perm -g+rwxs -print)
+ returnCode=$?
+ echo "grouperDockerfile; INFO: ($0) chmod g+rwxs \$(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomcat /home/tomcat /usr/local/bin.d -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o -type d ! -perm -g+rwxs -print), result: $returnCode"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+fi
+
+lines=$(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomcat /home/tomcat /usr/local/bin.d $JAVA_HOME/lib/security/cacerts -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o -type f ! -perm -g+rw -print | wc -l)
+if [ $lines -ne 0 ]; then
+ chmod g+rw $(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomcat /home/tomcat /usr/local/bin.d $JAVA_HOME/lib/security/cacerts -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o -type f ! -perm -g+rw -print)
+ returnCode=$?
+ echo "grouperDockerfile; INFO: ($0) chmod g+rw \$(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomcat /home/tomcat /usr/local/bin.d $JAVA_HOME/lib/security/cacerts -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o -type f ! -perm -g+rw -print), result: $returnCode"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+fi
+
+lines=$(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomcat /home/tomcat /usr/local/bin.d $JAVA_HOME/lib/security/cacerts -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o -perm -o+w -print | wc -l)
+if [ $lines -ne 0 ]; then
+ chmod o-w $(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomcat /home/tomcat /usr/local/bin.d $JAVA_HOME/lib/security/cacerts -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o -perm -o+w -print)
+ returnCode=$?
+ echo "grouperDockerfile; INFO: ($0) chmod o-w \$(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomcat /home/tomcat /usr/local/bin.d $JAVA_HOME/lib/security/cacerts -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o -perm -o+w -print), result: $returnCode"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+fi
+
+lines=$(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomcat /home/tomcat.d -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o -type f -name "*.sh" ! -perm -g+x -print -print | wc -l)
+if [ $lines -ne 0 ]; then
+ chmod +x $(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomcat /home/tomcat.d -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o -type f -name "*.sh" ! -perm -g+x -print)
+ returnCode=$?
+ echo "grouperDockerfile; INFO: ($0) chmod +x \$(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomcat /home/tomcat.d -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o -type f -name \"*.sh\" ! -perm -g+x -print), result: $returnCode"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+fi
+
+lines=$(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomcat /home/tomcat.d -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o -type f -name "*.sh" ! -perm -u+x -print | wc -l)
+if [ $lines -ne 0 ]; then
+ chmod +x $(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomcat /home/tomcat.d -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o -type f -name "*.sh" ! -perm -u+x -print)
+ returnCode=$?
+ echo "grouperDockerfile; INFO: ($0) chmod +x \$(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomcat /home/tomcat.d -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o -type f -name \"*.sh\" ! -perm -u+x -print), result: $returnCode"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+fi
+
+lines=$(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomcat /home/tomcat.d -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o -type f -name "*.sh" ! -perm -o+x -print | wc -l)
+if [ $lines -ne 0 ]; then
+ chmod +x $(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomcat /home/tomcat.d -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o -type f -name "*.sh" ! -perm -o+x -print)
+ returnCode=$?
+ echo "grouperDockerfile; INFO: ($0) chmod +x \$(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomcat /home/tomcat.d -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o -type f -name \"*.sh\" ! -perm -o+x -print), result: $returnCode"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+fi
+
+/opt/container_files/docker-build-bin/containerDockerfileInstallDos2unix.sh /usr/local/bin
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstallPermissions.sh) /opt/container_files/docker-build-bin/containerDockerfileInstallDos2unix.sh /usr/local/bin, result: $returnCode"
+if [ $returnCode != 0 ]; then exit $returnCode; fi
+
+lines=$(find /usr/local/bin -type f ! -perm -g+x | wc -l)
+if [ $lines -ne 0 ]; then
+ chmod +x $(find /usr/local/bin -type f ! -perm -g+x)
+ returnCode=$?
+ echo "grouperDockerfile; INFO: (containerDockerfileInstallPermissions.sh) chmod +x \$(find /usr/local/bin -type f ! -perm -g+x), result: $returnCode"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+fi
+
+lines=$(find /usr/local/bin -type f ! -perm -o+x | wc -l)
+if [ $lines -ne 0 ]; then
+ chmod +x $(find /usr/local/bin -type f ! -perm -o+x)
+ returnCode=$?
+ echo "grouperDockerfile; INFO: (containerDockerfileInstallPermissions.sh) chmod +x \$(find /usr/local/bin -type f ! -perm -o+x), result: $returnCode"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+fi
+
+
+lines=$(find /usr/local/bin -type f ! -perm -u+x | wc -l)
+if [ $lines -ne 0 ]; then
+ chmod +x $(find /usr/local/bin -type f ! -perm -u+x)
+ returnCode=$?
+ echo "grouperDockerfile; INFO: (containerDockerfileInstallPermissions.sh) chmod +x \$(find /usr/local/bin -type f ! -perm -u+x), result: $returnCode"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+fi
diff --git a/container_files/grouper.installer.properties b/container_files/grouper.installer.properties
index c63c9d5f..78b76fe8 100644
--- a/container_files/grouper.installer.properties
+++ b/container_files/grouper.installer.properties
@@ -1,46 +1,5 @@
-# this should be before the version number
download.server.url = https://software.internet2.edu/grouper
-# default version to install
-grouper.version = 2.4.0
-# print out autorun keys in prompts so you can easily see how to configure the autorun
-grouperInstaller.print.autorunKeys = true
-# default to install or upgrade (default is install)
-grouperInstaller.default.installOrUpgrade = install
-
-##############################
-## Autorun properties
-##
-## If you uncomment one of these properties it will be used as empty, only uncomment to use
-##
-##############################
-
-grouperInstaller.autorun.forceInstallPatch = t
-grouperInstaller.autorun.installAllPatches = false
-grouperInstaller.autorun.installPatchesUpToACertainPatchLevel = true
-# 2.4.0-a91-u56-w11-p12-20200210-rc1
-grouperInstaller.autorun.installPatchesUpToThesePatchLevels = grouper_v2_4_0_api_patch_91,grouper_v2_4_0_ui_patch_56,grouper_v2_4_0_ws_patch_11,grouper_v2_4_0_pspng_patch_12
-
-
-#### set this to true to try to use defaults for everything. Only things without default values will need to be set
+grouperInstaller.default.installOrUpgrade = buildContainer
grouperInstaller.autorun.useDefaultsAsMuchAsAvailable = true
-########## AUTORUN PROPERTIES WITH NO DEFAULT OR ARE COMMONLY CHANGED
-## Note: not all of them need to be filled out for all operations
-# autorun grouper system password (its not secure to have a plain text pass in a config file)
-grouperInstaller.autorun.grouperSystemPassword = XXXXXXXXXX
-
-grouperInstaller.autorun.deleteAndInitDatabase = t
-grouperInstaller.autorun.addQuickstartData = f
-grouperInstaller.autorun.installClient = f
-
-grouperInstaller.autorun.installGrouperActiveMqMessaging = f
-grouperInstaller.autorun.activeMqWhereInstalled = /opt/grouper/2.4.0/grouper.apiBinary-2.4.0/
-
-grouperInstaller.autorun.installGrouperAwsSqsMessaging = t
-grouperInstaller.autorun.AwsSqsWhereInstalled = /opt/grouper/2.4.0/grouper.apiBinary-2.4.0/
-
-grouperInstaller.autorun.installGrouperRabbitMqMessaging = t
-grouperInstaller.autorun.rabbitMqWhereInstalled = /opt/grouper/2.4.0/grouper.apiBinary-2.4.0/
-
-# disable installing pspng, for now
-grouperInstaller.autorun.installPspng = t
-grouperInstaller.autorun.installPsp = f
+grouperInstaller.webAppWillBeInContainer = /opt/grouper/grouperWebapp
+grouperInstaller.autorun.buildContainerUseExistingJarIfExists = false
diff --git a/container_files/grouperWebapp/WEB-INF/classes/grouper-loader.base.properties b/container_files/grouperWebapp/WEB-INF/classes/grouper-loader.base.properties
new file mode 100644
index 00000000..5814b4d1
--- /dev/null
+++ b/container_files/grouperWebapp/WEB-INF/classes/grouper-loader.base.properties
@@ -0,0 +1,5137 @@
+#
+# Copyright 2014 Internet2
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+########################################
+## Config chaining hierarchy
+## Grouper loader uses Grouper Configuration Overlays (documented on wiki)
+## By default the configuration is read from grouper-loader.base.properties
+## (which should not be edited), and the grouper-loader.properties overlays
+## the base settings. See the grouper-loader.base.properties for the possible
+## settings that can be applied to the grouper.properties
+########################################
+
+# comma separated config files that override each other (files on the right override the left)
+# each should start with file: or classpath:
+# e.g. classpath:grouper-loader.example.properties, file:c:/something/myconfig.properties
+# {valueType: "string", required: true, multiple: true}
+loader.config.hierarchy = classpath:grouper-loader.base.properties, classpath:grouper-loader.properties, database:grouper
+
+# seconds between checking to see if the config files are updated
+# {valueType: "integer", required: true}
+loader.config.secondsBetweenUpdateChecks = 600
+
+########################################
+## General settings
+########################################
+
+
+# auto-add grouper loader types and attributes when grouper starts up if they are not there
+# {valueType: "boolean", required: true}
+loader.autoadd.typesAttributes = true
+
+# if a transaction should be used when loading groups. If not, then
+# commits will happen as the group is loaded (and memory usage might be
+# less intensive, and caching settings need to be set right)
+# {valueType: "boolean", required: true}
+loader.use.transactions = false
+
+# if should use threads in the loader for add/remove member
+# {valueType: "boolean", required: true}
+loader.use.membershipThreads=true
+
+# number of threads to use for each group job (not shared among jobs)
+# {valueType: "integer", required: true}
+loader.membershipThreadPoolSize=10
+
+# if should use threads in the loader for each group in a group of groups
+# {valueType: "boolean", required: true}
+loader.use.groupThreads=true
+
+# number of threads to use for each list of groups job (not shared among jobs)
+# {valueType: "integer", required: true}
+loader.groupThreadPoolSize=20
+
+# if should use threads in incremental loader jobs
+# {valueType: "boolean", required: true}
+loader.incrementalThreads=true
+
+# number of threads to use in incremental loader jobs (not shared among jobs)
+# {valueType: "integer", required: true}
+loader.incrementalThreadPoolSize=10
+
+# number of days to retain db logs in table grouperloader_log. -1 is forever. default is 7
+# {valueType: "integer", required: true}
+loader.retain.db.logs.days=7
+
+# number of days to retain db rows in grouper_change_log_entry. -1 is forever. default is 14
+# {valueType: "integer", required: true}
+loader.retain.db.change_log_entry.days=14
+
+# if daemon should remove old values which are multi-assigned if the attribute is single valued
+# {valueType: "boolean", required: true}
+loader.removeMultiAttributeValuesIfSingleValuedAttribute = true
+
+# if daemon should remove old values which are multi-assigned if the attribute is single valued.
+# there are some exceptions (e.g. usdu) which will not be log only
+# {valueType: "boolean", required: true}
+loader.removeMultiAttributeValuesIfSingleValuedAttributeLogOnly = true
+
+# if daemon should remove old assignments which are multi-assigned if the attribute is single assign
+# {valueType: "boolean", required: true}
+loader.removeMultiAttributeAssignIfSingleAssignAttribute = true
+
+# if daemon should remove old assignments which are multi-assigned if the attribute is single assign.
+# there are some exceptions (e.g. usdu) which will not be log only
+# {valueType: "boolean", required: true}
+loader.removeMultiAttributeAssignIfSingleAssignAttributeLogOnly = true
+
+
+# if you want queries which do not specify subject source to come from a certain
+# source, specify here (improves performance so it doesnt search through all sources)
+# {valueType: "string"}
+default.subject.source.id =
+
+#if using a sql table, and specifying the name like string, then should the group (in addition to memberships)
+# be removed if not used anywhere else?
+# {valueType: "boolean", required: true}
+loader.sqlTable.likeString.removeGroupIfNotUsed = true
+
+# if using a sql table, and specifying the name like string, then should the group be removed even when the group is member of some other group.
+# loader.sqlTable.likeString.removeGroupIfNotUsed has to be true for this to work
+# https://bugs.internet2.edu/jira/browse/GRP-1132
+# {valueType: "boolean", required: true}
+loader.sqlTable.likeString.removeGroupIfMemberOfAnotherGroup = false
+
+# by default the top folder for an ldap group of groups is the folder where the config group lives.
+# set to false if you want to be able to provision groups to anywhere
+# {valueType: "boolean", required: true}
+loader.ldap.requireTopStemAsStemFromConfigGroup = true
+
+# if you dont specify a groupNameExpression, groups will be loaded into this folder
+# if this property doesnt exist, it will be groups: if it is blank, then there is no top level folder
+# e.g. loader:groups
+# {valueType: "string"}
+loader.ldap.defaultGroupFolder = groups:
+
+# Delimiter used in the example edu.internet2.middleware.grouper.app.loader.ldap.LdapResultsTransformationDelimitedValueExample
+# {valueType: "string"}
+loader.ldap.resultsTransformationDelimitedValueExampleDelimiter = -
+
+# Comma separated list of stems under which the display name changes in stems are allowed.
+# eg: loader.allowStemDisplayNameChangesUnderStems=school:courses:english, school:faculty
+# {valueType: "stem", multiple: true}
+loader.allowStemDisplayNameChangesUnderStems =
+
+# If a job creates or updates a group, and the job parameters do not compute
+# a description, true if a blank description is allowed. If false, the description will
+# be set to "{groupExtension} auto-created by grouperLoader".
+# {valueType: "boolean", required: false}
+loader.allowBlankGroupDescriptions = false
+
+# fix include excludes on each run
+# {valueType: "boolean", required: true}
+loader.fixIncludeExcludes = false
+
+#potentially delete groups that are no longer in the source system
+# {valueType: "boolean", required: true}
+loader.deleteGroupsNoLongerInSource = false
+
+# if a loader is registered to update the loader log table periodically, do this after this many seconds
+# {valueType: "integer", defaultValue: "60"}
+loader.otherJobUpdateLoaderLogDbAfterSeconds = 60
+
+# if the loader should log when a subject identifier does not match the grouper
+# WARN GrouperLoaderType.syncOneGroupMembership(3257) - - Subject xxxxx marked to be
+# added and removed from group a:b:c. Possible case issue between subject source and loader source.
+# Or loading based on subject identifier and identifier is not cached in Grouper's grouper_members table.
+# {valueType: "boolean", required: true}
+loader.log.subject.identifier.mismatch = true
+
+
+############################################
+## Auditing lifetimes
+############################################
+
+# number of days to retain db rows in grouper_audit_entry with no logged in user (loader, gsh, etc). -1 is forever. suggested is 365 or five years: 1825. Default is -1
+# audit entries with no logged in user aren't really all that useful. There is point in time data still. So removing these shouldn't be a big deal
+# {valueType: "integer", required: true}
+loader.retain.db.audit_entry_no_logged_in_user.days=-1
+
+# number of days to retain db rows in grouper_audit_entry. -1 is forever. suggested is -1 or ten years: 3650
+# Some think its ok to remove all audit entries over 10 (or X) years, but will default this
+# to never since even at large institutions there aren't that many records.
+# These are audits for things people do on the UI or WS generally (as a different to records with no logged in user)
+# {valueType: "integer", required: true}
+loader.retain.db.audit_entry.days=-1
+
+# number of days to retain db rows for point in time deleted objects. -1 is forever. suggested is 365 or five years: 1825. Default is -1
+# After you delete an object in grouper, it is still in point in time. So if you want to know who
+# was in a group a year ago, you need this info
+# However, after some time it might be ok to let it go. So the default is 5 years
+# {valueType: "integer", required: true}
+loader.retain.db.point_in_time_deleted_objects.days=-1
+
+# number of days after a subfolder (directly in a parent folder) is created that it will be obliterated (deleted)
+# and point in time will be deleted too.
+# "courses" or "anotherLabel" are variables you make up in these examples
+# This is optional. You can automatically obliterate folders *directly in a parent folder* that are a certain age old e.g. courses.
+# so you could delete a term of courses 4 years old if you like. Note, make sure the loader isn't going to recreate or you will get churn
+# Note this can also delete the point in time data as well.
+# {valueType: "integer", required: true, regex: "^loader\\.retain\\.db\\.folder\\.([^.]+)\\.days$"}
+#loader.retain.db.folder.courses.days=1825
+
+# delete old folders in this folder
+# {valueType: "stem", required: true, regex: "^loader\\.retain\\.db\\.folder\\.([^.]+)\\.parentFolderName$"}
+#loader.retain.db.folder.courses.parentFolderName=my:folder:for:courses
+
+# if also delete point in time for this old folder
+# {valueType: "boolean", required: true, regex: "^loader\\.retain\\.db\\.folder\\.([^.]+)\\.deletePointInTime$"}
+#loader.retain.db.folder.courses.deletePointInTime=true
+
+# number of days after a subfolder (directly in a parent folder) is created that it will be obliterated (deleted)
+# and point in time will be deleted too.
+# "courses" or "anotherLabel" are variables you make up in these examples
+# This is optional. You can automatically obliterate folders *directly in a parent folder* that are a certain age old e.g. courses.
+# so you could delete a term of courses 4 years old if you like. Note, make sure the loader isn't going to recreate or you will get churn
+# Note this can also delete the point in time data as well.
+# {valueType: "integer", required: true, regex: "^loader\\.retain\\.db\\.folder\\.([^.]+)\\.days$"}
+#loader.retain.db.folder.anotherLabel.days=1825
+
+# delete old folders in this folder
+# {valueType: "stem", required: true, regex: "^loader\\.retain\\.db\\.folder\\.([^.]+)\\.parentFolderName$"}
+#loader.retain.db.folder.anotherLabel.parentFolderName=my:folder:for:something
+
+# if also delete point in time for this old folder
+# {valueType: "boolean", required: true, regex: "^loader\\.retain\\.db\\.folder\\.([^.]+)\\.deletePointInTime$"}
+#loader.retain.db.folder.anotherLabel.deletePointInTime=false
+
+
+
+######################################
+## Fail-safe 1 - Each individual group
+######################################
+
+# if the loader should check to see too many users were removed, if so, then error out and
+# wait for manual intervention. This setting means have global defaults. If there are local settings
+# those will still be used.
+# {valueType: "boolean", required: true}
+loader.failsafe.use = false
+
+# if a group has a size less than this (default 200), then make changes including blanking it out.
+# if -1 then do not have a global default
+# {valueType: "integer", required: true}
+loader.failsafe.minGroupSize = 200
+
+# if a group with more members than the loader.failsafe.minGroupSize have more than this percent (default 30)
+# removed, then log it as error, fail the job, and don't actually remove the members
+# In order to run the job, an admin would need to change this param in the config,
+# and run the job manually, then change this config back.
+# if -1 then do not have a global max percent remove
+# {valueType: "integer", required: true}
+loader.failsafe.maxPercentRemove = 30
+
+############################################
+## Fail-safe 2 - Group list - managed groups
+############################################
+
+# For group lists, if groupLikeString is specified, you can use this fail-safe to prevent too
+# many groups from having their memberships cleared out because they are managed by the loader
+# (i.e. match the groupLikeString) but don't have memberships in the group query.
+# {valueType: "boolean", required: true}
+loader.failsafe.groupList.managedGroups.use = false
+
+# Only applicable if the number of managed groups (i.e. match the groupLikeString) that have
+# members in Grouper before the loader starts is at least this amount.
+# {valueType: "integer", required: true}
+loader.failsafe.groupList.managedGroups.minManagedGroups = 200
+
+# If the group list meets the criteria above and the percentage of groups that are managed by
+# the loader (i.e. match the groupLikeString) that currently have members in Grouper but
+# wouldn't after the job runs is greater than this percentage, then don't remove members,
+# log it as an error and fail the job. An admin would need to approve the failsafe or change this param in the config,
+# and run the job manually, then change this config back.
+# {valueType: "integer", required: true}
+loader.failsafe.groupList.managedGroups.maxPercentGroupsRemove = 30
+
+# This does not work for grouper loader currently. If the group list meets the criteria above and the
+# percentage of memberships that are managed by
+# the loader (i.e. match the groupLikeString) that currently have members in Grouper but
+# wouldn't after the job runs is greater than this percentage, then don't remove members,
+# log it as an error and fail the job. An admin would need to approve the failsafe or change this param in the config,
+# and run the job manually, then change this config back.
+# {valueType: "integer", required: true}
+loader.failsafe.groupList.managedGroups.maxPercentMembershipsRemove = 30
+
+#############################################
+## Failsafe emails
+#############################################
+
+# if sending email on loader failsafe issues. Default to true if there are email addresses to send to
+# {valueType: "boolean"}
+loader.failsafe.sendEmail =
+
+# if sending email on loader failsafe issues then send this these addresses (comma separated)
+# mutually exclusive with sendEmailToGroup
+# {valueType: "string"}
+loader.failsafe.sendEmailToAddresses =
+
+# if sending email on loader failsafe issues then send to members of this group name (id path)
+# mutually exclusive with sendEmailToAddresses
+# {valueType: "string"}
+loader.failsafe.sendEmailToGroup =
+
+# you can use the variables $jobName$
+# {valueType: "string"}
+loader.failsafe.email.subject = Grouper failsafe caused job to not run: $jobName$
+
+# you can use the variables $newline$, $jobName$, $timestamp$.
+# {valueType: "string"}
+loader.failsafe.email.body = Hello,$newline$$newline$This is a notification that Grouper job $jobName$ did not run due to a failsafe condition. Approve the failsafe in the UI if this is expected.$newline$$newline$${edu.internet2.middleware.grouper.cfg.GrouperConfig.retrieveConfig().getGrouperUiUrl(true)}grouperUi/app/UiV2Main.index?operation=UiV2Admin.daemonJobs&daemonJobsFilter=${grouperUtil.escapeUrlEncode(jobName)}$newline$$newline$Timestamp: $timestamp$$newline$$newline$Regards.
+
+
+
+#################################
+## Performance enhancements
+#################################
+
+# if you want to bulk retrieve subjects to add/remove
+# {valueType: "boolean", required: true}
+loader.bulkLookupSubjects = true
+
+# If the bulk lookup should use lazy subjects to avoid actual subject lookups in the subject source. This is mainly beneficial if your subject source includes an LDAP.
+# {valueType: "boolean", required: true}
+loader.bulkLookupSubjectsAsLazySubjects = true
+
+#########################
+## Unresolvables
+#########################
+
+# If there are unresolvables while loading a group from the source data, the job will still
+# have a result of SUCCESS unless the total membership count (with unresolvables) is
+# greater than or equal to minGroupSize and the percentage of unresolvables is greater than
+# the percent specified, in which case the result will be SUBJECT_PROBLEMS.
+# {valueType: "integer", required: true}
+loader.unresolvables.minGroupSize = 200
+
+# If there are unresolvables while loading a group from the source data, the job will still
+# have a result of SUCCESS unless the total membership count (with unresolvables) is
+# greater than or equal to minGroupSize and the percentage of unresolvables is greater than
+# the percent specified, in which case the result will be SUBJECT_PROBLEMS.
+# {valueType: "integer", required: true}
+loader.unresolvables.maxPercentForSuccess = 5
+
+
+#################################
+## DB connections
+## specify the db connection with user, pass, url, and driver class
+## the string after "db." is the name of the connection, and it should not have
+## spaces or other special chars in it
+#################################
+
+# specify the db connection with user, pass, url, and driver class
+# the string after "db." is the name of the connection, and it should not have
+# spaces or other special chars in it. eg: mylogin
+# {valueType: "string", required: true, regex: "^db\\.([^.]+)\\.user$"}
+# db.warehouse.user =
+
+#note the password can be stored encrypted in an external file
+# {valueType: "password", sensitive: true, regex: "^db\\.([^.]+)\\.pass$"}
+#db.warehouse.pass =
+
+# url for database connections. eg: jdbc:mysql://localhost:3306/grouper
+# {valueType: "string", required: true, regex: "^db\\.([^.]+)\\.url$"}
+#db.warehouse.url =
+
+# note: you probably dont have to enter a driver, it will detect from URL. If it
+# cant detect, then specify it here
+# {valueType: "string", regex: "^db\\.([^.]+)\\.driver$"}
+#db.warehouse.driver =
+
+#optional pooling params, these will default to the grouper.hibernate(.base).properties pooling settings. eg: 100
+# {valueType: "integer", regex: "^db\\.([^.]+)\\.c3p0\\.max_size$"}
+#db.warehouse.c3p0.max_size =
+
+# optional pooling param. eg: 0
+# {valueType: "integer", regex: "^db\\.([^.]+)\\.c3p0\\.min_size$"}
+#db.warehouse.c3p0.min_size =
+
+# seconds. eg: 100
+# {valueType: "integer", regex: "^db\\.([^.]+)\\.c3p0\\.timeout$"}
+#db.warehouse.c3p0.timeout =
+
+# maximum statements. eg: 0
+# {valueType: "integer", regex: "^db\\.([^.]+)\\.c3p0\\.max_statements$"}
+#db.warehouse.c3p0.max_statements =
+
+# idle test period. eg: 100
+# {valueType: "integer", regex: "^db\\.([^.]+)\\.c3p0\\.idle_test_period$"}
+#db.warehouse.c3p0.idle_test_period =
+
+# acquire in increments of. eg: 1
+# {valueType: "integer", regex: "^db\\.([^.]+)\\.c3p0\\.acquire_increment$"}
+#db.warehouse.c3p0.acquire_increment =
+
+# validate connection
+# {valueType: "boolean", regex: "^db\\.([^.]+)\\.c3p0\\.validate$"}
+#db.warehouse.c3p0.validate =
+
+# if unreturnedConnectionTimeout is non zero, then if connection takes too long it will be logged as stack
+# {valueType: "boolean", regex: "^db\\.([^.]+)\\.c3p0\\.debugUnreturnedConnectionStackTraces$"}
+# db.warehouse.c3p0.debugUnreturnedConnectionStackTraces =
+
+# in seconds, if connections are removed from the pool for longer than this,
+# and debugUnreturnedConnectionStackTraces is true, then log the stack of who took the connection (and didnt return it). eg: 30
+# {valueType: "integer", regex: "^db\\.([^.]+)\\.c3p0\\.unreturnedConnectionTimeout$"}
+# db.warehouse.c3p0.unreturnedConnectionTimeout =
+
+# if this database connector is enabled
+# {valueType: "boolean", regex: "^db\\.([^.]+)\\.enabled$", defaultValue: "true"}
+#db.warehouse.enabled =
+
+# testQuery to test the connection. If its a known database type a default query might be known
+# {valueType: "string", regex: "^db\\.([^.]+)\\.testQuery$"}
+#db.warehouse.testQuery =
+
+# When testing the connection in the UI, this is the expected value from sql
+# {valueType: "string", regex: "^db\\.([^.]+)\\.testExpectedValue$"}
+# db.warehouse.testExpectedValue =
+
+# if the db connections should be pooled (this is new as of 2.3.0.patch)
+# {valueType: "boolean", required: true}
+grouperLoader.db.connections.pool = true
+
+#################################
+## LDAP connections
+## specify the ldap connection with user, pass, url
+## the string after "ldap." is the ID of the connection, and it should not have
+## spaces or other special chars in it. In this case is it "personLdap"
+#################################
+
+# specify the ldap connection with user, pass, url
+# the string after "ldap." is the ID of the connection, and it should not have
+# spaces or other special chars in it.
+# note the URL should start with ldap: or ldaps: if it is SSL.
+# It should contain the server and port (optional if not default), and baseDn,
+# e.g. ldaps://ldapserver.school.edu:636/dc=school,dc=edu
+# You might not want to specify the base dn here. If you do then all ldap filters will use this base dn.
+# {valueType: "string", required: true, regex: "^ldap\\.([^.]+)\\.url$"}
+#ldap.personLdap.url =
+
+# load this ldaptive config file before the configs here. load from classpath. eg: ldap.personLdap.properties
+# {valueType: "string", regex: "^ldap\\.([^.]+)\\.configFileFromClasspath$"}
+#ldap.personLdap.configFileFromClasspath =
+
+#optional, if authenticated. eg: uid=someapp,ou=people,dc=myschool,dc=edu
+# {valueType: "string", regex: "^ldap\\.([^.]+)\\.user$"}
+#ldap.personLdap.user =
+
+#optional, if authenticated, note the password can be stored encrypted in an external file
+# {valueType: "password", sensitive: true, regex: "^ldap\\.([^.]+)\\.pass$"}
+#ldap.personLdap.pass =
+
+#optional, if you are using tls, set this to true. Generally you will not be using an SSL URL to use TLS.
+# {valueType: "boolean", regex: "^ldap\\.([^.]+)\\.tls$", defaultValue: "true"}
+#ldap.personLdap.tls =
+
+# optional, if this ldap connector is an active directory
+# {valueType: "boolean", regex: "^ldap\\.([^.]+)\\.isActiveDirectory$", defaultValue: "false"}
+#ldap.personLdap.isActiveDirectory =
+
+#optional, if using sasl
+# {valueType: "string", regex: "^ldap\\.([^.]+)\\.saslAuthorizationId$"}
+#ldap.personLdap.saslAuthorizationId =
+
+#optional, if using sasl
+# {valueType: "string", regex: "^ldap\\.([^.]+)\\.saslRealm$"}
+#ldap.personLdap.saslRealm =
+
+# When testing the connection in the UI, this is the search dn, e.g. ou=People,dc=example,dc=edu
+# {valueType: "string", regex: "^ldap\\.([^.]+)\\.uiTestSearchDn$"}
+# ldap.personLdap.uiTestSearchDn =
+
+# When testing the connection in the UI, this is the search scope
+# {valueType: "string", regex: "^ldap\\.([^.]+)\\.uiTestSearchScope$", formElement: "dropdown", optionValues: ["OBJECT_SCOPE", "ONELEVEL_SCOPE", "SUBTREE_SCOPE"]}
+# ldap.personLdap.uiTestSearchScope =
+
+# When testing the connection in the UI, this is the search filter, e.g. (uid=aanderson)
+# {valueType: "string", regex: "^ldap\\.([^.]+)\\.uiTestFilter$"}
+# ldap.personLdap.uiTestFilter =
+
+# When testing the connection in the UI, this is the search attribute name, e.g. cn
+# {valueType: "string", regex: "^ldap\\.([^.]+)\\.uiTestAttributeName$"}
+# ldap.personLdap.uiTestAttributeName =
+
+# When testing the connection in the UI, this is the search expected value
+# {valueType: "string", regex: "^ldap\\.([^.]+)\\.uiTestExpectedValue$"}
+# ldap.personLdap.uiTestExpectedValue =
+
+
+#optional (note, time limit is for search operations, timeout is for connection timeouts),
+#most of these default to ldaptive defaults. times are in millis
+# {valueType: "integer", regex: "^ldap\\.([^.]+)\\.batchSize$"}
+#ldap.personLdap.batchSize =
+
+#optional (note, time limit is for search operations, timeout is for connection timeouts),
+#most of these default to ldaptive defaults. times are in millis
+# {valueType: "integer", regex: "^ldap\\.([^.]+)\\.countLimit$"}
+#ldap.personLdap.countLimit =
+
+#optional (note, time limit is for search operations, timeout is for connection timeouts),
+#most of these default to ldaptive defaults. times are in millis
+# {valueType: "integer", regex: "^ldap\\.([^.]+)\\.timeLimit$"}
+#ldap.personLdap.timeLimit =
+
+#optional (note, time limit is for search operations, timeout is for connection timeouts),
+#most of these default to ldaptive defaults. times are in millis
+# {valueType: "integer", regex: "^ldap\\.([^.]+)\\.timeout$"}
+#ldap.personLdap.timeout =
+
+# if there is a max size limit on ldap server, then this will retrieve results in pages
+# {valueType: "integer", regex: "^ldap\\.([^.]+)\\.pagedResultsSize$"}
+#ldap.personLdap.pagedResultsSize =
+
+# set to 'follow' if using AD and using paged results size and need this for some reason (generally you shouldnt)
+# {valueType: "string", regex: "^ldap\\.([^.]+)\\.referral$"}
+#ldap.personLdap.referral =
+
+# comma-delimited list of classes to process LDAP search results. Useful if AD returns a ranged attribute for large
+# groups (e.g., member;range=0-1499); include the GrouperRangeEntryHandler to handle progressive fetching.
+# {valueType: "class", mustImplementInterface:"org.ldaptive.handler.Handler", multiple: true, regex: "^ldap\\.([^.]+)\\.searchResultHandlers$"}
+#ldap.personLdap.searchResultHandlers=org.ldaptive.handler.DnAttributeEntryHandler,edu.internet2.middleware.grouper.ldap.ldaptive.GrouperRangeEntryHandler
+
+# comma-delimited list of result codes (org.ldaptive.ResultCode) to ignore, e.g. TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED, PARTIAL_RESULTS
+# {valueType: "string", multiple: true, regex: "^ldap\\.([^.]+)\\.searchIgnoreResultCodes$"}
+#ldap.personLdap.searchIgnoreResultCodes=
+
+# if this ldap connector is enabled
+# {valueType: "boolean", regex: "^ldap\\.([^.]+)\\.enabled$", defaultValue: "true"}
+#ldap.personLdap.enabled =
+
+#if want to customize pooling
+# {valueType: "boolean", regex: "^ldap\\.([^.]+)\\.customizePooling$", subSection: "pooling", defaultValue: "false"}
+#ldap.personLdap.customizePooling =
+
+#optional (note, time limit is for search operations, timeout is for connection timeouts),
+#most of these default to ldaptive defaults. times are in millis
+# {valueType: "integer", regex: "^ldap\\.([^.]+)\\.minPoolSize$", subSection: "pooling", showEl: "${customizePooling}"}
+#ldap.personLdap.minPoolSize =
+
+#optional (note, time limit is for search operations, timeout is for connection timeouts),
+#most of these default to ldaptive defaults. times are in millis
+# {valueType: "integer", regex: "^ldap\\.([^.]+)\\.maxPoolSize$", subSection: "pooling", showEl: "${customizePooling}"}
+#ldap.personLdap.maxPoolSize =
+
+#optional (note, time limit is for search operations, timeout is for connection timeouts),
+#most of these default to ldaptive defaults. times are in millis
+# {valueType: "boolean", regex: "^ldap\\.([^.]+)\\.validateOnCheckIn$", subSection: "pooling", showEl: "${customizePooling}"}
+#ldap.personLdap.validateOnCheckIn =
+
+# validateOnCheckOut defaults to true if all other validate methods are false
+# {valueType: "boolean", regex: "^ldap\\.([^.]+)\\.validateOnCheckOut$", subSection: "pooling", showEl: "${customizePooling}"}
+#ldap.personLdap.validateOnCheckOut =
+
+#optional (note, time limit is for search operations, timeout is for connection timeouts),
+#most of these default to ldaptive defaults. times are in millis
+# {valueType: "boolean", regex: "^ldap\\.([^.]+)\\.validatePeriodically$", subSection: "pooling", showEl: "${customizePooling}"}
+#ldap.personLdap.validatePeriodically =
+
+#optional (note, time limit is for search operations, timeout is for connection timeouts),
+#most of these default to ldaptive defaults. times are in millis
+# {valueType: "integer", regex: "^ldap\\.([^.]+)\\.validateTimerPeriod$", subSection: "pooling", showEl: "${customizePooling}"}
+#ldap.personLdap.validateTimerPeriod =
+
+#optional (note, time limit is for search operations, timeout is for connection timeouts),
+#most of these default to ldaptive defaults. times are in millis
+# {valueType: "integer", regex: "^ldap\\.([^.]+)\\.pruneTimerPeriod$", subSection: "pooling", showEl: "${customizePooling}"}
+#ldap.personLdap.pruneTimerPeriod =
+
+# validator setup, currently supports CompareLdapValidator and SearchValidator. additional properties below for CompareLdapValidator.
+# {valueType: "string", regex: "^ldap\\.([^.]+)\\.validator$", subSection: "pooling", showEl: "${customizePooling}", formElement: "dropdown", optionValues: ["CompareLdapValidator", "SearchValidator"]}
+#ldap.personLdap.validator =
+
+# validator setup, currently supports CompareLdapValidator and SearchValidator. additional properties below for CompareLdapValidator. eg: ou=people,dc=example,dc=com
+# {valueType: "string", regex: "^ldap\\.([^.]+)\\.validatorCompareDn$", subSection: "pooling", showEl: "${customizePooling && validator == 'CompareLdapValidator'}"}
+#ldap.personLdap.validatorCompareDn =
+
+# validator setup, currently supports CompareLdapValidator and SearchValidator. additional properties below for CompareLdapValidator. eg: ou
+# {valueType: "string", regex: "^ldap\\.([^.]+)\\.validatorCompareAttribute$", subSection: "pooling", showEl: "${customizePooling && validator == 'CompareLdapValidator'}"}
+#ldap.personLdap.validatorCompareAttribute =
+
+# validator setup, currently supports CompareLdapValidator and SearchValidator. additional properties below for CompareLdapValidator. eg: people
+# {valueType: "string", regex: "^ldap\\.([^.]+)\\.validatorCompareValue$", subSection: "pooling", showEl: "${customizePooling && validator == 'CompareLdapValidator'}"}
+#ldap.personLdap.validatorCompareValue =
+
+# set this to true to set the system property: org.ldaptive.response.ENCODE_CNTRL_CHARS for ldaptive, helpful for AD
+# https://todos.internet2.edu/browse/GRP-2969
+# {valueType: "boolean"}
+ldaptiveEncodeControlChars = false
+
+##################################
+## LDAP loader settings
+##################################
+
+# el classes to add to the el context for the EL to calculate subejct ids or group names etc.
+# Comma-separated fully qualified classnamesm will be registered by the non-fully qualified
+# uncapitalized classname. So you register a.b.SomeClass, it will be available by variable: someClass
+# {valueType: "class", multiple: true}
+loader.ldap.el.classes =
+
+##################################
+## Daemon logging
+## When running the daemon log, do you want to log these various things?
+##################################
+
+# overall log for a job
+# {valueType: "boolean", required: true}
+daemon.log.logEnabled_overallLog = true
+
+# subjob log for a job (e.g. if a job manages a lite of groups)
+# {valueType: "boolean", required: true}
+daemon.log.logEnabled_subjobLog = true
+
+# groups being created or deleted
+# {valueType: "boolean", required: true}
+daemon.log.logEnabled_groupManagement = true
+
+# memberships being created or deleted
+# {valueType: "boolean", required: true}
+daemon.log.logEnabled_membershipManagement = true
+
+# if each logger map should have an id
+# {valueType: "boolean", required: true}
+daemon.log.logIdsEnabled = false
+
+
+
+##################################
+## Daily report
+##################################
+#quartz cron-like schedule for daily grouper report, the default is 7am every day: 0 0 7 * * ?
+#leave blank to disable this
+# {valueType: "cron"}
+daily.report.quartz.cron = 0 0 7 * * ?
+
+#comma separated email addresses to email the daily report, e.g. a@b.c, b@c.d
+# {valueType: "string", multiple: true}
+daily.report.emailTo =
+
+#if you put a directory here, the daily reports will be saved there, and you can
+#link up to a web service or store them or whatever. e.g. /home/grouper/reports/
+# {valueType: "string"}
+daily.report.saveInDirectory =
+
+##################################
+## enabled / disabled cron
+##################################
+
+#quartz cron-like schedule for enabled/disabled daemon. Note, this has nothing to do with the changelog
+#leave blank to disable this, the default is 5 seconds after every minute: 5 * * * * ?
+# {valueType: "cron"}
+changeLog.enabledDisabled.quartz.cron = 5 * * * * ?
+
+# seconds between re-querying upcoming updates and caching
+# {valueType: "integer", required: true}
+changeLog.enabledDisabled.queryIntervalInSeconds = 3600
+
+##################################
+## clean logs
+##################################
+
+#quartz cron-like schedule for clean logs daemon.
+# {valueType: "cron", defaultValue: "0 0 6 * * ?"}
+changeLog.cleanLogs.quartz.cron = 0 0 6 * * ?
+
+##################################
+## grouper builtin messaging cleanup cron
+##################################
+
+#quartz cron-like schedule for grouper messaging daemon.
+#leave blank to disable this, the default is every hour, 10 minutes after the hour
+#this daemon does cleanup on the builtin messaging table
+# {valueType: "cron"}
+changeLog.builtinMessagingDaemon.quartz.cron = 0 10 * * * ?
+
+# after three days of not consuming messages, delete them, if -1, dont run this daemon
+# {valueType: "integer", required: true}
+grouper.builtin.messaging.deleteAllMessagesMoreThanHoursOld = 72
+
+# after three hours of having processed messages, delete them. Note, if this is -1 just delete when marking processed
+# {valueType: "integer", required: true}
+grouper.builtin.messaging.deleteProcessedMessagesMoreThanMinutesOld = 180
+
+
+
+
+
+##################################
+## Change log
+##################################
+
+# should the change log temp to change log daemon run? Note, this should be true
+# {valueType: "boolean", defaultValue: "true"}
+changeLog.changeLogTempToChangeLog.enable = true
+
+#quartz cron-like schedule for change log temp to change log daemon, the default is 50 seconds after every minute: 50 * * * * ?
+# {valueType: "cron"}
+changeLog.changeLogTempToChangeLog.quartz.cron =
+
+# The max number of changes to send to a change log consumer at one time
+# {valueType: "integer", required: true}
+changeLog.changeLogConsumerBatchSize = 1000
+
+# Should the change log include flattened memberships?
+# {valueType: "boolean", required: true}
+changeLog.includeFlattenedMemberships = true
+
+# Should the change log include flattened privileges?
+# {valueType: "boolean", required: true}
+changeLog.includeFlattenedPrivileges = true
+
+# Should the change log include roles that have had permission changes?
+# {valueType: "boolean", required: true}
+changeLog.includeRolesWithPermissionChanges = false
+
+# Should the change log include subjects that have had permission changes?
+# {valueType: "boolean", required: true}
+changeLog.includeSubjectsWithPermissionChanges = false
+
+# Should the change log include non-flattened (immediate and composite only) memberships?
+# {valueType: "boolean", required: true}
+changeLog.includeNonFlattenedMemberships = false
+
+# Should the change log include non-flattened (immediate only) privileges?
+# {valueType: "boolean", required: true}
+changeLog.includeNonFlattenedPrivileges = false
+
+# Once the number of change log updates exceeds this value, the transaction will commit and a new one will be created
+# {valueType: "integer", required: true}
+changeLog.tooManyChangeLogUpdatesSize = 10000
+
+
+##################################
+## Change log consumers
+##################################
+
+# specify the consumers here. specify the consumer name after the changeLog.consumer. part. This example is "printTest"
+# but it could be "myConsumerName" e.g. changeLog.consumer.myConsumerName.class
+# the class must extend edu.internet2.middleware.grouper.changeLog.ChangeLogConsumerBase
+# note see Impl below
+# {valueType: "class", readOnly: true, mustExtendClass: "edu.internet2.middleware.grouper.changeLog.ChangeLogConsumerBase"}
+# changeLog.consumer.printTest.class = edu.internet2.middleware.grouper.changeLog.consumer.PrintTest
+
+# the quartz cron is a cron-like string. it defaults to every minute on the minute (since the temp to change log job runs
+# at 10 seconds to each minute). it defaults to this: 0 * * * * ?
+# though it will stagger each one by 2 seconds. You can leave this blank
+# {valueType: "cron"}
+# changeLog.consumer.printTest.quartzCron =
+
+# if you want to bump up the number of change log entries for a particular consumer, you can enter that here, per change log consumer
+# {valueType: "integer"}
+# changeLog.consumer.printTest.changeLogConsumerBatchSize = 1000
+
+# rules consumer, needed for some of the Grouper rule types to run (e.g. flattenedMembershipRemove, flattenedMembershipAdd)
+# {valueType: "class", readOnly: true, mustExtendClass: "edu.internet2.middleware.grouper.changeLog.ChangeLogConsumerBase"}
+changeLog.consumer.grouperRules.class = edu.internet2.middleware.grouper.changeLog.esb.consumer.RuleConsumer
+
+# rules consumer, needed for some of the Grouper rule types to run (e.g. flattenedMembershipRemove, flattenedMembershipAdd)
+# {valueType: "cron"}
+changeLog.consumer.grouperRules.quartzCron =
+
+# consumer for syncing groups to other groupers
+# {valueType: "class", readOnly: true, mustExtendClass: "edu.internet2.middleware.grouper.changeLog.ChangeLogConsumerBase"}
+changeLog.consumer.syncGroups.class = edu.internet2.middleware.grouper.client.GroupSyncConsumer
+
+# consumer for syncing groups to other groupers
+# {valueType: "cron"}
+changeLog.consumer.syncGroups.quartzCron =
+
+# recent-memberships consumer will update recent-membership groups as memberships/attributes change
+# {valueType: "class", readOnly: true, mustExtendClass: "edu.internet2.middleware.grouper.changeLog.ChangeLogConsumerBase"}
+changeLog.consumer.recentMemberships.class = edu.internet2.middleware.grouper.changeLog.esb.consumer.EsbConsumer
+
+# recent-memberships runs as change log consumer
+# {valueType: "cron"}
+changeLog.consumer.recentMemberships.quartzCron =
+
+# if this many records happens in one change log session, just do a full loader job
+# {valueType: "integer", defaultValue: "100"}
+changeLog.consumer.recentMemberships.maxUntilFullSync = 100
+
+# publishing class for recent-memberships
+# {valueType: "class", readOnly: true, mustExtendClass: "edu.internet2.middleware.grouper.esb.listener.EsbListenerBase"}
+changeLog.consumer.recentMemberships.publisher.class = edu.internet2.middleware.grouper.app.serviceLifecycle.GrouperRecentMembershipsChangeLogConsumer
+
+
+# Object Type Job class
+# {valueType: "class", readOnly: true, mustExtendClass: "edu.internet2.middleware.grouper.changeLog.ChangeLogConsumerBase"}
+changeLog.consumer.grouperObjectTypeIncremental.class = edu.internet2.middleware.grouper.changeLog.esb.consumer.EsbConsumer
+
+# {valueType: "class", readOnly: true, mustExtendClass: "edu.internet2.middleware.grouper.esb.listener.EsbListenerBase"}
+changeLog.consumer.grouperObjectTypeIncremental.publisher.class = edu.internet2.middleware.grouper.app.grouperTypes.GrouperObjectTypesEsbListener
+
+# object type incremental runs as change log consumer
+# {valueType: "cron"}
+changeLog.consumer.grouperObjectTypeIncremental.quartzCron = 0 * * * * ?
+
+
+# Attestation Job class
+# {valueType: "class", readOnly: true, mustExtendClass: "edu.internet2.middleware.grouper.changeLog.ChangeLogConsumerBase"}
+changeLog.consumer.grouperAttestationIncremental.class = edu.internet2.middleware.grouper.changeLog.esb.consumer.EsbConsumer
+
+# {valueType: "class", readOnly: true, mustExtendClass: "edu.internet2.middleware.grouper.esb.listener.EsbListenerBase"}
+changeLog.consumer.grouperAttestationIncremental.publisher.class = edu.internet2.middleware.grouper.app.attestation.GrouperAttestationEsbListener
+
+# attestation incremental runs as change log consumer
+# {valueType: "cron"}
+changeLog.consumer.grouperAttestationIncremental.quartzCron = 0 * * * * ?
+
+
+# Deprovisioning Job class
+# {valueType: "class", readOnly: true, mustExtendClass: "edu.internet2.middleware.grouper.changeLog.ChangeLogConsumerBase"}
+changeLog.consumer.grouperDeprovisioningIncremental.class = edu.internet2.middleware.grouper.changeLog.esb.consumer.EsbConsumer
+
+# {valueType: "class", readOnly: true, mustExtendClass: "edu.internet2.middleware.grouper.esb.listener.EsbListenerBase"}
+changeLog.consumer.grouperDeprovisioningIncremental.publisher.class = edu.internet2.middleware.grouper.app.deprovisioning.GrouperDeprovisioningEsbListener
+
+# deprovisioning incremental runs as change log consumer
+# {valueType: "cron"}
+changeLog.consumer.grouperDeprovisioningIncremental.quartzCron = 0 * * * * ?
+
+
+
+# find bad memberships consumer will fix membership issues soon after they occur
+# {valueType: "class", readOnly: true, mustExtendClass: "edu.internet2.middleware.grouper.changeLog.ChangeLogConsumerBase"}
+changeLog.consumer.findBadMemberships.class = edu.internet2.middleware.grouper.changeLog.esb.consumer.EsbConsumer
+
+# find bad memberships change log consumer
+# {valueType: "cron"}
+changeLog.consumer.findBadMemberships.quartzCron =
+
+# publishing class for find bad memberships
+# {valueType: "class", readOnly: true, mustExtendClass: "edu.internet2.middleware.grouper.esb.listener.EsbListenerBase"}
+changeLog.consumer.findBadMemberships.publisher.class = edu.internet2.middleware.grouper.misc.FindBadMembershipsChangeLogConsumer
+
+
+
+# recalculate stem view privileges as privileges change
+# {valueType: "class", readOnly: true, mustExtendClass: "edu.internet2.middleware.grouper.changeLog.ChangeLogConsumerBase"}
+changeLog.consumer.stemViewPrivileges.class = edu.internet2.middleware.grouper.changeLog.esb.consumer.EsbConsumer
+
+# recalculate stem view privileges quartz cron
+# {valueType: "cron"}
+changeLog.consumer.stemViewPrivileges.quartzCron =
+
+# publishing class for find bad memberships
+# {valueType: "class", readOnly: true, mustExtendClass: "edu.internet2.middleware.grouper.esb.listener.EsbListenerBase"}
+changeLog.consumer.stemViewPrivileges.publisher.class = edu.internet2.middleware.grouper.stem.StemViewPrivilegeEsbListener
+
+# Do a full sync on stem view privileges for applicable users
+# {valueType: "class", readOnly: true, mustImplementInterface: "org.quartz.Job"}
+otherJob.stemViewPrivilegesFull.class = edu.internet2.middleware.grouper.stem.StemViewPrivilegeFullDaemonLogic
+
+# Do a full sync on stem view privileges for applicable users
+# {valueType: "cron", required: true}
+otherJob.stemViewPrivilegesFull.quartzCron = 32 17 2 * * ?
+
+# Do a full sync on requiring memberships
+# {valueType: "class", readOnly: true, mustImplementInterface: "org.quartz.Job"}
+otherJob.grouperMembershipRequireFull.class = edu.internet2.middleware.grouper.app.membershipRequire.MembershipRequireFullSyncJob
+
+# Do a full sync on requiring memberships
+# {valueType: "cron", required: true}
+otherJob.grouperMembershipRequireFull.quartzCron = 45 31 1 * * ?
+
+# change log consumer for membership require
+# {valueType: "class", readOnly: true, mustExtendClass: "edu.internet2.middleware.grouper.changeLog.ChangeLogConsumerBase"}
+changeLog.consumer.membershipRequire.class = edu.internet2.middleware.grouper.changeLog.esb.consumer.EsbConsumer
+
+# quartz cron
+# {valueType: "cron"}
+changeLog.consumer.membershipRequire.quartzCron = 0 * * * * ?
+
+# el filter
+# {valueType: "string", regex: "^changeLog\\.consumer\\.([^.]+)\\.elfilter$"}
+changeLog.consumer.membershipRequire.elfilter = event.eventType eq 'ATTRIBUTE_ASSIGN_ADD' || event.eventType eq 'MEMBERSHIP_DELETE'
+
+# publishing class
+# {valueType: "class", readOnly: true, mustExtendClass: "edu.internet2.middleware.grouper.changeLog.esb.consumer.EsbMessagingPublisher"}
+changeLog.consumer.membershipRequire.publisher.class = edu.internet2.middleware.grouper.app.membershipRequire.MembershipRequireEsbListener
+
+
+
+
+##################################
+## Change log consumers based in Impl
+## Note, you might want to extend: edu.internet2.middleware.grouper.changeLog.ChangeLogConsumerBaseImpl
+## this is a higher level change log consumer that does a lot of logic for you
+## this class will fire certain events for groups and memberships based on tagged folders or groups
+## Note, to use this make an attribute and assign it to (generally) folder(s) or some groups or whatever
+## GSH:
+## GrouperSession grouperSession = GrouperSession.startRootSession();
+## AttributeDef provisioningMarkerAttributeDef = new AttributeDefSave(grouperSession).assignCreateParentStemsIfNotExist(true).assignName("attr:someAttrDef").assignToStem(true).assignToGroup(true).save();
+## AttributeDefName provisioningMarkerAttributeName = new AttributeDefNameSave(grouperSession, provisioningMarkerAttributeDef).assignName("attr:provisioningMarker").save()
+## Stem parentFolder = StemFinder.findByName(grouperSession, "some:folder", true);
+## parentFolder.getAttributeDelegate().assignAttribute(provisioningMarkerAttributeName);
+##################################
+
+
+# {valueType: "class", mustExtendClass: "edu.internet2.middleware.grouper.changeLog.ChangeLogConsumerBaseImpl"}
+# changeLog.consumer.abc.class = edu.internet2.middleware.grouper.changeLog.consumer.PrintChangeLogConsumer
+
+# note: this name matches the attribute name created in the example above
+# {valueType: "attributeDefName", regex: "^changeLog\\.consumer\\.([^.]+)\\.syncAttributeName$"}
+# changeLog.consumer.abc.syncAttributeName =
+
+# quartz cron of consumer
+# {valueType: "cron"}
+# changeLog.consumer.abc.quartzCron =
+
+# defaults to true if not configured
+# {valueType: "boolean", regex: "^changeLog\\.consumer\\.([^.]+)\\.retryOnError$"}
+# changeLog.consumer.abc.retryOnError =
+
+##################################
+## PSPNG
+##################################
+
+# cache the result of the analysis seeing if a group is provisionable
+# {valueType: "boolean", defaultValue: "true"}
+pspngCacheGroupProvisionable = true
+
+# When getting all provisionable groups, it will do a more efficient way if the provisionable
+# script is the standard one which I think everyone has. i.e. it knows where provision_to and
+# do_not_provision_to are, so just do the logic in java and in memory
+# {valueType: "boolean", defaultValue: "true"}
+pspngNonScriptProvisionable = true
+
+# The list of provisionable groups are cached for a number of minutes, 2 should be fine,
+# this cache is cleared at the start of each incremental or full sync also
+# {valueType: "integer", defaultValue: "1"}
+pspngCacheAllGroupProvisionableMinutes = 2
+
+# if pspng should not find group and stem attributes if it doesnt think it need to, false for old behavior
+# {valueType: "boolean", defaultValue: "true"}
+pspngCacheGroupAndStemAttributes = true
+
+# if the full sync otherJob is running, then dont run the change log for that provisioner for X minutes
+# so cached can be fully used and things dont conflict. After X minutes, allow change log to run and finish
+# but then the next change log the next minute, will wait X minutes too
+# {valueType: "integer", defaultValue: "10"}
+pspngDontRunChangeLogDuringFullSyncForMinutes = 10
+
+##################################
+## PSP
+##################################
+
+# psp consumer class
+# {valueType: "class", readOnly: true, mustExtendClass: "edu.internet2.middleware.psp.grouper.PspChangeLogConsumer"}
+# changeLog.consumer.psp.class = edu.internet2.middleware.psp.grouper.PspChangeLogConsumer
+
+# http://www.quartz-scheduler.org/documentation/quartz-1.x/tutorials/crontrigger
+# {valueType: "cron"}
+# changeLog.consumer.psp.quartzCron = 0 * * * * ?
+
+# To retry processing a change log entry if an error occurs, set retryOnError to true. Defaults to false.
+# {valueType: "boolean", required: true}
+# changeLog.consumer.psp.retryOnError = false
+
+# To run full provisioning synchronizations periodically, provide the class name which provides a 'public void fullSync()' method.
+# {valueType: "class", readOnly: true}
+# changeLog.psp.fullSync.class = edu.internet2.middleware.psp.grouper.PspChangeLogConsumer
+
+# Schedule full synchronizations. Defaults to 5 am : 0 0 5 * * ?.
+# {valueType: "cron"}
+# changeLog.psp.fullSync.quartzCron = 0 0 5 * * ?
+
+# Run a full synchronization job at startup. Defaults to false.
+# {valueType: "boolean", required: true}
+# changeLog.psp.fullSync.runAtStartup = false
+
+# Omit diff responses from bulk response to conserve memory.
+# {valueType: "boolean", required: true}
+# changeLog.psp.fullSync.omitDiffResponses = true
+
+# Omit sync responses from bulk response to conserve memory.
+# {valueType: "boolean", required: true}
+# changeLog.psp.fullSync.omitSyncResponses = true
+
+
+
+
+###################################
+## XMPP notifications
+## (note, uncomment the consumer class and cron above)
+## this will get grouper ws getMembers rest lite xmp:
+## http://anonsvn.internet2.edu/cgi-bin/viewvc.cgi/i2mi/trunk/grouper-ws/grouper-ws/doc/samples/getMembers/WsSampleGetMembersRestLite_xml.txt?view=log
+###################################
+
+# general xmpp configuration
+# {valueType: "string"}
+xmpp.server.host = jabber.school.edu
+
+# xmpp port
+# {valueType: "integer", required: true}
+xmpp.server.port = 5222
+
+# xmpp username
+# {valueType: "string"}
+xmpp.user = username
+
+# note, pass can be in an external file with morphstring
+# {valueType: "password", sensitive: true}
+xmpp.pass =
+
+# xmpp resource
+# {valueType: "string"}
+xmpp.resource = grouperServer
+
+###################################
+## Rules config
+###################################
+
+# when the rules validations and daemons run. Leave blank to not run
+# {valueType: "cron"}
+rules.quartz.cron = 0 0 7 * * ?
+
+#####################################
+## Messaging overall settings for daemon jobs
+#####################################
+
+# auto create built in queues, topics, privileges
+# {valueType: "boolean", required: true}
+loader.messaging.settings.autocreate.objects = true
+
+
+#####################################
+## Messaging listener using the messaging API
+## note, change "messagingListener" in key to be the name of the listener. e.g. messaging.listener.myAzureListener.class
+## extends edu.internet2.middleware.grouper.messaging.MessagingListenerBase
+## note, routingKey property is valid only for rabbitmq. For other messaging systems, it is ignored.
+## this listener will just print out messages: edu.internet2.middleware.grouper.messaging.MessagingListenerPrint
+#####################################
+
+# messaging listener class
+# {valueType: "class", required: true, mustExtendClass: "edu.internet2.middleware.grouper.messaging.MessagingListenerBase", regex: "^messaging\\.listener\\.([^.]+)\\.class$"}
+#messaging.listener.messagingListener.class = edu.internet2.middleware.grouper.messaging.MessagingListenerBase
+
+# messaging listener quartz cron
+# {valueType: "cron", regex: "^messaging\\.listener\\.([^.]+)\\.quartzCron$"}
+#messaging.listener.messagingListener.quartzCron = 0 * * * * ?
+
+# messaging listener messaging system name
+# {valueType: "string", regex: "^messaging\\.listener\\.([^.]+)\\.messagingSystemName$"}
+#messaging.listener.messagingListener.messagingSystemName = grouperBuiltinMessaging
+
+# messaging listener queue name
+# {valueType: "string", regex: "^messaging\\.listener\\.([^.]+)\\.queueName$"}
+#messaging.listener.messagingListener.queueName = abc
+
+# messaging listener routing key
+# {valueType: "string", regex: "^messaging\\.listener\\.([^.]+)\\.routingKey$"}
+#messaging.listener.messagingListener.routingKey =
+
+# messaging listener exchange type. Valid options are DIRECT, HEADERS, TOPIC, FANOUT
+# {valueType: "string", regex: "^messaging\\.listener\\.([^.]+)\\.exchangeType$"}
+#messaging.listener.messagingListener.exchangeType =
+
+# messaging listener number of tries per iteration
+# {valueType: "integer", regex: "^messaging\\.listener\\.([^.]+)\\.numberOfTriesPerIteration$"}
+#messaging.listener.messagingListener.numberOfTriesPerIteration = 3
+
+# messaging listener polling timeout seconds
+# {valueType: "integer", regex: "^messaging\\.listener\\.([^.]+)\\.pollingTimeoutSeconds$"}
+#messaging.listener.messagingListener.pollingTimeoutSeconds = 18
+
+# messaging listener sleep seconds in between iterations
+# {valueType: "integer", regex: "^messaging\\.listener\\.([^.]+)\\.sleepSecondsInBetweenIterations$"}
+#messaging.listener.messagingListener.sleepSecondsInBetweenIterations = 0
+
+# messaging listener max messages to receive at once
+# {valueType: "integer", regex: "^messaging\\.listener\\.([^.]+)\\.maxMessagesToReceiveAtOnce$"}
+#messaging.listener.messagingListener.maxMessagesToReceiveAtOnce = 20
+
+# if there are 20 messages to receive at once, then do this 50 times per call max
+# {valueType: "integer", regex: "^messaging\\.listener\\.([^.]+)\\.maxOuterLoops$"}
+#messaging.listener.messagingListener.maxOuterLoops = 50
+
+#####################################
+## Messaging listener using the change log consumer API
+#####################################
+
+# note, change "messagingListenerChangeLogConsumer" in key to be the name of the listener. e.g. messaging.listener.myAzureListener.class
+# keep this class to be MessagingListenerToChangeLogConsumer
+# {valueType: "class", readOnly: true, required: true, mustExtendClass: "edu.internet2.middleware.grouper.messaging.MessagingListenerToChangeLogConsumer", regex: "^messaging\\.listener\\.([^.]+)\\.class$"}
+#messaging.listener.messagingListenerChangeLogConsumer.class = edu.internet2.middleware.grouper.messaging.MessagingListenerToChangeLogConsumer
+
+# Class extends: edu.internet2.middleware.grouper.changeLog.ChangeLogConsumerBase
+# {valueType: "class", required: true, mustExtendClass: "edu.internet2.middleware.grouper.changeLog.ChangeLogConsumerBase", regex: "^messaging\\.listener\\.([^.]+)\\.changeLogConsumerClass$"}
+#messaging.listener.messagingListenerChangeLogConsumer.changeLogConsumerClass = edu.internet2.middleware.grouper.messaging.SomethingExtendsChangeLogConsumerBase
+
+# messaging listener quartz cron
+# {valueType: "cron", regex: "^messaging\\.listener\\.([^.]+)\\.quartzCron$"}
+#messaging.listener.messagingListenerChangeLogConsumer.quartzCron = 0 * * * * ?
+
+# system name
+# {valueType: "string", regex: "^messaging\\.listener\\.([^.]+)\\.messagingSystemName$"}
+#messaging.listener.messagingListenerChangeLogConsumer.messagingSystemName = grouperBuiltinMessaging
+
+# queue name in messaging system
+# {valueType: "string", regex: "^messaging\\.listener\\.([^.]+)\\.queueName$"}
+#messaging.listener.messagingListenerChangeLogConsumer.queueName = abc
+
+# number of tries per iteration
+# {valueType: "integer", regex: "^messaging\\.listener\\.([^.]+)\\.numberOfTriesPerIteration$"}
+#messaging.listener.messagingListenerChangeLogConsumer.numberOfTriesPerIteration = 3
+
+# polling timeout seconds
+# {valueType: "integer", regex: "^messaging\\.listener\\.([^.]+)\\.pollingTimeoutSeconds$"}
+#messaging.listener.messagingListenerChangeLogConsumer.pollingTimeoutSeconds = 18
+
+# sleep seconds in between iteration
+# {valueType: "integer", regex: "^messaging\\.listener\\.([^.]+)\\.sleepSecondsInBetweenIterations$"}
+#messaging.listener.messagingListenerChangeLogConsumer.sleepSecondsInBetweenIterations = 0
+
+# max messages to receive at once
+# {valueType: "integer", regex: "^messaging\\.listener\\.([^.]+)\\.maxMessagesToReceiveAtOnce$"}
+#messaging.listener.messagingListenerChangeLogConsumer.maxMessagesToReceiveAtOnce = 20
+
+# max outer loops
+# if there are 20 messages to receive at once, then do this 50 times per call max
+# {valueType: "integer", regex: "^messaging\\.listener\\.([^.]+)\\.maxOuterLoops$"}
+#messaging.listener.messagingListenerChangeLogConsumer.maxOuterLoops = 50
+
+
+#####################################
+## Messaging integration with change log, send change log entries to a messaging system
+#####################################
+
+# note, change "messaging" in key to be the name of the consumer. e.g. changeLog.consumer.myAzureConsumer.class
+# note, routingKey property is valid only for rabbitmq. For other messaging systems, it is ignored.
+# {valueType: "class", required: true, mustExtendClass: "edu.internet2.middleware.grouper.changeLog.ChangeLogConsumerToMessage"}
+#changeLog.consumer.messaging.class = edu.internet2.middleware.grouper.changeLog.ChangeLogConsumerToMessage
+
+# quartz cron
+# {valueType: "cron"}
+#changeLog.consumer.messaging.quartzCron = 0 * * * * ?
+
+# system name
+# {valueType: "string", regex: "^changeLog\\.consumer\\.([^.]+)\\.messagingSystemName$"}
+#changeLog.consumer.messaging.messagingSystemName = grouperBuiltinMessaging
+
+# routing key
+# {valueType: "string", regex: "^changeLog\\.consumer\\.([^.]+)\\.routingKey$"}
+#changeLog.consumer.messaging.routingKey =
+
+# exchange type. valid options are DIRECT, TOPIC, HEADERS, FANOUT
+# {valueType: "string", regex: "^changeLog\\.consumer\\.([^.]+)\\.exchangeType$"}
+#changeLog.consumer.messaging.exchangeType =
+
+# queue or topic
+# {valueType: "string", regex: "^changeLog\\.consumer\\.([^.]+)\\.messageQueueType$"}
+#changeLog.consumer.messaging.messageQueueType = queue
+
+# queue or topic name
+# {valueType: "string", regex: "^changeLog\\.consumer\\.([^.]+)\\.queueOrTopicName$"}
+#changeLog.consumer.messaging.queueOrTopicName = abc
+
+
+#####################################
+## Messaging integration with ESB, send change log entries to a messaging system
+#####################################
+
+# note, change "messagingEsb" in key to be the name of the consumer. e.g. changeLog.consumer.myAzureConsumer.class
+# note, routingKey property is valid only for rabbitmq. For other messaging systems, it is ignored.
+# {valueType: "class", readOnly: true, mustExtendClass: "edu.internet2.middleware.grouper.changeLog.ChangeLogConsumerBase"}
+#changeLog.consumer.messagingEsb.class = edu.internet2.middleware.grouper.changeLog.esb.consumer.EsbConsumer
+
+# quartz cron
+# {valueType: "cron"}
+#changeLog.consumer.messagingEsb.quartzCron = 0 * * * * ?
+
+# el filter
+# {valueType: "string", regex: "^changeLog\\.consumer\\.([^.]+)\\.elfilter$"}
+#changeLog.consumer.messagingEsb.elfilter = event.eventType eq 'GROUP_DELETE' || event.eventType eq 'GROUP_ADD' || event.eventType eq 'MEMBERSHIP_DELETE' || event.eventType eq 'MEMBERSHIP_ADD'
+
+# publishing class
+# {valueType: "class", readOnly: true, mustExtendClass: "edu.internet2.middleware.grouper.changeLog.esb.consumer.EsbMessagingPublisher"}
+#changeLog.consumer.messagingEsb.publisher.class = edu.internet2.middleware.grouper.changeLog.esb.consumer.EsbMessagingPublisher
+
+# messaging system name
+# {valueType: "string", regex: "^changeLog\\.consumer\\.([^.]+)\\.messagingSystemName$"}
+#changeLog.consumer.messagingEsb.publisher.messagingSystemName = grouperBuiltinMessaging
+
+# routing key
+# {valueType: "string", regex: "^changeLog\\.consumer\\.([^.]+)\\.routingKey$"}
+#changeLog.consumer.messagingEsb.publisher.routingKey =
+
+# EL replacement definition. groupName is the variable for the name of the group. grouperUtil is the class GrouperUtilElSafe can be used for utility methods.
+# {valueType: "string", regex: "^changeLog\\.consumer\\.([^.]+)\\.regexRoutingKeyReplacementDefinition$"}
+#changeLog.consumer.messagingEsb.regexRoutingKeyReplacementDefinition = ${groupName.replaceFirst('hawaii.edu', 'group.modify').replace(':enrolled', '').replace(':waitlisted', '').replace(':withdrawn', '')}
+
+# replace routing key with periods
+# {valueType: "string", regex: "^changeLog\\.consumer\\.([^.]+)\\.replaceRoutingKeyColonsWithPeriods$"}
+#changeLog.consumer.messagingEsb.replaceRoutingKeyColonsWithPeriods = true
+
+# queue or topic
+# {valueType: "string", regex: "^changeLog\\.consumer\\.([^.]+)\\.publisher\\.messageQueueType$"}
+#changeLog.consumer.messagingEsb.publisher.messageQueueType = queue
+
+# queue or topic name
+# {valueType: "string", regex: "^changeLog\\.consumer\\.([^.]+)\\.publisher\\.queueOrTopicName$"}
+#changeLog.consumer.messagingEsb.publisher.queueOrTopicName = abc
+
+# exchange type for rabbitmq. valid options are DIRECT, TOPIC, HEADERS, FANOUT
+# {valueType: "string", regex: "^changeLog\\.consumer\\.([^.]+)\\.publisher\\.exchangeType$"}
+#changeLog.consumer.messagingEsb.publisher.exchangeType =
+
+# key for optional extra arguments for rabbitmq. For each key, set up a corresponding value having the same index
+# {valueType: "string", regex: "^changeLog\\.consumer\\.([^.]+)\\.publisher\\.queueArgs\\.([0-9]+)\\.key$"}
+#changeLog.consumer.messagingEsb.publisher.queueArgs.0.key = x-queue-type
+
+# value for optional extra arguments for rabbitmq. Each index should have a corresponding key
+# {valueType: "string", regex: "^changeLog\\.consumer\\.([^.]+)\\.publisher\\.queueArgs\\.([0-9]+)\\.value$"}
+#changeLog.consumer.messagingEsb.publisher.queueArgs.0.value = quorum
+
+#####################################
+## ESB integration
+#####################################
+
+# quartz cron
+# {valueType: "cron"}
+#changeLog.consumer.awsJira.quartzCron = 0/15 * * * * ?
+
+# class
+# {valueType: "class", readOnly: true, required: true, mustExtendClass: "edu.internet2.middleware.grouper.changeLog.esb.consumer.EsbConsumer"}
+#changeLog.consumer.awsJira.class = edu.internet2.middleware.grouper.changeLog.esb.consumer.EsbConsumer
+
+# el filter
+# {valueType: "string", regex: "^changeLog\\.consumer\\.([^.]+)\\.elfilter$"}
+#changeLog.consumer.awsJira.elfilter = event.eventType eq 'MEMBERSHIP_ADD' || event.eventType eq 'MEMBERSHIP_ADD'
+
+# if dont send sensitive data
+# {valueType: "boolean", regex: "^changeLog\\.consumer\\.([^.]+)\\.noSensitiveData$"}
+#changeLog.consumer.awsJira.noSensitiveData = true
+
+# if you want to encrypt messages, set this to an implementation of edu.internet2.middleware.grouperClient.encryption.GcEncryptionInterface
+# {valueType: "class", regex: "^changeLog\\.consumer\\.([^.]+)\\.encryptionImplementation$", mustImplementInterface: "edu.internet2.middleware.grouperClient.encryption.GcEncryptionInterface"}
+#changeLog.consumer.awsJira.encryptionImplementation = edu.internet2.middleware.grouperClient.encryption.GcSymmetricEncryptAesCbcPkcs5Padding
+
+# this is a key or could be encrypted in a file as well like other passwords
+# generate a key with: java -cp grouperClient.jar edu.internet2.middleware.grouperClient.encryption.GcGenerateKey
+# {valueType: "string", regex: "^changeLog\\.consumer\\.([^.]+)\\.encryptionKey$"}
+#changeLog.consumer.awsJira.encryptionKey = abc123
+
+# if you dont want to send the first 4 of the sha hash base 64 of the secret
+# {valueType: "boolean", regex: "^changeLog\\.consumer\\.([^.]+)\\.dontSendShaBase64secretFirst4$"}
+#changeLog.consumer.awsJira.dontSendShaBase64secretFirst4 = false
+
+# publisher class
+# {valueType: "class", readOnly: true, mustExtendClass: "edu.internet2.middleware.grouperAwsChangelog.GrouperAwsEsbPublisher"}
+#changeLog.consumer.awsJira.publisher.class = edu.internet2.middleware.grouperAwsChangelog.GrouperAwsEsbPublisher
+
+# aws access key
+# {valueType: "password", sensitive: true, regex: "^changeLog\\.consumer\\.([^.]+)\\.publisher\\.awsAccessKey$"}
+#changeLog.consumer.awsJira.publisher.awsAccessKey = ABCXYZ
+
+# aws secret key
+# {valueType: "password", sensitive: true, regex: "^changeLog\\.consumer\\.([^.]+)\\.publisher\\.awsSecretKey$"}
+#changeLog.consumer.awsJira.publisher.awsSecretKey = 123REWQ
+
+# aws region
+# {valueType: "string", regex: "^changeLog\\.consumer\\.([^.]+)\\.publisher\\.awsRegion$"}
+#changeLog.consumer.awsJira.publisher.awsRegion = US_EAST_1
+
+# aws sns topic arn
+# {valueType: "string", regex: "^changeLog\\.consumer\\.([^.]+)\\.publisher\\.awsSnsTopicArn$"}
+#changeLog.consumer.awsJira.publisher.awsSnsTopicArn = arn:aws:sns:us-east-1:123:name
+
+# quartz cron
+# {valueType: "cron"}
+#changeLog.consumer.xmppTest.quartzCron =
+
+# class
+# {valueType: "class", readOnly: true, required: true, mustExtendClass: "edu.internet2.middleware.grouper.changeLog.esb.consumer.EsbConsumer"}
+#changeLog.consumer.xmppTest.class = edu.internet2.middleware.grouper.changeLog.esb.consumer.EsbConsumer
+
+# el filter
+# {valueType: "string", regex: "^changeLog\\.consumer\\.([^.]+)\\.elfilter$"}
+#changeLog.consumer.xmppTest.elfilter = event.eventType eq 'GROUP_DELETE' || event.eventType eq 'GROUP_ADD' || event.eventType eq 'MEMBERSHIP_DELETE' || event.eventType eq 'MEMBERSHIP_ADD'
+
+# publisher class
+# {valueType: "class", readOnly: true, mustExtendClass: "edu.internet2.middleware.grouperAwsChangelog.GrouperAwsEsbPublisher"}
+#changeLog.consumer.xmppTest.publisher.class = edu.internet2.middleware.grouper.changeLog.esb.consumer.EsbXmppPublisher
+
+# publisher server
+# {valueType: "string", regex: "^changeLog\\.consumer\\.([^.]+)\\.publisher\\.server$"}
+#changeLog.consumer.xmppTest.publisher.server = jabber.school.edu
+
+# {valueType: "integer", required: true, regex: "^changeLog\\.consumer\\.([^.]+)\\.publisher\\.port$"}
+#changeLog.consumer.xmppTest.publisher.port = 5222
+
+# user name
+# {valueType: "string", regex: "^changeLog\\.consumer\\.([^.]+)\\.publisher\\.username$"}
+#changeLog.consumer.xmppTest.publisher.username = jabberuser
+
+# password
+# {valueType: "password", sensitive: true, regex: "^changeLog\\.consumer\\.([^.]+)\\.publisher\\.password$"}
+#changeLog.consumer.xmppTest.publisher.password = /home/whatever/pass/jabberuserEncrypted.pass
+
+# recipient
+# {valueType: "string", regex: "^changeLog\\.consumer\\.([^.]+)\\.publisher\\.recipient$"}
+#changeLog.consumer.xmppTest.publisher.recipient = system1@school.edu
+
+# add subject attributes
+# {valueType: "string", multiple: true, regex: "^changeLog\\.consumer\\.([^.]+)\\.publisher\\.addSubjectAttributes$"}
+#changeLog.consumer.xmppTest.publisher.addSubjectAttributes = NETID
+
+#note, on the content type header, activemq might need: application/x-www-form-urlencoded
+# {valueType: "string", regex: "^changeLog\\.consumer\\.([^.]+)\\.publisher\\.contentTypeHeader$"}
+#changeLog.consumer.xmppTest.publisher.contentTypeHeader = application/json; charset=utf-8
+
+#note, on the stringRequestEntityPrefix, activemq might need: data=
+# {valueType: "string", regex: "^changeLog\\.consumer\\.([^.]+)\\.publisher\\.stringRequestEntityPrefix$"}
+#changeLog.consumer.xmppTest.publisher.stringRequestEntityPrefix =
+
+#note, on the stringRequestEntityContentType, activemq might need: application/x-www-form-urlencoded
+# {valueType: "string", regex: "^changeLog\\.consumer\\.([^.]+)\\.publisher\\.stringRequestEntityContentType$"}
+#changeLog.consumer.xmppTest.publisher.stringRequestEntityContentType = application/json
+
+
+################################
+## Other jobs built-in
+##
+## Configure other jobs.
+## "jobName" is the name of your job.
+## Class must implement org.quartz.Job.
+## Priority is optional
+##
+## For jobs that run by default, you can disable them by setting an empty quartz cron in grouper-loader.properties.
+################################
+
+# Find and fix bad memberships class
+# {valueType: "class", readOnly: true, mustImplementInterface: "org.quartz.Job"}
+otherJob.findBadMemberships.class = edu.internet2.middleware.grouper.misc.FindBadMembershipsDaemon
+
+# Find and fix bad memberships cron
+# {valueType: "cron", required: true}
+otherJob.findBadMemberships.quartzCron = 0 0 1 * * ?
+
+# Find and fix PIT data which is missing
+# {valueType: "class", readOnly: true, mustImplementInterface: "org.quartz.Job"}
+otherJob.syncAllPitTables.class = edu.internet2.middleware.grouper.misc.SyncAllPitTablesDaemon
+
+# Find and fix PIT data which is missing cron
+# {valueType: "cron", required: true}
+otherJob.syncAllPitTables.quartzCron = 59 59 23 31 12 ? 2099
+
+# Find and fix bad set tables, which are what links up transitive relationships
+# {valueType: "class", readOnly: true, mustImplementInterface: "org.quartz.Job"}
+otherJob.syncAllSetTables.class = edu.internet2.middleware.grouper.misc.SyncAllSetTablesDaemon
+
+# Find and fix bad set tables, which are what links up transitive relationships
+# {valueType: "cron", required: true}
+otherJob.syncAllSetTables.quartzCron = 59 59 23 31 12 ? 2099
+
+# Keep the current time in a database independent way
+# {valueType: "class", readOnly: true, mustImplementInterface: "org.quartz.Job"}
+otherJob.timeDaemon.class = edu.internet2.middleware.grouper.app.serviceLifecycle.GrouperTimeDaemon
+
+# Run the time daemon every minute
+# {valueType: "cron", required: true}
+otherJob.timeDaemon.quartzCron = 45 * * * * ?
+
+# Delete old sync logs
+# {valueType: "class", readOnly: true, mustImplementInterface: "org.quartz.Job"}
+otherJob.deleteOldSyncLogs.class = edu.internet2.middleware.grouper.app.provisioning.DeleteOldSyncLogsDaemon
+
+# Run the delete old sync logs daemon every minute
+# {valueType: "cron", required: true}
+otherJob.deleteOldSyncLogs.quartzCron = 39 41 23 * * ?
+
+# Keep entries for this many seconds. Default to 1 week (604800 seconds). Set to -1 to keep all (not recommended)
+# {valueType: "integer", defaultValue: "604800"}
+otherJob.deleteOldSyncLogs.keepEntriesForSeconds =
+
+# Find and fix scheduler issues class
+# {valueType: "class", readOnly: true, mustExtendClass: "edu.internet2.middleware.grouper.app.loader.OtherJobBase", mustImplementInterface: "org.quartz.Job"}
+otherJob.schedulerCheckDaemon.class = edu.internet2.middleware.grouper.app.loader.GrouperDaemonSchedulerCheck
+
+# Find and fix scheduler issues cron
+# {valueType: "cron", required: true}
+otherJob.schedulerCheckDaemon.quartzCron = 25 0/30 * * * ?
+
+# If there hasnt been a success in the last X minutes, then kick this off from thread (not from daemon). Who is watching the watcher?
+# If this is -1, then do not run a watcher thread
+# {valueType: "integer", defaultValue: "35"}
+otherJob.schedulerCheckDaemon.maxMinutesSinceSuccess = 35
+
+# If there has been a daemon run in the last X minutes, then dont run manually. -1 to not include. Note, if maxMinutesSinceSuccess is -1, then
+# this config will not be used
+# {valueType: "integer", defaultValue: "15"}
+otherJob.schedulerCheckDaemon.minMinutesSinceStarted = 15
+
+# Atttestation Job class
+# {valueType: "class", readOnly: true, mustExtendClass: "edu.internet2.middleware.grouper.app.loader.OtherJobBase", mustImplementInterface: "org.quartz.Job"}
+otherJob.attestationDaemon.class = edu.internet2.middleware.grouper.app.attestation.GrouperAttestationJob
+
+# Atttestation Job cron
+# {valueType: "cron", required: true}
+otherJob.attestationDaemon.quartzCron = 0 0 1 * * ?
+
+# Provisioning Job class
+# {valueType: "class", readOnly: true, mustExtendClass: "edu.internet2.middleware.grouper.app.loader.OtherJobBase", mustImplementInterface: "org.quartz.Job"}
+otherJob.grouperProvisioningDaemon.class = edu.internet2.middleware.grouper.app.provisioning.GrouperProvisioningJob
+
+# Provisioning Job cron
+# {valueType: "cron", required: true}
+otherJob.grouperProvisioningDaemon.quartzCron = 0 0 4 * * ?
+
+
+# Provisioning FullSync Job class
+# {valueType: "class", readOnly: true, mustExtendClass: "edu.internet2.middleware.grouper.app.loader.OtherJobBase", mustImplementInterface: "org.quartz.Job"}
+# otherJob.grouperProvisioningFullSyncDaemon.class = edu.internet2.middleware.grouper.app.provisioning.GrouperProvisioningFullSyncJob
+
+# Provisioning FullSync provisioner config id
+# {valueType: "string", required: true, formElement: "dropdown", optionValuesFromClass: "edu.internet2.middleware.grouper.app.provisioning.ProvisioningConfigurationOptionValueDriver"}
+# otherJob.grouperProvisioningFullSyncDaemon.provisionerConfigId =
+
+# Provisioning Full sync Job cron
+# {valueType: "cron", required: true}
+# otherJob.grouperProvisioningFullSyncDaemon.quartzCron = 0 0 4 * * ?
+
+# Provisioning Incremental sync Job class
+# {valueType: "class", required: true, readOnly: true, mustExtendClass: "edu.internet2.middleware.grouper.changeLog.esb.consumer.EsbConsumer"}
+# changeLog.consumer.grouperProvisioningIncrementalSyncDaemon.class = edu.internet2.middleware.grouper.changeLog.esb.consumer.EsbConsumer
+
+# Provisioning Incremental provisioner config id
+# {valueType: "string", required: true, formElement: "dropdown", optionValuesFromClass: "edu.internet2.middleware.grouper.app.provisioning.ProvisioningConfigurationOptionValueDriver"}
+# changeLog.consumer.grouperProvisioningIncrementalSyncDaemon.provisionerConfigId =
+
+# Provisioning Incremental sync Job cron
+# {valueType: "cron"}
+# changeLog.consumer.grouperProvisioningIncrementalSyncDaemon.quartzCron = 0 * * * * ?
+
+# publisher class
+# {valueType: "class", readOnly: true, mustExtendClass: "edu.internet2.middleware.grouper.app.provisioning.ProvisioningConsumer"}
+# changeLog.consumer.grouperProvisioningIncrementalSyncDaemon.publisher.class = edu.internet2.middleware.grouper.app.provisioning.ProvisioningConsumer
+
+# turns on the changelog consumer debug logging
+# {valueType: "boolean", defaultValue: "false"}
+# changeLog.consumer.grouperProvisioningIncrementalSyncDaemon.publisher.debug = false
+
+# Run upgrade tasks
+# {valueType: "class", readOnly: true, mustExtendClass: "edu.internet2.middleware.grouper.app.loader.OtherJobBase", mustImplementInterface: "org.quartz.Job"}
+otherJob.upgradeTasks.class = edu.internet2.middleware.grouper.app.upgradeTasks.UpgradeTasksJob
+
+# Run upgrade tasks cron
+# {valueType: "cron", required: true}
+otherJob.upgradeTasks.quartzCron = 5 25 * * * ?
+
+# reports clear Job class
+# {valueType: "class", readOnly: true, mustExtendClass: "edu.internet2.middleware.grouper.app.loader.OtherJobBase", mustImplementInterface: "org.quartz.Job"}
+otherJob.grouperReportClearDaemon.class = edu.internet2.middleware.grouper.app.reports.GrouperReportClearJob
+
+# reports clear Job cron
+# {valueType: "cron", required: true}
+otherJob.grouperReportClearDaemon.quartzCron = 0 0 3 * * ?
+
+# Workflow daemon that updates instances and send emails
+# {valueType: "class", readOnly: true, mustExtendClass: "edu.internet2.middleware.grouper.app.loader.OtherJobBase", mustImplementInterface: "org.quartz.Job"}
+otherJob.grouperWorkflowDaemon.class = edu.internet2.middleware.grouper.app.workflow.GrouperWorkflowDaemonJob
+
+# Object Type Job cron
+# {valueType: "cron", required: true}
+otherJob.grouperWorkflowDaemon.quartzCron = 0 0/5 * ? * * *
+
+# Workflow reminder email daemon
+# {valueType: "class", readOnly: true, mustExtendClass: "edu.internet2.middleware.grouper.app.loader.OtherJobBase", mustImplementInterface: "org.quartz.Job"}
+otherJob.grouperWorkflowReminderDaemon.class = edu.internet2.middleware.grouper.app.workflow.GrouperWorkflowReminderEmailJob
+
+# Object Type Job cron
+# {valueType: "cron", required: true}
+otherJob.grouperWorkflowReminderDaemon.quartzCron = 0 0 4 * * ?
+
+# Grouper password recently used clean up job
+# dont have password in name or grouper will think its a secret
+# {valueType: "class", readOnly: true, mustExtendClass: "edu.internet2.middleware.grouper.app.loader.OtherJobBase", mustImplementInterface: "org.quartz.Job"}
+otherJob.grouperCredentialRecentlyUsedCleanupDaemon.class = edu.internet2.middleware.grouper.authentication.GrouperPasswordRecentlyUsedCleanupJob
+
+# Grouper password recently used clean up job cron
+# dont have password in name or grouper will think its a secret
+# {valueType: "cron", required: true}
+otherJob.grouperCredentialRecentlyUsedCleanupDaemon.quartzCron = 8 19 * * * ?
+
+# number of entries to keep in the table per grouper password
+# dont have password in name or grouper will think its a secret
+# {valueType: "integer"}
+otherJob.grouperCredentialRecentlyUsedCleanupDaemon.entriesToKeep = 20
+
+# Grouper loader to sync jexl script jobs
+# {valueType: "class", readOnly: true, mustExtendClass: "edu.internet2.middleware.grouper.app.loader.OtherJobBase", mustImplementInterface: "org.quartz.Job"}
+otherJob.grouperLoaderJexlScriptFullSync.class = edu.internet2.middleware.grouper.abac.GrouperLoaderJexlScriptFullSync
+
+# Grouper loader to sync jexl script jobs
+# {valueType: "cron", required: true}
+otherJob.grouperLoaderJexlScriptFullSync.quartzCron = 31 19 * * * ?
+
+################################
+## Table sync jobs
+## tableSync jobs should use class: edu.internet2.middleware.grouper.app.tableSync.TableSyncOtherJob
+## and include a setting to point to the grouperClient config, if not same: otherJob.<otherJobName>.grouperClientTableSyncConfigKey = key
+## this is the subtype of job to run: otherJob.<otherJobName>.syncType = fullSyncFull
+## (can be: fullSyncFull, fullSyncGroups, fullSyncChangeFlag, incrementalAllColumns, incrementalPrimaryKey)
+################################
+
+# Object Type Job class
+# {valueType: "class", readOnly: true, mustExtendClass: "edu.internet2.middleware.grouper.app.loader.OtherJobBase", mustImplementInterface: "org.quartz.Job"}
+# otherJob.membershipSync.class = edu.internet2.middleware.grouper.app.tableSync.TableSyncOtherJob
+
+# Object Type Job cron
+# {valueType: "cron", required: true}
+# otherJob.membershipSync.quartzCron = 0 0/30 * * * ?
+
+# this is the key in the grouper.client.properties that represents this job
+# {valueType: "string", required: true, formElement: "dropdown", optionValuesFromClass: "edu.internet2.middleware.grouper.app.sqlSync.SqlSyncConfiguration"}
+# otherJob.membershipSync.grouperClientTableSyncConfigKey =
+
+# fullSyncFull, fullSyncGroups, fullSyncChangeFlag, incrementalAllColumns, incrementalPrimaryKey
+# {valueType: "string", required: true, formElement: "dropdown", optionValues: ["fullSyncFull", "fullSyncGroups", "fullSyncChangeFlag", "incrementalAllColumns", "incrementalPrimaryKey"]}
+# otherJob.membershipSync.syncType =
+
+
+
+# Object Type Job class
+# {valueType: "class", readOnly: true, mustExtendClass: "edu.internet2.middleware.grouper.app.loader.OtherJobBase", mustImplementInterface: "org.quartz.Job"}
+otherJob.recentMembershipsConfFull.class = edu.internet2.middleware.grouper.app.tableSync.TableSyncOtherJob
+
+# Object Type Job cron, every hour
+# {valueType: "cron", required: true}
+otherJob.recentMembershipsConfFull.quartzCron = 0 0 * * * ?
+
+# this is the key in the grouper.client.properties that represents this job
+# {valueType: "string"}
+otherJob.recentMembershipsConfFull.grouperClientTableSyncConfigKey = recentMembershipsConf
+
+# fullSyncFull, fullSyncGroups, fullSyncChangeFlag, incrementalAllColumns, incrementalPrimaryKey
+# {valueType: "string"}
+otherJob.recentMembershipsConfFull.syncType = fullSyncFull
+
+################################
+## USDU
+################################
+
+
+# USDU Job class
+# {valueType: "class", mustExtendClass: "edu.internet2.middleware.grouper.app.loader.OtherJobBase", mustImplementInterface: "org.quartz.Job"}
+otherJob.usduDaemon.class = edu.internet2.middleware.grouper.app.usdu.UsduJob
+
+# USDU Job cron
+# {valueType: "cron", required: true}
+otherJob.usduDaemon.quartzCron = 0 0 1 * * ?
+
+################################
+## Other jobs
+##
+## Configure other jobs.
+## "jobName" is the name of your job.
+## Class must implement org.quartz.Job. Should extend edu.internet2.middleware.grouper.app.loader.OtherJobBase
+## Priority is optional
+## see edu.internet2.middleware.grouper.app.loader.GrouperLoaderIncrementalJob as an example
+##
+################################
+
+# other job class
+# {valueType: "class", required: true, mustExtendClass: "edu.internet2.middleware.grouper.app.loader.OtherJobBase", mustImplementInterface: "org.quartz.Job"}
+# otherJob.jobName.class = a.b.c.SomethingThatExtendsOtherJobBase
+
+# other job quartz cron
+# {valueType: "cron", required: true}
+# otherJob.jobName.quartzCron =
+
+# other job priority (optional)
+# {valueType: "integer", defaultValue: "5"}
+# otherJob.jobName.priority =
+
+
+#####################################
+## Message to WS Daemon Job
+#####################################
+
+# message to ws daemon job class
+# {valueType: "class", mustExtendClass: "edu.internet2.middleware.grouper.app.loader.OtherJobBase", mustImplementInterface: "org.quartz.Job"}
+#otherJob.messageConsumerDaemon.class = edu.internet2.middleware.grouper.app.messaging.MessageConsumerDaemon
+
+# message to ws daemon job cron
+# {valueType: "cron", required: true}
+#otherJob.messageConsumerDaemon.quartzCron = 0 * * ? * *
+
+# there can be multiple entries, "wsMessagingBridge" is the name of this one, change that for each config section
+# the messaging system name must correspond to a messaging system in the grouper.client.properties
+# {valueType: "string", regex: "^grouper\\.messaging\\.([^.]+)\\.messagingSystemName$"}
+# grouper.messaging.wsMessagingBridge.messagingSystemName = rabbitMqMessaging
+
+# the queue or topic to check
+# {valueType: "string", regex: "^grouper\\.messaging\\.([^.]+)\\.messagingSystemName$"}
+#grouper.messaging.wsMessagingBridge.queueOrTopicName = sampleWsMessagingQueue
+
+# routingKey is only valid for rabbitmq; for others, it's ignored
+# {valueType: "string", regex: "^grouper\\.messaging\\.([^.]+)\\.routingKey$"}
+#grouper.messaging.wsMessagingBridge.routingKey =
+
+# exchangeType is only valid for rabbitmq; for others, it's ignored. Valid options are DIRECT, TOPIC, HEADERS, FANOUT
+# {valueType: "string", required: false, regex: "^grouper\\.messaging\\.([^.]+)\\.exchangeType$"}
+#grouper.messaging.wsMessagingBridge.exchangeType =
+
+# if this is a "queue" or "topic", generally it will be queue
+# {valueType: "string", regex: "^grouper\\.messaging\\.([^.]+)\\.messageQueueType$"}
+#grouper.messaging.wsMessagingBridge.messageQueueType = queue
+
+# the source id of the source of the user to act as
+# {valueType: "string", regex: "^grouper\\.messaging\\.([^.]+)\\.actAsSubjectSourceId$"}
+#grouper.messaging.wsMessagingBridge.actAsSubjectSourceId = g:isa
+
+# the subject id of the user to act as
+# {valueType: "string", regex: "^grouper\\.messaging\\.([^.]+)\\.actAsSubjectId$"}
+#grouper.messaging.wsMessagingBridge.actAsSubjectId = GrouperSystem
+
+# the long polling seconds, listen to the queue for this many seconds for messages
+# {valueType: "integer", required: true, regex: "^grouper\\.messaging\\.([^.]+)\\.longPollingSeconds$"}
+#grouper.messaging.wsMessagingBridge.longPollingSeconds = 20
+
+# grouper ws url
+# {valueType: "string", regex: "^grouper\\.messaging\\.([^.]+)\\.ws\\.url$"}
+#grouper.messaging.wsMessagingBridge.ws.url =
+
+# grouper ws username
+# {valueType: "string", regex: "^grouper\\.messaging\\.([^.]+)\\.ws\\.username$"}
+#grouper.messaging.wsMessagingBridge.ws.username =
+
+# grouper ws password
+# {valueType: "password", sensitive: true, regex: "^grouper\\.messaging\\.([^.]+)\\.ws\\.password$"}
+#grouper.messaging.wsMessagingBridge.ws.password =
+
+# proxy requests here, e.g. https://server:1234
+# {valueType: "string", regex: "^grouper\\.messaging\\.([^.]+)\\.ws\\.proxyUrl$"}
+#grouper.messaging.wsMessagingBridge.ws.proxyUrl =
+
+# socks or http
+# {valueType: "string", regex: "^grouper\\.messaging\\.([^.]+)\\.ws\\.proxyType$", formElement: "dropdown", optionValues: ["PROXY_HTTP", "PROXY_SOCKS5"]}
+#grouper.messaging.wsMessagingBridge.ws.proxyType =
+
+
+
+# optional queue argument keys for rabbitMQ, number from zero and increase sequentially
+# {valueType: "string", regex: "^grouper\\.messaging\\.([^.]+)\\.queueArgs\\.([0-9]+)\\.key$"}
+#grouper.messaging.wsMessagingBridge.queueArgs.0.key = x-queue-type
+
+# optional queue argument values for rabbitMQ
+# {valueType: "string", regex: "^grouper\\.messaging\\.([^.]+)\\.queueArgs\\.([0-9]+)\\.value$"}
+#grouper.messaging.wsMessagingBridge.queueArgs.0.value = quorum
+
+#####################################################
+## TIER Instrumentation daemon - send stats to TIER.
+#####################################################
+
+# set this to enable the instrumentation
+# {valueType: "class", mustExtendClass: "edu.internet2.middleware.grouper.app.loader.OtherJobBase"}
+otherJob.tierInstrumentationDaemon.class = edu.internet2.middleware.grouper.instrumentation.TierInstrumentationDaemon
+
+# cron string
+# {valueType: "cron", required: true}
+otherJob.tierInstrumentationDaemon.quartzCron = 0 0 2 * * ?
+
+# proxy requests here, e.g. https://server:1234
+# {valueType: "string"}
+otherJob.tierInstrumentationDaemon.proxyUrl =
+
+# socks or http
+# {valueType: "string", formElement: "dropdown", optionValues: ["PROXY_HTTP", "PROXY_SOCKS5"]}
+otherJob.tierInstrumentationDaemon.proxyType =
+
+# collector url
+# {valueType: "string"}
+otherJob.tierInstrumentationDaemon.collectorUrl = http://collector.testbed.tier.internet2.edu:5001
+
+
+
+###############################################################
+## Object types full sync daemon - propagates object types
+###############################################################
+
+# set this to enable the object types full sync
+# {valueType: "class", mustExtendClass: "edu.internet2.middleware.grouper.app.loader.OtherJobBase"}
+otherJob.objectTypesFullSyncDaemon.class = edu.internet2.middleware.grouper.app.grouperTypes.GrouperObjectTypesDaemonLogic
+
+# cron string
+# {valueType: "cron", required: true}
+otherJob.objectTypesFullSyncDaemon.quartzCron = 39 17 2 * * ?
+
+###############################################################
+## Attestation full sync daemon - propagates attestation attributes
+###############################################################
+
+# set this to enable the attestation full sync
+# {valueType: "class", mustExtendClass: "edu.internet2.middleware.grouper.app.loader.OtherJobBase"}
+otherJob.attestationFullSyncDaemon.class = edu.internet2.middleware.grouper.app.attestation.GrouperAttestationDaemonLogic
+
+# cron string
+# {valueType: "cron", required: true}
+otherJob.attestationFullSyncDaemon.quartzCron = 45 18 2 * * ?
+
+###############################################################
+## Deprovisioning full sync daemon - propagates deprovisioning attributes
+###############################################################
+
+# set this to enable the deprovisioning full sync
+# {valueType: "class", mustExtendClass: "edu.internet2.middleware.grouper.app.loader.OtherJobBase"}
+otherJob.deprovisioningFullSyncDaemon.class = edu.internet2.middleware.grouper.app.deprovisioning.GrouperDeprovisioningDaemonLogic
+
+# cron string
+# {valueType: "cron", required: true}
+otherJob.deprovisioningFullSyncDaemon.quartzCron = 50 20 4 * * ?
+
+#####################################################
+## Email notifications (e.g. daily)
+#####################################################
+
+
+# set this class to enable the email notification
+# {valueType: "class", readOnly: true, mustExtendClass: "edu.internet2.middleware.grouper.app.loader.OtherJobBase"}
+# otherJob.emailNotificationConfigId.class = edu.internet2.middleware.grouper.app.loader.NotificationDaemon
+
+# cron string
+# {valueType: "cron", required: true}
+# otherJob.emailNotificationConfigId.quartzCron = 0 03 5 * * ?
+
+# is this a notification to each result, or a summary of the results (perhaps printing the list in the email)
+# {valueType: "string", required: true, regex: "^otherJob\\.([^.]+)\\.emailType$", formElement: "dropdown", optionValues: ["notification", "summary"]}
+# otherJob.emailNotificationConfigId.emailType =
+
+# is the population to get the email from a group or from a sql query?
+# {valueType: "string", required: true, regex: "^otherJob\\.([^.]+)\\.populationType$", formElement: "dropdown", optionValues: ["groupMembership", "sqlQuery"]}
+# otherJob.emailNotificationConfigId.populationType =
+
+# group name fully qualified of group which the population should receive the email, or that the summary is about. e.g. a:b:c
+# {valueType: "string", required: true, regex: "^otherJob\\.([^.]+)\\.emailListGroupName$", showEl: "${populationType == 'groupMembership'}"}
+# otherJob.emailNotificationConfigId.emailListGroupName =
+
+# sql connection id (of your database external systems) that the query runs where the results are the people to send emails to, or that the summary is about.
+# {valueType: "string", regex: "^otherJob\\.([^.]+)\\.emailListDbConnection$", showEl: "${populationType == 'sqlQuery'}", formElement: "dropdown", optionValuesFromClass: "edu.internet2.middleware.grouper.app.loader.db.DatabaseGrouperExternalSystem"}
+# otherJob.emailNotificationConfigId.emailListDbConnection =
+
+# sql query where each row represents a subject to send an email to, or a row in the email summary.
+# There must be a column of subject_id. There can optionally be a column email_address_to_send_to if you want to override the subject email address.
+# Any other columns will be available for the email body and subject template.
+# {valueType: "string", required: true, formElement: "textarea", regex: "^otherJob\\.([^.]+)\\.emailListQuery$", showEl: "${populationType == 'sqlQuery'}"}
+# otherJob.emailNotificationConfigId.emailListQuery =
+
+# If this is a summary type email, then this is group to send email to. Each member of the group will receive the summary
+# {valueType: "string", required: true, regex: "^otherJob\\.([^.]+)\\.emailSummaryToGroupName$", showEl: "${emailType == 'summary'}"}
+# otherJob.emailNotificationConfigId.emailSummaryToGroupName =
+
+# Only send the summary email if there are records to report on
+# {valueType: "boolean", required: true, regex: "^otherJob\\.([^.]+)\\.emailSummaryOnlyIfRecordsExist$", showEl: "${emailType == 'summary'}"}
+# otherJob.emailNotificationConfigId.emailSummaryOnlyIfRecordsExist =
+
+# subject source id of subjects to send emails to (filter subjects from other sources)
+# {valueType: "string", regex: "^otherJob\\.([^.]+)\\.subjectSourceId$", formElement: "dropdown", optionValuesFromClass: "edu.internet2.middleware.subject.provider.SourceManagerOptionValueDriver"}
+# otherJob.emailNotificationConfigId.subjectSourceId =
+
+# subject of the email. Note, you can use any variables that the body uses. This is a jexl template
+# {valueType: "string", required: true, regex: "^otherJob\\.([^.]+)\\.emailSubjectTemplate$"}
+# otherJob.emailNotificationConfigId.emailSubjectTemplate =
+
+# body of the email. You can use any variables from the query or the subject. Uses a JEXL template. e.g. hello ${subject_name},
+# subject_name, subject_id, subject_description, subject_attribute_firstname (where "firstname" is a lower case subject attribute key),
+# column_some_column_name where "some_column_name" is a lower case column name from query (if applicable). __NEWLINE__ will substitute
+# to a newline. If this is a summary report, then you can loop over the records to print a line per person. The JEXL template
+# code part starts with two dollar signs: $$ e.g.
+# ${size(listOfRecordMaps)}__NEWLINE__$$ for (var recordMap : listOfRecordMaps) {__NEWLINE__ Record subject ID: ${recordMap.get('subject_id')}__NEWLINE__$$}
+# {valueType: "string", required: true, formElement: "textarea", regex: "^otherJob\\.([^.]+)\\.emailBodyTemplate$"}
+# otherJob.emailNotificationConfigId.emailBodyTemplate =
+
+# group name of a group that the user will be added to after an email is sent, with a membership attribute with value.
+# Note, this uses the attribute framework with PIT so you probably shouldnt use this "group of people who received emails"
+# for use cases with mass email sending.
+# of yyyy/mm/dd (string) of as email sent date
+# {valueType: "string", regex: "^otherJob\\.([^.]+)\\.lastSentGroupName$"}
+# otherJob.emailNotificationConfigId.lastSentGroupName =
+
+# group name of a group that the user must be in, to be eligible to get emails sent to them, or eligible to be in the summary
+# {valueType: "string", regex: "^otherJob\\.([^.]+)\\.eligibilityGroupName$"}
+# otherJob.emailNotificationConfigId.eligibilityGroupName =
+
+# email addresses to be emailed as bcc (comma separated)
+# {valueType: "string", regex: "^otherJob\\.([^.]+)\\.bccsCommaSeparated$"}
+# otherJob.emailNotificationConfigId.bccsCommaSeparated =
+
+# if true then only sent to bcc and the "to" line will be in the email
+# only 20 emails will be sent max
+# {valueType: "boolean", defaultValue: "false", regex: "^otherJob\\.([^.]+)\\.sendToBccOnly$"}
+# otherJob.emailNotificationConfigId.sendToBccOnly =
+
+#####################################################
+## Sync to Grouper from SQL (or Grouper via SQL)
+#####################################################
+
+# Set this class to enable the email notification
+# {valueType: "class", readOnly: true, mustExtendClass: "edu.internet2.middleware.grouper.app.loader.OtherJobBase"}
+# otherJob.syncToGrouperFromSqlConfigId.class = edu.internet2.middleware.grouper.app.syncToGrouper.SyncToGrouperFromSqlDaemon
+
+# Cron string
+# {valueType: "cron", required: true}
+# otherJob.syncToGrouperFromSqlConfigId.quartzCron = 0 03 5 * * ?
+
+# Readonly (true to not make changes in Grouper)
+# {valueType: "boolean", order: 1000, subSection: "sqlSyncToGrouper", regex: "^otherJob\\.([^.]+)\\.sqlSyncToGrouperReadonly$", required: true}
+# otherJob.syncToGrouperFromSqlConfigId.sqlSyncToGrouperReadonly =
+
+# Debug output
+# {valueType: "boolean", order: 2000, subSection: "sqlSyncToGrouper", regex: "^otherJob\\.([^.]+)\\.sqlSyncToGrouperLogOutput$", defaultValue: "false"}
+# otherJob.syncToGrouperFromSqlConfigId.sqlSyncToGrouperLogOutput =
+
+# Sql connection id (of your database external systems) where the data table is
+# {valueType: "string", order: 3000, subSection: "sqlSyncToGrouper", regex: "^otherJob\\.([^.]+)\\.sqlSyncToGrouperDatabaseConfigId$", required: true, formElement: "dropdown", optionValuesFromClass: "edu.internet2.middleware.grouper.app.loader.db.DatabaseGrouperExternalSystem"}
+# otherJob.syncToGrouperFromSqlConfigId.sqlSyncToGrouperDatabaseConfigId =
+
+# Sync from another Grouper (true) will auto generate queries that work with Grouper. Select false to enter in arbitrary SQL queries.
+# {valueType: "boolean", order: 4000, subSection: "sqlSyncToGrouper", regex: "^otherJob\\.([^.]+)\\.sqlSyncToGrouperFromAnotherGrouper$", required: true}
+# otherJob.syncToGrouperFromSqlConfigId.sqlSyncToGrouperFromAnotherGrouper =
+
+# Set a schema to point to in the database connection if not connecting as the schema that either owns the objects or has synonyms to them without prefix
+# {valueType: "String", order: 5000, subSection: "sqlSyncToGrouper", regex: "^otherJob\\.([^.]+)\\.sqlSyncToGrouperDatabaseSyncFromAnotherGrouperSchema$", showEl: "${sqlSyncToGrouperFromAnotherGrouper}"}
+# otherJob.syncToGrouperFromSqlConfigId.sqlSyncToGrouperDatabaseSyncFromAnotherGrouperSchema =
+
+# Use SQL metadata to see which columns are available for syncing. Otherwise specify which columns to sync
+# {valueType: "boolean", order: 6000, subSection: "sqlSyncToGrouper", regex: "^otherJob\\.([^.]+)\\.sqlSyncToGrouperAutoconfigureColumns$", required: true}
+# otherJob.syncToGrouperFromSqlConfigId.sqlSyncToGrouperAutoconfigureColumns =
+
+# Specify the top level folders to sync by name comma separated
+# {valueType: "string", order: 7000, subSection: "sqlSyncToGrouper", regex: "^otherJob\\.([^.]+)\\.sqlSyncToGrouperTopLevelStems$", required: true, multiple: true}
+# otherJob.syncToGrouperFromSqlConfigId.sqlSyncToGrouperTopLevelStems =
+
+# True to sync folders to Grouper
+# {valueType: "boolean", order: 8000, subSection: "sqlSyncToGrouperStemSync", regex: "^otherJob\\.([^.]+)\\.sqlSyncToGrouperStemSync$", defaultValue: "false"}
+# otherJob.syncToGrouperFromSqlConfigId.sqlSyncToGrouperStemSync =
+
+# SQL to get folders from database
+# {valueType: "string", formElement: "textarea", order: 9000, subSection: "sqlSyncToGrouperStemSync", regex: "^otherJob\\.([^.]+)\\.sqlSyncToGrouperStemSql$", required: true, showEl: "${sqlSyncToGrouperStemSync && !sqlSyncToGrouperFromAnotherGrouper}"}
+# otherJob.syncToGrouperFromSqlConfigId.sqlSyncToGrouperStemSql =
+
+# Insert folders into Grouper
+# {valueType: "boolean", order: 10000, subSection: "sqlSyncToGrouperStemSync", regex: "^otherJob\\.([^.]+)\\.sqlSyncToGrouperStemInsert$", defaultValue: "false", showEl: "${sqlSyncToGrouperStemSync}"}
+# otherJob.syncToGrouperFromSqlConfigId.sqlSyncToGrouperStemInsert =
+
+# Update folders in Grouper
+# {valueType: "boolean", order: 11000, subSection: "sqlSyncToGrouperStemSync", regex: "^otherJob\\.([^.]+)\\.sqlSyncToGrouperStemUpdate$", defaultValue: "false", showEl: "${sqlSyncToGrouperStemSync}"}
+# otherJob.syncToGrouperFromSqlConfigId.sqlSyncToGrouperStemUpdate =
+
+# Delete folders in Grouper which are in the "folders to sync" which are not in the other database
+# {valueType: "boolean", order: 12000, subSection: "sqlSyncToGrouperStemSync", regex: "^otherJob\\.([^.]+)\\.sqlSyncToGrouperStemDeleteExtra$", defaultValue: "false", showEl: "${sqlSyncToGrouperStemSync}"}
+# otherJob.syncToGrouperFromSqlConfigId.sqlSyncToGrouperStemDeleteExtra =
+
+# Sync folder alternate names from the alternate_name column label
+# {valueType: "boolean", order: 13000, subSection: "sqlSyncToGrouperStemSync", regex: "^otherJob\\.([^.]+)\\.sqlSyncToGrouperStemSyncFieldAlternateName$", defaultValue: "false", showEl: "${sqlSyncToGrouperStemSync && !sqlSyncToGrouperAutoconfigureColumns}"}
+# otherJob.syncToGrouperFromSqlConfigId.sqlSyncToGrouperStemSyncFieldAlternateName =
+
+# Sync folder descriptions from the description column label
+# {valueType: "boolean", order: 14000, subSection: "sqlSyncToGrouperStemSync", regex: "^otherJob\\.([^.]+)\\.sqlSyncToGrouperStemSyncFieldDescription$", defaultValue: "false", showEl: "${sqlSyncToGrouperStemSync && !sqlSyncToGrouperAutoconfigureColumns}"}
+# otherJob.syncToGrouperFromSqlConfigId.sqlSyncToGrouperStemSyncFieldDescription =
+
+# Sync folder display names from the display_name column label
+# {valueType: "boolean", order: 15000, subSection: "sqlSyncToGrouperStemSync", regex: "^otherJob\\.([^.]+)\\.sqlSyncToGrouperStemSyncFieldDisplayName$", defaultValue: "false", showEl: "${sqlSyncToGrouperStemSync && !sqlSyncToGrouperAutoconfigureColumns}"}
+# otherJob.syncToGrouperFromSqlConfigId.sqlSyncToGrouperStemSyncFieldDisplayName =
+
+# Sync folder ID index from the id_index column label
+# {valueType: "boolean", order: 16000, subSection: "sqlSyncToGrouperStemSync", regex: "^otherJob\\.([^.]+)\\.sqlSyncToGrouperStemSyncFieldIdIndexOnInsert$", defaultValue: "false", showEl: "${sqlSyncToGrouperStemSync && !sqlSyncToGrouperAutoconfigureColumns && sqlSyncToGrouperStemInsert}"}
+# otherJob.syncToGrouperFromSqlConfigId.sqlSyncToGrouperStemSyncFieldIdIndexOnInsert =
+
+# Sync folder ID (UUID) from the id column label
+# {valueType: "boolean", order: 17000, subSection: "sqlSyncToGrouperStemSync", regex: "^otherJob\\.([^.]+)\\.sqlSyncToGrouperStemSyncFieldIdOnInsert$", defaultValue: "false", showEl: "${sqlSyncToGrouperStemSync && !sqlSyncToGrouperAutoconfigureColumns && sqlSyncToGrouperStemInsert}"}
+# otherJob.syncToGrouperFromSqlConfigId.sqlSyncToGrouperStemSyncFieldIdOnInsert =
+
+# True to sync groups to Grouper
+# {valueType: "boolean", order: 18000, subSection: "sqlSyncToGrouperGroupSync", regex: "^otherJob\\.([^.]+)\\.sqlSyncToGrouperGroupSync$", defaultValue: "false"}
+# otherJob.syncToGrouperFromSqlConfigId.sqlSyncToGrouperGroupSync =
+
+# SQL to get groups from database
+# {valueType: "string", formElement: "textarea", order: 19000, subSection: "sqlSyncToGrouperGroupSync", regex: "^otherJob\\.([^.]+)\\.sqlSyncToGrouperGroupSql$", required: true, showEl: "${sqlSyncToGrouperGroupSync && !sqlSyncToGrouperFromAnotherGrouper}"}
+# otherJob.syncToGrouperFromSqlConfigId.sqlSyncToGrouperGroupSql =
+
+# Insert groups into Grouper
+# {valueType: "boolean", order: 20000, subSection: "sqlSyncToGrouperGroupSync", regex: "^otherJob\\.([^.]+)\\.sqlSyncToGrouperGroupInsert$", defaultValue: "false", showEl: "${sqlSyncToGrouperGroupSync}"}
+# otherJob.syncToGrouperFromSqlConfigId.sqlSyncToGrouperGroupInsert =
+
+# Update groups in Grouper
+# {valueType: "boolean", order: 21000, subSection: "sqlSyncToGrouperGroupSync", regex: "^otherJob\\.([^.]+)\\.sqlSyncToGrouperGroupUpdate$", defaultValue: "false", showEl: "${sqlSyncToGrouperGroupSync}"}
+# otherJob.syncToGrouperFromSqlConfigId.sqlSyncToGrouperGroupUpdate =
+
+# Delete groups from Grouper
+# {valueType: "boolean", order: 22000, subSection: "sqlSyncToGrouperGroupSync", regex: "^otherJob\\.([^.]+)\\.sqlSyncToGrouperGroupDeleteExtra$", defaultValue: "false", showEl: "${sqlSyncToGrouperGroupSync}"}
+# otherJob.syncToGrouperFromSqlConfigId.sqlSyncToGrouperGroupDeleteExtra =
+
+# Sync group alternate name from the alternate_name column label
+# {valueType: "boolean", order: 23000, subSection: "sqlSyncToGrouperGroupSync", regex: "^otherJob\\.([^.]+)\\.sqlSyncToGrouperGroupSyncFieldAlternateName$", defaultValue: "false", showEl: "${sqlSyncToGrouperGroupSync && !sqlSyncToGrouperAutoconfigureColumns}"}
+# otherJob.syncToGrouperFromSqlConfigId.sqlSyncToGrouperGroupSyncFieldAlternateName =
+
+# Sync group description from the description column label
+# {valueType: "boolean", order: 24000, subSection: "sqlSyncToGrouperGroupSync", regex: "^otherJob\\.([^.]+)\\.sqlSyncToGrouperGroupSyncFieldDescription$", defaultValue: "false", showEl: "${sqlSyncToGrouperGroupSync && !sqlSyncToGrouperAutoconfigureColumns}"}
+# otherJob.syncToGrouperFromSqlConfigId.sqlSyncToGrouperGroupSyncFieldDescription =
+
+# Sync group display name from the display_name column label
+# {valueType: "boolean", order: 25000, subSection: "sqlSyncToGrouperGroupSync", regex: "^otherJob\\.([^.]+)\\.sqlSyncToGrouperGroupSyncFieldDisplayName$", defaultValue: "false", showEl: "${sqlSyncToGrouperGroupSync && !sqlSyncToGrouperAutoconfigureColumns}"}
+# otherJob.syncToGrouperFromSqlConfigId.sqlSyncToGrouperGroupSyncFieldDisplayName =
+
+# Sync group enabled and disabled dates from the disabled_timestamp and enabled_timestamp column label
+# {valueType: "boolean", order: 26000, subSection: "sqlSyncToGrouperGroupSync", regex: "^otherJob\\.([^.]+)\\.sqlSyncToGrouperGroupSyncFieldEnabledDisabled$", defaultValue: "false", showEl: "${sqlSyncToGrouperGroupSync && !sqlSyncToGrouperAutoconfigureColumns}"}
+# otherJob.syncToGrouperFromSqlConfigId.sqlSyncToGrouperGroupSyncFieldEnabledDisabled =
+
+# Sync group ID index from the id_index column label
+# {valueType: "boolean", order: 27000, subSection: "sqlSyncToGrouperGroupSync", regex: "^otherJob\\.([^.]+)\\.sqlSyncToGrouperGroupSyncFieldIdIndexOnInsert$", defaultValue: "false", showEl: "${sqlSyncToGrouperGroupSync && !sqlSyncToGrouperAutoconfigureColumns && sqlSyncToGrouperGroupInsert}"}
+# otherJob.syncToGrouperFromSqlConfigId.sqlSyncToGrouperGroupSyncFieldIdIndexOnInsert =
+
+# Sync group ID from the id column label
+# {valueType: "boolean", order: 28000, subSection: "sqlSyncToGrouperGroupSync", regex: "^otherJob\\.([^.]+)\\.sqlSyncToGrouperGroupSyncFieldIdOnInsert$", defaultValue: "false", showEl: "${sqlSyncToGrouperGroupSync && !sqlSyncToGrouperAutoconfigureColumns && sqlSyncToGrouperGroupInsert}"}
+# otherJob.syncToGrouperFromSqlConfigId.sqlSyncToGrouperGroupSyncFieldIdOnInsert =
+
+# Sync group group type from the type_of_group column label
+# {valueType: "boolean", order: 29000, subSection: "sqlSyncToGrouperGroupSync", regex: "^otherJob\\.([^.]+)\\.sqlSyncToGrouperGroupSyncFieldTypeOfGroup$", defaultValue: "false", showEl: "${sqlSyncToGrouperGroupSync && !sqlSyncToGrouperAutoconfigureColumns}"}
+# otherJob.syncToGrouperFromSqlConfigId.sqlSyncToGrouperGroupSyncFieldTypeOfGroup =
+
+# True to sync composites to Grouper
+# {valueType: "boolean", order: 30000, subSection: "sqlSyncToGrouperCompositeSync", regex: "^otherJob\\.([^.]+)\\.sqlSyncToGrouperCompositeSync$", defaultValue: "false"}
+# otherJob.syncToGrouperFromSqlConfigId.sqlSyncToGrouperCompositeSync =
+
+# SQL to get composites from database
+# {valueType: "string", formElement: "textarea", order: 31000, subSection: "sqlSyncToGrouperCompositeSync", regex: "^otherJob\\.([^.]+)\\.sqlSyncToGrouperCompositeSql$", required: true, showEl: "${sqlSyncToGrouperCompositeSync && !sqlSyncToGrouperFromAnotherGrouper}"}
+# otherJob.syncToGrouperFromSqlConfigId.sqlSyncToGrouperCompositeSql =
+
+# Insert composites into Grouper
+# {valueType: "boolean", order: 32000, subSection: "sqlSyncToGrouperCompositeSync", regex: "^otherJob\\.([^.]+)\\.sqlSyncToGrouperCompositeInsert$", defaultValue: "false", showEl: "${sqlSyncToGrouperCompositeSync}"}
+# otherJob.syncToGrouperFromSqlConfigId.sqlSyncToGrouperCompositeInsert =
+
+# Update composites in Grouper
+# {valueType: "boolean", order: 33000, subSection: "sqlSyncToGrouperCompositeSync", regex: "^otherJob\\.([^.]+)\\.sqlSyncToGrouperCompositeUpdate$", defaultValue: "false", showEl: "${sqlSyncToGrouperCompositeSync}"}
+# otherJob.syncToGrouperFromSqlConfigId.sqlSyncToGrouperCompositeUpdate =
+
+# Delete composites in Grouper which are in the "folders to sync" which are not in the other database
+# {valueType: "boolean", order: 34000, subSection: "sqlSyncToGrouperCompositeSync", regex: "^otherJob\\.([^.]+)\\.sqlSyncToGrouperCompositeDeleteExtra$", defaultValue: "false", showEl: "${sqlSyncToGrouperCompositeSync}"}
+# otherJob.syncToGrouperFromSqlConfigId.sqlSyncToGrouperCompositeDeleteExtra =
+
+# Sync composite ID (UUID) from the id column label
+# {valueType: "boolean", order: 35000, subSection: "sqlSyncToGrouperCompositeSync", regex: "^otherJob\\.([^.]+)\\.sqlSyncToGrouperCompositeSyncFieldIdOnInsert$", defaultValue: "false", showEl: "${sqlSyncToGrouperCompositeSync && !sqlSyncToGrouperAutoconfigureColumns && sqlSyncToGrouperCompositeInsert}"}
+# otherJob.syncToGrouperFromSqlConfigId.sqlSyncToGrouperCompositeSyncFieldIdOnInsert =
+
+# True to sync memberships to Grouper
+# {valueType: "boolean", order: 36000, subSection: "sqlSyncToGrouperMembershipSync", regex: "^otherJob\\.([^.]+)\\.sqlSyncToGrouperMembershipSync$", defaultValue: "false"}
+# otherJob.syncToGrouperFromSqlConfigId.sqlSyncToGrouperMembershipSync =
+
+# SQL to get memberships from database
+# {valueType: "string", formElement: "textarea", order: 37000, subSection: "sqlSyncToGrouperMembershipSync", regex: "^otherJob\\.([^.]+)\\.sqlSyncToGrouperMembershipSql$", required: true, showEl: "${sqlSyncToGrouperMembershipSync && !sqlSyncToGrouperFromAnotherGrouper}"}
+# otherJob.syncToGrouperFromSqlConfigId.sqlSyncToGrouperMembershipSql =
+
+# Insert memberships into Grouper
+# {valueType: "boolean", order: 38000, subSection: "sqlSyncToGrouperMembershipSync", regex: "^otherJob\\.([^.]+)\\.sqlSyncToGrouperMembershipInsert$", defaultValue: "false", showEl: "${sqlSyncToGrouperMembershipSync}"}
+# otherJob.syncToGrouperFromSqlConfigId.sqlSyncToGrouperMembershipInsert =
+
+# Update memberships in Grouper
+# {valueType: "boolean", order: 39000, subSection: "sqlSyncToGrouperMembershipSync", regex: "^otherJob\\.([^.]+)\\.sqlSyncToGrouperMembershipUpdate$", defaultValue: "false", showEl: "${sqlSyncToGrouperMembershipSync}"}
+# otherJob.syncToGrouperFromSqlConfigId.sqlSyncToGrouperMembershipUpdate =
+
+# Delete memberships in Grouper which are in the "memberships to sync" which are not in the other database
+# {valueType: "boolean", order: 40000, subSection: "sqlSyncToGrouperMembershipSync", regex: "^otherJob\\.([^.]+)\\.sqlSyncToGrouperMembershipDeleteExtra$", defaultValue: "false", showEl: "${sqlSyncToGrouperMembershipSync}"}
+# otherJob.syncToGrouperFromSqlConfigId.sqlSyncToGrouperMembershipDeleteExtra =
+
+# Sync membership enabled and disabled times from immediate_mship_disabled_time and immediate_mship_enabled_time column labels
+# {valueType: "boolean", order: 41000, subSection: "sqlSyncToGrouperMembershipSync", regex: "^otherJob\\.([^.]+)\\.sqlSyncToGrouperMembershipSyncFieldsEnabledDisabled$", defaultValue: "false", showEl: "${sqlSyncToGrouperMembershipSync && !sqlSyncToGrouperAutoconfigureColumns}"}
+# otherJob.syncToGrouperFromSqlConfigId.sqlSyncToGrouperMembershipSyncFieldsEnabledDisabled =
+
+# Sync membership ID from the immediate_membership_id column label
+# {valueType: "boolean", order: 42000, subSection: "sqlSyncToGrouperMembershipSync", regex: "^otherJob\\.([^.]+)\\.sqlSyncToGrouperMembershipSyncFieldIdOnInsert$", defaultValue: "false", showEl: "${sqlSyncToGrouperMembershipSync && !sqlSyncToGrouperAutoconfigureColumns && sqlSyncToGrouperMembershipInsert}"}
+# otherJob.syncToGrouperFromSqlConfigId.sqlSyncToGrouperMembershipSyncFieldIdOnInsert =
+
+# True to sync group privileges to Grouper
+# {valueType: "boolean", order: 43000, subSection: "sqlSyncToGrouperPrivilegeGroupSync", regex: "^otherJob\\.([^.]+)\\.sqlSyncToGrouperPrivilegeGroupSync$", defaultValue: "false"}
+# otherJob.syncToGrouperFromSqlConfigId.sqlSyncToGrouperPrivilegeGroupSync =
+
+# SQL to get group privileges from database
+# {valueType: "string", formElement: "textarea", order: 44000, subSection: "sqlSyncToGrouperPrivilegeGroupSync", regex: "^otherJob\\.([^.]+)\\.sqlSyncToGrouperPrivilegeGroupSql$", required: true, showEl: "${sqlSyncToGrouperPrivilegeGroupSync && !sqlSyncToGrouperFromAnotherGrouper}"}
+# otherJob.syncToGrouperFromSqlConfigId.sqlSyncToGrouperPrivilegeGroupSql =
+
+# Insert group privileges into Grouper
+# {valueType: "boolean", order: 45000, subSection: "sqlSyncToGrouperPrivilegeGroupSync", regex: "^otherJob\\.([^.]+)\\.sqlSyncToGrouperPrivilegeGroupInsert$", defaultValue: "false", showEl: "${sqlSyncToGrouperPrivilegeGroupSync}"}
+# otherJob.syncToGrouperFromSqlConfigId.sqlSyncToGrouperPrivilegeGroupInsert =
+
+# Delete group privileges in Grouper which are in the "group privileges to sync" which are not in the other database
+# {valueType: "boolean", order: 46000, subSection: "sqlSyncToGrouperPrivilegeGroupSync", regex: "^otherJob\\.([^.]+)\\.sqlSyncToGrouperPrivilegeGroupDeleteExtra$", defaultValue: "false", showEl: "${sqlSyncToGrouperPrivilegeGroupSync}"}
+# otherJob.syncToGrouperFromSqlConfigId.sqlSyncToGrouperPrivilegeGroupDeleteExtra =
+
+# Sync group privilege ID from the immediate_membership_id column label
+# {valueType: "boolean", order: 47000, subSection: "sqlSyncToGrouperPrivilegeGroupSync", regex: "^otherJob\\.([^.]+)\\.sqlSyncToGrouperPrivilegeGroupSyncFieldIdOnInsert$", defaultValue: "false", showEl: "${sqlSyncToGrouperPrivilegeGroupSync && !sqlSyncToGrouperAutoconfigureColumns && sqlSyncToGrouperPrivilegeGroupInsert}"}
+# otherJob.syncToGrouperFromSqlConfigId.sqlSyncToGrouperPrivilegeGroupSyncFieldIdOnInsert =
+
+# True to sync stem privileges to Grouper
+# {valueType: "boolean", order: 48000, subSection: "sqlSyncToGrouperPrivilegeStemSync", regex: "^otherJob\\.([^.]+)\\.sqlSyncToGrouperPrivilegeStemSync$", defaultValue: "false"}
+# otherJob.syncToGrouperFromSqlConfigId.sqlSyncToGrouperPrivilegeStemSync =
+
+# SQL to get stem privileges from database
+# {valueType: "string", formElement: "textarea", order: 49000, subSection: "sqlSyncToGrouperPrivilegeStemSync", regex: "^otherJob\\.([^.]+)\\.sqlSyncToGrouperPrivilegeStemSql$", required: true, showEl: "${sqlSyncToGrouperPrivilegeStemSync && !sqlSyncToGrouperFromAnotherGrouper}"}
+# otherJob.syncToGrouperFromSqlConfigId.sqlSyncToGrouperPrivilegeStemSql =
+
+# Insert stem privileges into Grouper
+# {valueType: "boolean", order: 50000, subSection: "sqlSyncToGrouperPrivilegeStemSync", regex: "^otherJob\\.([^.]+)\\.sqlSyncToGrouperPrivilegeStemInsert$", defaultValue: "false", showEl: "${sqlSyncToGrouperPrivilegeStemSync}"}
+# otherJob.syncToGrouperFromSqlConfigId.sqlSyncToGrouperPrivilegeStemInsert =
+
+# Delete stem privileges in Grouper which are in the "stem privileges to sync" which are not in the other database
+# {valueType: "boolean", order: 51000, subSection: "sqlSyncToGrouperPrivilegeStemSync", regex: "^otherJob\\.([^.]+)\\.sqlSyncToGrouperPrivilegeStemDeleteExtra$", defaultValue: "false", showEl: "${sqlSyncToGrouperPrivilegeStemSync}"}
+# otherJob.syncToGrouperFromSqlConfigId.sqlSyncToGrouperPrivilegeStemDeleteExtra =
+
+# Sync stem privilege ID from the immediate_membership_id column label
+# {valueType: "boolean", order: 52000, subSection: "sqlSyncToGrouperPrivilegeStemSync", regex: "^otherJob\\.([^.]+)\\.sqlSyncToGrouperPrivilegeStemSyncFieldIdOnInsert$", defaultValue: "false", showEl: "${sqlSyncToGrouperPrivilegeStemSync && !sqlSyncToGrouperAutoconfigureColumns && sqlSyncToGrouperPrivilegeStemInsert}"}
+# otherJob.syncToGrouperFromSqlConfigId.sqlSyncToGrouperPrivilegeStemSyncFieldIdOnInsert =
+
+
+#####################################################
+## LDAP to SQL sync
+#####################################################
+
+
+# Set this class to enable the email notification
+# {valueType: "class", readOnly: true, mustExtendClass: "edu.internet2.middleware.grouper.app.loader.OtherJobBase"}
+# otherJob.ldapToSqlSyncConfigId.class = edu.internet2.middleware.grouper.app.ldapToSql.LdapToSqlSyncDaemon
+
+# Cron string
+# {valueType: "cron", required: true}
+# otherJob.ldapToSqlSyncConfigId.quartzCron = 0 03 5 * * ?
+
+# Sql connection id (of your database external systems) where the data table is
+# {valueType: "string", order: 1000, subSection: "ldapToSqlLdap", regex: "^otherJob\\.([^.]+)\\.ldapSqlLdapConnection$", required: true, formElement: "dropdown", optionValuesFromClass: "edu.internet2.middleware.grouper.app.externalSystem.LdapGrouperExternalSystem"}
+# otherJob.ldapToSqlSyncConfigId.ldapSqlLdapConnection =
+
+# Base DN where LDAP filter should search for records, e.g. (&(employeeID=*)(pwdLastSet=*))
+# {valueType: "string", order: 2000, subSection: "ldapToSqlLdap", regex: "^otherJob\\.([^.]+)\\.ldapSqlBaseDn$", required: true}
+# otherJob.ldapToSqlSyncConfigId.ldapSqlBaseDn =
+
+# Search scope: OBJECT_SCOPE, ONELEVEL_SCOPE, SUBTREE_SCOPE
+# {valueType: "string", order: 3000, subSection: "ldapToSqlLdap", regex: "^otherJob\\.([^.]+)\\.ldapSqlSearchScope$", required: true, formElement: "dropdown", optionValues: ["OBJECT_SCOPE", "ONELEVEL_SCOPE", "SUBTREE_SCOPE"]}
+# otherJob.ldapToSqlSyncConfigId.ldapSqlSearchScope =
+
+# LDAP filter that pulls data back from LDAP
+# {valueType: "string", order: 4000, subSection: "ldapToSqlLdap", regex: "^otherJob\\.([^.]+)\\.ldapSqlFilter$", required: true}
+# otherJob.ldapToSqlSyncConfigId.ldapSqlFilter =
+
+# Comma-separated extra attributes if one column has multiple attributes concatenated used in translations
+# {valueType: "string", order: 5000, subSection: "ldapToSqlLdap", regex: "^otherJob\\.([^.]+)\\.ldapSqlExtraAttributes$"}
+# otherJob.ldapToSqlSyncConfigId.ldapSqlExtraAttributes =
+
+# Sql connection id (of your database external systems) where the data table is
+# {valueType: "string", order: 20000, subSection: "ldapToSqlDatabase", regex: "^otherJob\\.([^.]+)\\.ldapSqlDbConnection$", required: true, formElement: "dropdown", optionValuesFromClass: "edu.internet2.middleware.grouper.app.loader.db.DatabaseGrouperExternalSystem"}
+# otherJob.ldapToSqlSyncConfigId.ldapSqlDbConnection =
+
+# Table name where ldap data should sync to, note you need to prefix the schema if not in the connecting schema
+# {valueType: "string", order: 21000, subSection: "ldapToSqlDatabase", regex: "^otherJob\\.([^.]+)\\.ldapSqlTableName$", required: true}
+# otherJob.ldapToSqlSyncConfigId.ldapSqlTableName =
+
+# If there is another table to hold multi-valued attribute values.
+# {valueType: "boolean", order: 21200, subSection: "ldapToSqlDatabase", regex: "^otherJob\\.([^.]+)\\.ldapSqlHasMultiValuedTable$", defaultValue: "false"}
+# otherJob.ldapToSqlSyncConfigId.ldapSqlHasMultiValuedTable =
+
+# Table name of table to hold multi-valued attribute values. The table must have three columns: ldap_id, attribute_name, attribute_value
+# {valueType: "string", order: 21200, subSection: "ldapToSqlDatabase", regex: "^otherJob\\.([^.]+)\\.ldapSqlMultiValuedTableName$", required: true, showEl: "${ldapSqlHasMultiValuedTable}"}
+# otherJob.ldapToSqlSyncConfigId.ldapSqlMultiValuedTableName =
+
+# Which column in the main table uniquely identifies each result from the LDAP filter. You could use DN or another unique identifier.
+# {valueType: "string", order: 21400, subSection: "ldapToSqlDatabase", regex: "^otherJob\\.([^.]+)\\.ldapSqlIdColumn$", required: true, showEl: "${ldapSqlHasMultiValuedTable}"}
+# otherJob.ldapToSqlSyncConfigId.ldapSqlIdColumn =
+
+# Which attributes should be stored in the multi-valued attribute table
+# {valueType: "string", order: 21600, subSection: "ldapToSqlDatabase", regex: "^otherJob\\.([^.]+)\\.ldapSqlMultiValuedAttributes$", required: true, showEl: "${ldapSqlHasMultiValuedTable}"}
+# otherJob.ldapToSqlSyncConfigId.ldapSqlMultiValuedAttributes =
+
+# Number of attributes and columns
+# {valueType: "string", order: 22000, subSection: "ldapToSqlDatabase", regex: "^otherJob\\.([^.]+)\\.ldapSqlNumberOfAttributes$", required: true, formElement: "dropdown", optionValues: ["1", "2", "3", "4", "5", "6", "7", "8", "9", "10", "11", "12", "13", "14", "15", "16", "17", "18", "19", "20", "21", "22", "23", "24", "25", "26", "27", "28", "29", "30"]}
+# otherJob.ldapToSqlSyncConfigId.ldapSqlNumberOfAttributes =
+
+# Name of SQL column or use
+# {valueType: "string", order: 30000, required: true, showEl: "${ldapSqlNumberOfAttributes > $i$}", repeatGroup: "ldapToSqlAttribute", repeatCount: 30}
+# otherJob.ldapToSqlSyncConfigId.ldapSqlAttribute.$i$.sqlColumn =
+
+# If this SQL value direct from LDAP or is it translated
+# {valueType: "string", showEl: "${ldapSqlNumberOfAttributes > $i$}", repeatGroup: "ldapToSqlAttribute", repeatCount: 30, required: true, formElement: "dropdown", optionValues: ["ldapAttribute", "translation"]}
+# otherJob.ldapToSqlSyncConfigId.ldapSqlAttribute.$i$.ldapTranslationType =
+
+# Name of LDAP attribute or use dn for the distinguishedName. If the attribute is multi-valued, then there should only be two columns, a single-valued attribute and a multi-valued attribute
+# {valueType: "string", showEl: "${ldapSqlNumberOfAttributes > $i$ && ldapSqlAttribute.$i$.ldapTranslationType == 'ldapAttribute'}", required: true, repeatGroup: "ldapToSqlAttribute", repeatCount: 30}
+# otherJob.ldapToSqlSyncConfigId.ldapSqlAttribute.$i$.ldapName =
+
+# Enter a translation if there is no ldap attribute or if it needs to be adjusted. "dn" is a variable, and ldapAttribute__<attributename> (attribute name is lower case).
+# All attributes and extraAttributes can be used. loaderLdapElUtils can be used, and ldapLookup. e.g. ${ldapAttribute__lastname + ", + ldapAttribute__firstname}
+# {valueType: "string", showEl: "${ldapSqlNumberOfAttributes > $i$ && ldapSqlAttribute.$i$.ldapTranslationType == 'translation'}", required: true, repeatGroup: "ldapToSqlAttribute", repeatCount: 30}
+# otherJob.ldapToSqlSyncConfigId.ldapSqlAttribute.$i$.translation =
+
+# If this is the unique or one column in a composite key
+# {valueType: "boolean", defaultValue: "false", showEl: "${ldapSqlNumberOfAttributes > $i$}", repeatGroup: "ldapToSqlAttribute", repeatCount: 30}
+# otherJob.ldapToSqlSyncConfigId.ldapSqlAttribute.$i$.uniqueKey =
+
+
+#####################################################
+## Script daemons
+## "scriptDaemonConfigKey" is the key of the config, change that for your script daemon
+#####################################################
+
+# set this to enable the script daemon
+# {valueType: "class", readOnly: true, mustExtendClass: "edu.internet2.middleware.grouper.app.loader.OtherJobBase"}
+# otherJob.scriptDaemonConfigKey.class = edu.internet2.middleware.grouper.app.loader.OtherJobScript
+
+# cron string
+# {valueType: "cron", required: true}
+# otherJob.scriptDaemonConfigKey.quartzCron = 0 38 6 * * ?
+
+# script type. note: in SQL you should commit after DML commands.
+# {valueType: "string", required: true, regex: "^otherJob\\.([^.]+)\\.scriptType$", formElement: "dropdown", optionValues: ["gsh", "sql"]}
+# otherJob.scriptDaemonConfigKey.scriptType =
+
+# file type, you can run a script in config, or run a file in your container
+# {valueType: "string", required: true, regex: "^otherJob\\.([^.]+)\\.fileType$", formElement: "dropdown", optionValues: ["script", "file"]}
+# otherJob.scriptDaemonConfigKey.fileType =
+
+# source of script
+# {valueType: "string", required: true, regex: "^otherJob\\.([^.]+)\\.scriptSource$", formElement: "textarea", showEl: "${fileType == 'script'}"}
+# otherJob.scriptDaemonConfigKey.scriptSource =
+
+# file name in container to run
+# {valueType: "string", required: true, regex: "^otherJob\\.([^.]+)\\.fileName$", showEl: "${fileType == 'file'}"}
+# otherJob.scriptDaemonConfigKey.fileName =
+
+# if SQL this is the connection name to use
+# {valueType: "string", regex: "^otherJob\\.([^.]+)\\.connectionName$", showEl: "${scriptType == 'sql'}", formElement: "dropdown", optionValuesFromClass: "edu.internet2.middleware.grouper.app.loader.db.DatabaseGrouperExternalSystem"}
+# otherJob.scriptDaemonConfigKey.connectionName =
+
+# if this is a lightweight script, i.e. not as many imports
+# {valueType: "boolean", regex: "^otherJob\\.([^.]+)\\.lightWeight$", showEl: "${scriptType == 'gsh'}", defaultValue: "false"}
+# otherJob.scriptDaemonConfigKey.lightWeight =
+
+
+#####################################################
+## CSV file sftp
+## "csvJobId" is the key of the config, change that for your csv file job
+#####################################################
+
+
+# set this to enable the report
+# {valueType: "class", readOnly: true, mustExtendClass: "edu.internet2.middleware.grouper.app.loader.OtherJobBase"}
+# otherJob.csvJobId.class = edu.internet2.middleware.grouper.app.reports.GrouperCsvReportJob
+
+# cron string
+# {valueType: "cron", required: true}
+# otherJob.csvJobId.quartzCron = 0 21 7 * * ?
+
+# query to run
+# {valueType: "string", regex: "^otherJob\\.([^.]+)\\.csvReport\\.query$"}
+# otherJob.csvJobId.csvReport.query = select USER_ID, USER_NAME, EMAIL_ADDRESS, AUTH_TYPE, TITLE, DEPARTMENT, CUSTOM_STRING, DAY_PASS, CUSTOM_STRING2, GROUPS from some_view
+
+# database to hit
+# {valueType: "string", regex: "^otherJob\\.([^.]+)\\.csvReport\\.database$"}
+# otherJob.csvJobId.csvReport.database = pennCommunity
+
+# remove underscores and capitalize headers, go from USER_NAME to UserName
+# {valueType: "string", regex: "^otherJob\\.([^.]+)\\.csvReport\\.removeUnderscoresAndCapitalizeHeaders$"}
+# otherJob.csvJobId.csvReport.removeUnderscoresAndCapitalizeHeaders = false
+
+# fileName, e.g. myFile.csv or /opt/whatever/myFile.csv. If blank will create a name
+# {valueType: "string", regex: "^otherJob\\.([^.]+)\\.csvReport\\.database$"}
+# otherJob.csvJobId.csvReport.fileName = MyFile.csv
+
+# sftp config id (from grouper.properties) if sftp'ing this file somewhere, otherwise blank
+# https://spaces.at.internet2.edu/display/Grouper/Grouper+Sftp+files
+# {valueType: "string", regex: "^otherJob\\.([^.]+)\\.csvReport\\.sftp\\.configId$"}
+# otherJob.csvJobId.csvReport.sftp.configId = someSftpServer
+
+# remote file to sftp to if sftp'ing
+# {valueType: "string", regex: "^otherJob\\.([^.]+)\\.csvReport\\.sftp\\.fileNameRemote$"}
+# otherJob.csvJobId.csvReport.sftp.fileNameRemote = /data01/whatever/MyFile.csv
+
+# if the file should be deleted from the grouper daemon server after sending it
+# {valueType: "boolean", regex: "^otherJob\\.([^.]+)\\.csvReport\\.deleteFile$"}
+# otherJob.csvJobId.csvReport.deleteFile = true
+
+#####################################################
+## sftp delimited file and sync to SQL table
+## "sftpToSqlJobId" is the key of the config, change that for your csv file job
+#####################################################
+
+# set this to enable the report
+# {valueType: "class", readOnly: true, mustExtendClass: "edu.internet2.middleware.grouper.app.loader.OtherJobBase"}
+# otherJob.sftpToSqlJobId.class = edu.internet2.middleware.grouper.app.sqlSync.GrouperSftpToSqlJob
+
+# cron string
+# {valueType: "cron", required: true}
+# otherJob.sftpToSqlJobId.quartzCron =
+
+# sftp config id (from grouper.properties) if sftp'ing this file somewhere, otherwise blank
+# https://spaces.at.internet2.edu/display/Grouper/Grouper+Sftp+files
+# {valueType: "string", regex: "^otherJob\\.([^.]+)\\.sftpToSql\\.sftp\\.configId$", required: true, formElement: "dropdown", optionValuesFromClass: "edu.internet2.middleware.grouper.app.file.SftpGrouperExternalSystem"}
+# otherJob.sftpToSqlJobId.sftpToSql.sftp.configId =
+
+# remote file to sftp to if sftp'ing, e.g. /data01/whatever/MyFile.csv
+# {valueType: "string", regex: "^otherJob\\.([^.]+)\\.sftpToSql\\.sftp\\.fileNameRemote$", required: true}
+# otherJob.sftpToSqlJobId.sftpToSql.sftp.fileNameRemote =
+
+# if it should be an error if the remote file doesnt exist
+# {valueType: "boolean", regex: "^otherJob\\.([^.]+)\\.sftpToSql\\.ignoreIfRemoteFileDoesNotExist$", defaultValue: "false"}
+# otherJob.sftpToSqlJobId.sftpToSql.errorIfRemoteFileDoesNotExist =
+
+# if the file should be deleted from the grouper daemon server after sending it
+# {valueType: "boolean", regex: "^otherJob\\.([^.]+)\\.sftpToSql\\.deleteFile$", defaultValue: "false"}
+# otherJob.sftpToSqlJobId.sftpToSql.deleteFile =
+
+# database external system config id to hit, default to "grouper"
+# {valueType: "string", regex: "^otherJob\\.([^.]+)\\.sftpToSql\\.database$", formElement: "dropdown", optionValuesFromClass: "edu.internet2.middleware.grouper.app.loader.db.DatabaseGrouperExternalSystem"}
+# otherJob.sftpToSqlJobId.sftpToSql.database =
+
+# table to sql to, e.g. some_table. or you can qualify by schema: some_schema.another_table
+# {valueType: "string", regex: "^otherJob\\.([^.]+)\\.sftpToSql\\.table$", required: true}
+# otherJob.sftpToSqlJobId.sftpToSql.table =
+
+# comma separated columns to sync to, e.g. col1, col2, col3
+# {valueType: "string", regex: "^otherJob\\.([^.]+)\\.sftpToSql\\.columns$", required: true}
+# otherJob.sftpToSqlJobId.sftpToSql.columns =
+
+# comma separated primary key columns, e.g. col1
+# {valueType: "string", regex: "^otherJob\\.([^.]+)\\.sftpToSql\\.columnsPrimaryKey$", required: true}
+# otherJob.sftpToSqlJobId.sftpToSql.columnsPrimaryKey =
+
+# if there is a header row
+# {valueType: "boolean", regex: "^otherJob\\.([^.]+)\\.sftpToSql\\.hasHeaderRow$", defaultValue: "false"}
+# otherJob.sftpToSqlJobId.sftpToSql.hasHeaderRow =
+
+# separator in file
+# {valueType: "string", regex: "^otherJob\\.([^.]+)\\.sftpToSql\\.separator$", required: true}
+# otherJob.sftpToSqlJobId.sftpToSql.separator =
+
+# escaped separator (cannot contain separator)
+# {valueType: "string", regex: "^otherJob\\.([^.]+)\\.sftpToSql\\.escapedSeparator$"}
+# otherJob.sftpToSqlJobId.sftpToSql.escapedSeparator =
+
+
+
+############################
+## Incremental loader jobs
+############################
+
+# incremental loader job class
+# {valueType: "class", readOnly: true, mustExtendClass: "edu.internet2.middleware.grouper.app.loader.GrouperLoaderIncrementalJob"}
+# otherJob.incrementalLoader1.class = edu.internet2.middleware.grouper.app.loader.GrouperLoaderIncrementalJob
+
+# incremental loader job cron
+# {valueType: "cron", required: true}
+# otherJob.incrementalLoader1.quartzCron = 0 * * * * ?
+
+# incremental loader job database name
+# {valueType: "string", regex: "^otherJob.([^.]+).databaseName$"}
+# otherJob.incrementalLoader1.databaseName=warehouse
+
+# incremental loader job table name
+# {valueType: "string", regex: "^otherJob.([^.]+).tableName$"}
+# otherJob.incrementalLoader1.tableName=myincrementaltable
+
+# incremental loader full sync threshold
+# If there are more than this many changes for a single loader job, then invoke the full sync instead. This could improve performance but also handle fail safe which isn't part of the incremental sync.
+# {valueType: "integer", regex: "^otherJob.([^.]+).fullSyncThreshold$"}
+# otherJob.incrementalLoader1.fullSyncThreshold=100
+
+# whether subject lookups in the data source should be case insensitive. only applicable for sql loader jobs. note, if true, for some databases (e.g. oracle), you may need a function based index in your data source for the function "lower" for better performance
+# {valueType: "boolean", regex: "^otherJob.([^.]+).caseInsensitiveSubjectLookupsInDataSource$"}
+# otherJob.incrementalLoader1.caseInsensitiveSubjectLookupsInDataSource=false
+
+
+#############
+## Quartz settings
+#############
+
+# quartz schedule instance name
+# {valueType: "string", required: true}
+org.quartz.scheduler.instanceName = DefaultQuartzScheduler
+
+# quartz scheduler instnace id
+# {valueType: "string", required: true}
+org.quartz.scheduler.instanceId = AUTO
+
+# quartz scheduler rmi export
+# {valueType: "boolean", required: true}
+org.quartz.scheduler.rmi.export = false
+
+# quartz scheduler rmi proxy
+# {valueType: "boolean", required: true}
+org.quartz.scheduler.rmi.proxy = false
+
+# quartz scheduler wrap job executiong transaction
+# {valueType: "boolean", required: true}
+org.quartz.scheduler.wrapJobExecutionInUserTransaction = false
+
+# quartz scheduler thread pool class
+# {valueType: "class", required: true, mustImplementInterface: "org.quartz.spi.ThreadPool"}
+org.quartz.threadPool.class = org.quartz.simpl.SimpleThreadPool
+
+# quartz scheduler thread count
+# {valueType: "integer", required: true}
+org.quartz.threadPool.threadCount = 10
+
+# quartz scheduler thread priority
+# {valueType: "integer", required: true}
+org.quartz.threadPool.threadPriority = 5
+
+# quartz scheduler threads inherit context class
+# {valueType: "boolean", required: true}
+org.quartz.threadPool.threadsInheritContextClassLoaderOfInitializingThread = true
+
+# quartz scheduler misfire threshold
+# {valueType: "integer", required: true}
+org.quartz.jobStore.misfireThreshold = 60000
+
+# quartz scheduler jobstore class
+# {valueType: "class", required: true, mustImplementInterface: "org.quartz.spi.JobStore"}
+org.quartz.jobStore.class = org.quartz.impl.jdbcjobstore.JobStoreTX
+
+# quartz scheduler data source
+# {valueType: "string"}
+org.quartz.jobStore.dataSource = myDS
+
+# quartz scheduler table prefix
+# {valueType: "string"}
+org.quartz.jobStore.tablePrefix = grouper_QZ_
+
+# quartz scheduler is clustered
+# {valueType: "boolean", required: true}
+org.quartz.jobStore.isClustered = true
+
+# quartz scheduler check in interval
+# {valueType: "integer", required: true}
+org.quartz.jobStore.clusterCheckinInterval = 20000
+
+# automatically determined but can override
+# {valueType: "class"}
+org.quartz.jobStore.driverDelegateClass =
+
+# get connections from grouper's database pool
+# {valueType: "class"}
+org.quartz.dataSource.myDS.connectionProvider.class = edu.internet2.middleware.grouper.app.loader.GrouperQuartzConnectionProvider
+
+# Quartz seems to have issues where sometimes a job is running twice at the same time, usually after a misfire.
+# We have our own check to make sure jobs don't overlap based on data in the grouper_loader_log table if a job's status is STARTED.
+# However, if the daemon is killed, it may be stuck on the STARTED state until the row is deleted. So we'll consider a job's
+# STARTED state to be invalid if it hasn't been updated in the number of seconds below.
+# {valueType: "integer", required: true}
+loader.assumeJobKilledIfNoUpdateInSeconds=300
+
+#############
+## Provisioning and sync settings
+#############
+
+# delete metadata information about things not provisioned anymore and removed from target (default 1 week)
+# {valueType: "integer"}
+grouper.provisioning.removeSyncRowsAfterSecondsOutOfTarget = 604800
+
+# If there are this number of memberships or more for a single provisionable group, then perform a "group sync" instead of the individual operations instead, for efficiency
+# {valueType: "integer", defaultValue: "500"}
+provisionerDefault.membershipsConvertToGroupSyncThreshold =
+
+# If there are this number of memberships or more for a single provisionable group, then perform a "group sync" instead of the individual operations instead, for efficiency
+# {valueType: "integer", defaultValue: "500"}
+provisionerDefault.membershipsConvertToGroupSyncThreshold =
+
+# In incremental processing, each provisionable group/entity to sync memberships counts as 10,
+# each provisionable membership to sync counts as 1. If the total score is more than this number,
+# it will convert the incrementals to a a full sync. e.g. 10000 individual memberships to sync
+# (and not more than 500 in a single group), or 1000 groups to sync, or a combination.
+# -1 means do not convert to full sync. This is an overridable default. Each provisioner can override.
+# {valueType: "integer", defaultValue: "10000"}
+provisionerDefault.scoreConvertToFullSyncThreshold =
+
+# Remove sync log rows after a certain number of days
+# {valueType: "integer"}
+grouper.provisioning.removeSyncLogRowsAfterDays = 7
+
+
+#######################################
+## common provisioner settings
+#######################################
+
+# start with
+# {valueType: "string", required: false, readOnly: true, order: 10}
+# provisioner.genericProvisioner.startWith = this is start with read only
+
+# have entity attributes that are not in the subject source?
+# {valueType: "boolean", order: 402, defaultValue: "false", subSection: "entityAttributes"}
+# provisioner.genericProvisioner.entityResolver.entityAttributesNotInSubjectSource =
+
+# Resolve attributes with SQL
+# {valueType: "boolean", order: 404, defaultValue: "false", subSection: "entityAttributes", showEl: "${entityResolver.entityAttributesNotInSubjectSource}"}
+# provisioner.genericProvisioner.entityResolver.resolveAttributesWithSQL =
+
+# Use global SQL resolver
+# {valueType: "boolean", order: 406, indent: 1, defaultValue: "false", subSection: "entityAttributes", showEl: "${entityResolver.entityAttributesNotInSubjectSource && entityResolver.resolveAttributesWithSQL}"}
+# provisioner.genericProvisioner.entityResolver.useGlobalSQLResolver =
+
+# Global SQL resolver
+# {valueType: "string", order: 408, indent: 2, required: true, subSection: "entityAttributes", showEl: "${entityResolver.entityAttributesNotInSubjectSource && entityResolver.resolveAttributesWithSQL && entityResolver.useGlobalSQLResolver}", formElement: "dropdown", optionValuesFromClass: "edu.internet2.middleware.grouper.attr.resolver.SqlGlobalAttributeResolverOptionValueDriver"}
+# provisioner.genericProvisioner.entityResolver.globalSQLResolver =
+
+# SQL config id
+# {valueType: "string", order: 410, indent: 1, required: true, subSection: "entityAttributes", showEl: "${entityResolver.entityAttributesNotInSubjectSource && entityResolver.resolveAttributesWithSQL && !entityResolver.useGlobalSQLResolver}", formElement: "dropdown", optionValuesFromClass: "edu.internet2.middleware.grouper.app.loader.db.DatabaseGrouperExternalSystem"}
+# provisioner.genericProvisioner.entityResolver.sqlConfigId =
+
+# Table or view name
+# {valueType: "string", order: 412, indent: 1, required: true, subSection: "entityAttributes", showEl: "${entityResolver.entityAttributesNotInSubjectSource && entityResolver.resolveAttributesWithSQL && !entityResolver.useGlobalSQLResolver}"}
+# provisioner.genericProvisioner.entityResolver.tableOrViewName =
+
+# Comma separated column names from the entity attributes table that need to be added as attributes in the target system
+# {valueType: "string", order: 413, indent: 1, required: true, subSection: "entityAttributes", showEl: "${entityResolver.entityAttributesNotInSubjectSource && entityResolver.resolveAttributesWithSQL && !entityResolver.useGlobalSQLResolver}"}
+# provisioner.genericProvisioner.entityResolver.columnNames =
+
+# Subject source id column
+# {valueType: "string", order: 414, indent: 1, subSection: "entityAttributes", showEl: "${entityResolver.entityAttributesNotInSubjectSource && entityResolver.resolveAttributesWithSQL && !entityResolver.useGlobalSQLResolver}", formElement: "dropdown", optionValuesFromClass: "edu.internet2.middleware.subject.provider.SourceManagerOptionValueDriver"}
+# provisioner.genericProvisioner.entityResolver.subjectSourceIdColumn =
+
+# Subject search / matching column
+# {valueType: "string", order: 416, indent: 1, required: true, subSection: "entityAttributes", showEl: "${entityResolver.entityAttributesNotInSubjectSource && entityResolver.resolveAttributesWithSQL && !entityResolver.useGlobalSQLResolver}"}
+# provisioner.genericProvisioner.entityResolver.subjectSearchMatchingColumn =
+
+# SQL mapping type
+# {valueType: "string", order: 418, indent: 1, required: true, subSection: "entityAttributes", showEl: "${entityResolver.entityAttributesNotInSubjectSource && entityResolver.resolveAttributesWithSQL && !entityResolver.useGlobalSQLResolver}", formElement: "dropdown", optionValues: ["entityAttribute", "translation"]}
+# provisioner.genericProvisioner.entityResolver.sqlMappingType =
+
+# SQL mapping entity attribute
+# {valueType: "string", order: 420, indent: 1, required: true, subSection: "entityAttributes", showEl: "${entityResolver.entityAttributesNotInSubjectSource && entityResolver.resolveAttributesWithSQL && !entityResolver.useGlobalSQLResolver && sqlMappingType == 'entityAttribute' }", formElement: "dropdown", optionValues: ['subjectId', 'subjectIdentifer0']}
+# provisioner.genericProvisioner.entityResolver.sqlMappingEntityAttribute =
+
+# SQL mapping expression
+# {valueType: "string", order: 422, indent: 1, required: true, subSection: "entityAttributes", showEl: "${entityResolver.entityAttributesNotInSubjectSource && entityResolver.resolveAttributesWithSQL && !entityResolver.useGlobalSQLResolver && sqlMappingType == 'translation' }"}
+# provisioner.genericProvisioner.entityResolver.sqlMappingExpression =
+
+# Last updated column
+# {valueType: "string", order: 424, indent: 1, subSection: "entityAttributes", showEl: "${entityResolver.entityAttributesNotInSubjectSource && entityResolver.resolveAttributesWithSQL && !entityResolver.useGlobalSQLResolver}"}
+# provisioner.genericProvisioner.entityResolver.lastUpdatedColumn =
+
+# Last updated type
+# {valueType: "string", order: 426, indent: 1, subSection: "entityAttributes", showEl: "${entityResolver.entityAttributesNotInSubjectSource && entityResolver.resolveAttributesWithSQL && !entityResolver.useGlobalSQLResolver}", formElement: "dropdown", optionValues: ["timestamp", "millisSince1970"]}
+# provisioner.genericProvisioner.entityResolver.lastUpdatedType =
+
+# Select all SQL on full
+# {valueType: "boolean", order: 428, indent: 1, defaultValue: "true", subSection: "entityAttributes", showEl: "${entityResolver.entityAttributesNotInSubjectSource && entityResolver.resolveAttributesWithSQL}"}
+# provisioner.genericProvisioner.entityResolver.selectAllSQLOnFull =
+
+# Resolve attributes with LDAP
+# {valueType: "boolean", order: 430, defaultValue: "false", subSection: "entityAttributes", showEl: "${entityResolver.entityAttributesNotInSubjectSource}"}
+# provisioner.genericProvisioner.entityResolver.resolveAttributesWithLDAP =
+
+# Use global LDAP resolver
+# {valueType: "boolean", order: 432, indent: 1, defaultValue: "false", subSection: "entityAttributes", showEl: "${entityResolver.entityAttributesNotInSubjectSource && entityResolver.resolveAttributesWithLDAP}"}
+# provisioner.genericProvisioner.entityResolver.useGlobalLDAPResolver =
+
+# Global LDAP resolver
+# {valueType: "string", order: 434, indent: 1, required: true, subSection: "entityAttributes", showEl: "${entityResolver.entityAttributesNotInSubjectSource && entityResolver.resolveAttributesWithLDAP && entityResolver.useGlobalLDAPResolver}", formElement: "dropdown", optionValuesFromClass: "edu.internet2.middleware.grouper.attr.resolver.LdapGlobalAttributeResolverOptionValueDriver"}
+# provisioner.genericProvisioner.entityResolver.globalLDAPResolver =
+
+# LDAP config id
+# {valueType: "string", order: 436, indent: 1, required: true, subSection: "entityAttributes", showEl: "${entityResolver.entityAttributesNotInSubjectSource && entityResolver.resolveAttributesWithLDAP && !entityResolver.useGlobalLDAPResolver}", formElement: "dropdown", optionValuesFromClass: "edu.internet2.middleware.grouper.app.externalSystem.LdapGrouperExternalSystem"}
+# provisioner.genericProvisioner.entityResolver.ldapConfigId =
+
+# Base DN
+# {valueType: "string", order: 438, indent: 1, required: true, subSection: "entityAttributes", showEl: "${entityResolver.entityAttributesNotInSubjectSource && entityResolver.resolveAttributesWithLDAP && !entityResolver.useGlobalLDAPResolver}"}
+# provisioner.genericProvisioner.entityResolver.baseDN =
+
+# Subject source id of subjects
+# {valueType: "string", order: 439, indent: 1, subSection: "entityAttributes", showEl: "${entityResolver.entityAttributesNotInSubjectSource && entityResolver.resolveAttributesWithLDAP && !entityResolver.useGlobalLDAPResolver}", formElement: "dropdown", optionValuesFromClass: "edu.internet2.middleware.subject.provider.SourceManagerOptionValueDriver"}
+# provisioner.genericProvisioner.entityResolver.subjectSourceId =
+
+# Search scope
+# {valueType: "string", order: 440, indent: 1, required: true, subSection: "entityAttributes", showEl: "${entityResolver.entityAttributesNotInSubjectSource && entityResolver.resolveAttributesWithLDAP && !entityResolver.useGlobalLDAPResolver}", formElement: "dropdown", optionValues: ['ONELEVEL_SCOPE', 'SUBTREE_SCOPE']}
+# provisioner.genericProvisioner.entityResolver.searchScope =
+
+# Filter part
+# {valueType: "string", order: 442, indent: 1, subSection: "entityAttributes", showEl: "${entityResolver.entityAttributesNotInSubjectSource && entityResolver.resolveAttributesWithLDAP && !entityResolver.useGlobalLDAPResolver}"}
+# provisioner.genericProvisioner.entityResolver.filterPart =
+
+# Attributes
+# {valueType: "string", order: 444, indent: 1, required: true, subSection: "entityAttributes", showEl: "${entityResolver.entityAttributesNotInSubjectSource && entityResolver.resolveAttributesWithLDAP && !entityResolver.useGlobalLDAPResolver}"}
+# provisioner.genericProvisioner.entityResolver.attributes =
+
+# Attributes
+# {valueType: "string", order: 444, indent: 1, subSection: "entityAttributes", showEl: "${entityResolver.entityAttributesNotInSubjectSource && entityResolver.resolveAttributesWithLDAP && !entityResolver.useGlobalLDAPResolver}"}
+# provisioner.genericProvisioner.entityResolverr.multiValuedLdapAttributes =
+
+# LDAP matching / search attribute
+# {valueType: "string", order: 446, indent: 1, required: true, subSection: "entityAttributes", showEl: "${entityResolver.entityAttributesNotInSubjectSource && entityResolver.resolveAttributesWithLDAP && !entityResolver.useGlobalLDAPResolver}"}
+# provisioner.genericProvisioner.entityResolver.ldapMatchingSearchAttribute =
+
+# LDAP mapping type
+# {valueType: "string", order: 448, indent: 1, required: true, subSection: "entityAttributes", showEl: "${entityResolver.entityAttributesNotInSubjectSource && entityResolver.resolveAttributesWithLDAP && !entityResolver.useGlobalLDAPResolver}", formElement: "dropdown", optionValues: ["entityAttribute", "translation"]}
+# provisioner.genericProvisione.entityResolverr.ldapMappingType =
+
+# LDAP mapping entity attribute
+# {valueType: "string", order: 450, indent: 1, required: true, subSection: "entityAttributes", showEl: "${entityResolver.entityAttributesNotInSubjectSource && entityResolver.resolveAttributesWithLDAP && !entityResolver.useGlobalLDAPResolver && entityResolver.ldapMappingType == 'entityAttribute'}", formElement: "dropdown", optionValues: ['subjectId', 'subjectIdentifier0']}
+# provisioner.genericProvisioner.entityResolver.ldapMappingEntityAttribute =
+
+# LDAP matching expression
+# {valueType: "string", order: 452, indent: 1, required: true, subSection: "entityAttributes", showEl: "${entityResolver.entityAttributesNotInSubjectSource && entityResolver.resolveAttributesWithLDAP && !entityResolver.useGlobalLDAPResolver && entityResolver.ldapMappingType == 'translation'}"}
+# provisioner.genericProvisioner.entityResolver.ldapMatchingExpression =
+
+# Filter all LDAP on full
+# {valueType: "boolean", order: 454, indent: 1, defaultValue: "true", subSection: "entityAttributes", showEl: "${entityResolver.entityAttributesNotInSubjectSource && entityResolver.resolveAttributesWithLDAP}"}
+# provisioner.genericProvisioner.entityResolver.filterAllLDAPOnFull =
+
+# Last updated attribute
+# {valueType: "string", order: 456, indent: 1, subSection: "entityAttributes", showEl: "${entityResolver.entityAttributesNotInSubjectSource && entityResolver.resolveAttributesWithLDAP && !entityResolver.useGlobalLDAPResolver}"}
+# provisioner.genericProvisioner.entityResolver.lastUpdatedAttribute =
+
+# LDAP last updated format
+# {valueType: "string", order: 458, indent: 1, subSection: "entityAttributes", showEl: "${entityResolver.entityAttributesNotInSubjectSource && entityResolver.resolveAttributesWithLDAP && !entityResolver.useGlobalLDAPResolver}", formElement: "dropdown", optionValues: ["default", "activeDirectory"]}
+# provisioner.genericProvisioner.entityResolver.lastUpdatedFormat =
+
+
+# Operate on grouper memberships
+# {valueType: "boolean", order: 500, defaultValue: "false", subSection: "membership"}
+# provisioner.genericProvisioner.operateOnGrouperMemberships =
+
+# groupAttributes: group ldap object has attribute to hold memberships.
+# entityAttributes: user ldap object has attribute to hold memberships
+# {valueType: "string", required: true, order: 1000, subSection: "membership", showEl: "${operateOnGrouperMemberships}", formElement: "dropdown", optionValues: ["groupAttributes", "entityAttributes", "membershipObjects"]}
+# provisioner.genericProvisioner.provisioningType =
+
+# If CRUD should be customized, otherwise SELECT INSERT DELETE_IF_GROUPER_CREATED_THEN_DELETED
+# {valueType: "boolean", order: 1250, defaultValue: "false", subSection: "membership", showEl: "${operateOnGrouperMemberships}"}
+# provisioner.genericProvisioner.customizeMembershipCrud =
+
+# Select memberships
+# {valueType: "boolean", order: 1500, indent: 1, defaultValue: "true", subSection: "membership", showEl: "${operateOnGrouperMemberships && customizeMembershipCrud}"}
+# provisioner.genericProvisioner.selectMemberships =
+
+# Insert memberships
+# {valueType: "boolean", order: 2500, indent: 1, defaultValue: "true", subSection: "membership", showEl: "${operateOnGrouperMemberships && customizeMembershipCrud}"}
+# provisioner.genericProvisioner.insertMemberships =
+
+# Replace memberships
+# {valueType: "boolean", order: 2550, indent: 1, defaultValue: "false", subSection: "membership", showEl: "${operateOnGrouperMemberships && customizeMembershipCrud}"}
+# provisioner.genericProvisioner.replaceMemberships =
+
+# Delete memberships
+# {valueType: "boolean", order: 3500, indent: 1, defaultValue: "true", subSection: "membership", showEl: "${operateOnGrouperMemberships && customizeMembershipCrud}"}
+# provisioner.genericProvisioner.deleteMemberships =
+
+# Delete memberships if not exist in grouper
+# {valueType: "boolean", order: 4500, indent: 2, defaultValue: "false", subSection: "membership", showEl: "${operateOnGrouperMemberships && customizeMembershipCrud && deleteMemberships}"}
+# provisioner.genericProvisioner.deleteMembershipsIfNotExistInGrouper =
+
+# Delete memberships only in tracked groups
+# {valueType: "boolean", order: 4600, indent: 2, defaultValue: "true", subSection: "membership", showEl: "${operateOnGrouperMemberships && customizeMembershipCrud && deleteMemberships && deleteMembershipsIfNotExistInGrouper}"}
+# provisioner.genericProvisioner.deleteMembershipsOnlyInTrackedGroups =
+
+# Delete memberships if deleted in grouper
+# {valueType: "boolean", order: 5500, indent: 2, defaultValue: "false", subSection: "membership", showEl: "${operateOnGrouperMemberships && customizeMembershipCrud && deleteMemberships && !deleteMembershipsIfNotExistInGrouper}"}
+# provisioner.genericProvisioner.deleteMembershipsIfGrouperDeleted =
+
+# Delete memberships if created in grouper
+# {valueType: "boolean", order: 5600, indent: 2, defaultValue: "true", subSection: "membership", showEl: "${operateOnGrouperMemberships && customizeMembershipCrud && deleteMemberships && !deleteMembershipsIfNotExistInGrouper && !deleteMembershipsIfGrouperDeleted}"}
+# provisioner.genericProvisioner.deleteMembershipsIfGrouperCreated =
+
+# Advanced options, note, there might not be any
+# {valueType: "boolean", order: 5625, defaultValue: "false", subSection: "membership", showEl: "${operateOnGrouperMemberships}"}
+# provisioner.genericProvisioner.membershipAdvancedOptions =
+
+
+# number of attributes for memberships
+# {valueType: "integer", order: 5700, subSection: "membership", defaultValue: "0", showEl:"${operateOnGrouperMemberships && provisioningType == 'membershipObjects'}", formElement: "dropdown", optionValues: ["1", "2", "3", "4", "5", "6", "7", "8", "9", "10", "11", "12", "13", "14", "15", "16", "17", "18", "19", "20"] }
+# provisioner.genericProvisioner.numberOfMembershipAttributes =
+
+# Name of the attribute
+# {valueType: "string", order: 5710, required: true, showEl: "${operateOnGrouperMemberships && numberOfMembershipAttributes > $i$}", repeatGroup: "targetMembershipAttribute", repeatCount: 20}
+# provisioner.genericProvisioner.targetMembershipAttribute.$i$.name =
+
+# Translate type
+# {valueType: "string", order: 5720, showEl: "${operateOnGrouperMemberships && numberOfMembershipAttributes > $i$}", formElement: "dropdown", optionValues: ["grouperProvisioningGroupField", "grouperProvisioningEntityField", "staticValues", "translationScript"], repeatGroup: "targetMembershipAttribute", repeatCount: 20}
+# provisioner.genericProvisioner.targetMembershipAttribute.$i$.translateExpressionType =
+
+# Translate from field
+# {valueType: "string", order: 5734, required: true, showEl: "${operateOnGrouperMemberships && numberOfMembershipAttributes > $i$ && targetMembershipAttribute.$i$.translateExpressionType == 'grouperProvisioningGroupField'}", formElement: "dropdown", optionValues: ["id", "idIndex", "idIndexString", "displayExtension", "displayName", "extension", "groupAttributeValueCache0", "groupAttributeValueCache1", "groupAttributeValueCache2", "groupAttributeValueCache3", "name", "description"], repeatGroup: "targetMembershipAttribute", repeatCount: 20}
+# provisioner.genericProvisioner.targetMembershipAttribute.$i$.translateFromGrouperProvisioningGroupField =
+
+# Translate from field
+# {valueType: "string", order: 5738, required: true, showEl: "${operateOnGrouperMemberships && numberOfMembershipAttributes > $i$ && targetMembershipAttribute.$i$.translateExpressionType == 'grouperProvisioningEntityField'}", formElement: "dropdown", optionValues: ["description", "email", "entityAttributeValueCache0", "entityAttributeValueCache1", "entityAttributeValueCache2", "entityAttributeValueCache3", "id", "memberId", "name", "subjectId", "subjectSourceId", "subjectIdentifier", "subjectIdentifier0", "subjectIdentifier1", "subjectIdentifier2", "idIndex"], repeatGroup: "targetMembershipAttribute", repeatCount: 20}
+# provisioner.genericProvisioner.targetMembershipAttribute.$i$.translateFromGrouperProvisioningEntityField =
+
+# Translate from static values
+# {valueType: "string", order: 5742, required: true, showEl: "${operateOnGrouperMemberships && numberOfMembershipAttributes > $i$ && targetMembershipAttribute.$i$.translateExpressionType == 'staticValues'}", repeatGroup: "targetMembershipAttribute", repeatCount: 20}
+# provisioner.genericProvisioner.targetMembershipAttribute.$i$.translateFromStaticValues =
+
+# Translate expression
+# {valueType: "string", order: 5748, showEl: "${operateOnGrouperMemberships && numberOfMembershipAttributes > $i$ && targetMembershipAttribute.$i$.translateExpressionType == 'translationScript'}", repeatGroup: "targetMembershipAttribute", repeatCount: 20}
+# provisioner.genericProvisioner.targetMembershipAttribute.$i$.translateExpression =
+
+# Check for nulls in script
+# {valueType: "boolean", order: 5750, defaultValue: "false", showEl: "${operateOnGrouperMemberships && numberOfMembershipAttributes > $i$ && targetMembershipAttribute.$i$.translateExpressionType == 'translationScript'}", repeatGroup: "targetMembershipAttribute", repeatCount: 20}
+# provisioner.genericProvisioner.targetMembershipAttribute.$i$.nullChecksInScript =
+
+# Condition that must be true in order to continue translation
+# {valueType: "string", formElement: "textarea", order: 5755, showEl: "${operateOnGrouperMemberships && numberOfMembershipAttributes > $i$ && targetMembershipAttribute.$i$.translateExpressionType == 'translationScript' && targetMembershipAttribute.$i$.nullChecksInScript}", repeatGroup: "targetMembershipAttribute", repeatCount: 20}
+# provisioner.genericProvisioner.targetMembershipAttribute.$i$.translationContinueCondition =
+
+# Advanced options
+# {valueType: "boolean", order: 5770, defaultValue: "false", showEl: "${operateOnGrouperMemberships && numberOfMembershipAttributes > $i$}", repeatGroup: "targetMembershipAttribute", repeatCount: 20}
+# provisioner.genericProvisioner.targetMembershipAttribute.$i$.showAdvancedAttribute =
+
+
+# Show membership attribute crud
+# {valueType: "boolean", order: 5820, indent: 1, defaultValue: "false", showEl: "${operateOnGrouperMemberships && numberOfMembershipAttributes > $i$ && targetMembershipAttribute.$i$.showAdvancedAttribute}", repeatGroup: "targetMembershipAttribute", repeatCount: 20}
+# provisioner.genericProvisioner.targetMembershipAttribute.$i$.showAttributeCrud =
+
+
+# Select attribute?
+# {valueType: "boolean", order: 5880, indent: 2, defaultValue: "true", showEl: "${operateOnGrouperMemberships && numberOfMembershipAttributes > $i$ && (selectMemberships == null || selectMemberships) && targetMembershipAttribute.$i$.showAdvancedAttribute && targetMembershipAttribute.$i$.showAttributeCrud}", repeatGroup: "targetMembershipAttribute", repeatCount: 20}
+# provisioner.genericProvisioner.targetMembershipAttribute.$i$.select =
+
+# Insert attribute?
+# {valueType: "boolean", order: 5900, indent: 2, defaultValue: "true", showEl: "${operateOnGrouperMemberships && numberOfMembershipAttributes > $i$ && (insertMemberships == null || insertMemberships) && targetMembershipAttribute.$i$.showAdvancedAttribute && targetMembershipAttribute.$i$.showAttributeCrud}", repeatGroup: "targetMembershipAttribute", repeatCount: 20}
+# provisioner.genericProvisioner.targetMembershipAttribute.$i$.insert =
+
+# Show membership attribute validation
+# {valueType: "boolean", order: 5925, indent: 1, defaultValue: "false", showEl: "${operateOnGrouperMemberships && numberOfMembershipAttributes > $i$ && targetMembershipAttribute.$i$.showAdvancedAttribute}", repeatGroup: "targetMembershipAttribute", repeatCount: 20}
+# provisioner.genericProvisioner.targetMembershipAttribute.$i$.showAttributeValueSettings =
+
+
+# Value type
+# {valueType: "string", order: 5950, indent: 2, defaultValue: "string", showEl: "${operateOnGrouperMemberships && numberOfMembershipAttributes > $i$ && targetMembershipAttribute.$i$.showAdvancedAttribute && targetMembershipAttribute.$i$.showAttributeValueSettings}", formElement: "dropdown", optionValues: ["string", "long", "int"], repeatGroup: "targetMembershipAttribute", repeatCount: 20 }
+# provisioner.genericProvisioner.targetMembershipAttribute.$i$.valueType =
+
+
+# Ignore this group if this attribute matches any of these values (comma separated)
+# {valueType: "string", order: 6050, indent: 2, multiple: true, showEl: "${operateOnGrouperMemberships && numberOfMembershipAttributes > $i$ && targetMembershipAttribute.$i$.showAdvancedAttribute && targetMembershipAttribute.$i$.showAttributeValueSettings}", repeatGroup: "targetMembershipAttribute", repeatCount: 20}
+# provisioner.genericProvisioner.targetMembershipAttribute.$i$.ignoreIfMatchesValue =
+
+# Default value if there is not a value
+# {valueType: "string", order: 6075, indent: 2, showEl: "${operateOnGrouperMemberships && numberOfMembershipAttributes > $i$ && targetMembershipAttribute.$i$.showAdvancedAttribute && targetMembershipAttribute.$i$.showAttributeValueSettings}", repeatGroup: "targetMembershipAttribute", repeatCount: 20}
+# provisioner.genericProvisioner.targetMembershipAttribute.$i$.defaultValue =
+
+# Show membership attribute validation
+# {valueType: "boolean", order: 6080, indent: 1, defaultValue: "false", showEl: "${operateOnGrouperMemberships && numberOfMembershipAttributes > $i$ && targetMembershipAttribute.$i$.showAdvancedAttribute}", repeatGroup: "targetMembershipAttribute", repeatCount: 20}
+# provisioner.genericProvisioner.targetMembershipAttribute.$i$.showAttributeValidation =
+
+# If a value is required to provision this group
+# {valueType: "boolean", order: 6100, indent: 2, defaultValue: "false", showEl: "${operateOnGrouperMemberships && numberOfMembershipAttributes > $i$ && targetMembershipAttribute.$i$.showAdvancedAttribute && targetMembershipAttribute.$i$.showAttributeValidation}", repeatGroup: "targetMembershipAttribute", repeatCount: 20}
+# provisioner.genericProvisioner.targetMembershipAttribute.$i$.required =
+
+# Maximum length of this attribute to be valid for provisioning
+# {valueType: "integer", order: 6125, indent: 2, showEl: "${operateOnGrouperMemberships && numberOfMembershipAttributes > $i$ && targetMembershipAttribute.$i$.showAdvancedAttribute && targetMembershipAttribute.$i$.showAttributeValidation}", repeatGroup: "targetMembershipAttribute", repeatCount: 20}
+# provisioner.genericProvisioner.targetMembershipAttribute.$i$.maxlength =
+
+# Validate value with jexl to see if valid for provisioning, the variable 'value' represents the current value. return true if valid and false if invalid
+# {valueType: "string", order: 6150, indent: 2, showEl: "${operateOnGrouperMemberships && numberOfMembershipAttributes > $i$ && targetMembershipAttribute.$i$.showAdvancedAttribute && targetMembershipAttribute.$i$.showAttributeValidation}", repeatGroup: "targetMembershipAttribute", repeatCount: 20}
+# provisioner.genericProvisioner.targetMembershipAttribute.$i$.validExpression =
+
+# Translate expression create only type
+# {valueType: "string", order: 6175, indent: 1, required: false, showEl: "${operateOnGrouperMemberships && numberOfMembershipAttributes > $i$ && (!customizeMembershipCrud || targetMembershipAttribute.$i$.insert) && targetMembershipAttribute.$i$.showAdvancedAttribute}", formElement: "dropdown", optionValues: ["grouperProvisioningGroupField", "grouperProvisioningEntityField", "staticValues", "translationScript"], repeatGroup: "targetMembershipAttribute", repeatCount: 20}
+# provisioner.genericProvisioner.targetMembershipAttribute.$i$.translateExpressionTypeCreateOnly =
+
+# Translate from field create only
+# {valueType: "string", order: 6200, indent: 1, required: true, showEl: "${operateOnGrouperMemberships && numberOfMembershipAttributes > $i$ && (!customizeMembershipCrud || targetMembershipAttribute.$i$.insert) && targetMembershipAttribute.$i$.translateExpressionTypeCreateOnly == 'grouperProvisioningGroupField' && targetMembershipAttribute.$i$.showAdvancedAttribute}", formElement: "dropdown", optionValues: ["description", "displayExtension", "displayName", "extension", "groupAttributeValueCache0", "groupAttributeValueCache1", "groupAttributeValueCache2", "groupAttributeValueCache3", "id", "idIndex", "idIndexString", "name"], repeatGroup: "targetMembershipAttribute", repeatCount: 20}
+# provisioner.genericProvisioner.targetMembershipAttribute.$i$.translateFromGrouperProvisioningGroupFieldCreateOnly =
+
+# Translate from field create only
+# {valueType: "string", order: 6250, indent: 1, required: true, showEl: "${operateOnGrouperMemberships && numberOfMembershipAttributes > $i$ && (!customizeMembershipCrud || targetMembershipAttribute.$i$.insert) && targetMembershipAttribute.$i$.translateExpressionTypeCreateOnly == 'grouperProvisioningEntityField' && targetMembershipAttribute.$i$.showAdvancedAttribute}", formElement: "dropdown", optionValues: ["description", "email", "entityAttributeValueCache0", "entityAttributeValueCache1", "entityAttributeValueCache2", "entityAttributeValueCache3", "id", "memberId", "name", "subjectId", "subjectSourceId", "subjectIdentifier", "subjectIdentifier0", "subjectIdentifier1", "subjectIdentifier2", "idIndex"], repeatGroup: "targetMembershipAttribute", repeatCount: 20}
+# provisioner.genericProvisioner.targetMembershipAttribute.$i$.translateFromGrouperProvisioningEntityFieldCreateOnly =
+
+# Translate from static values create only
+# {valueType: "string", order: 6275, indent: 1, required: true, showEl: "${operateOnGrouperMemberships && numberOfMembershipAttributes > $i$ && (!customizeMembershipCrud || targetMembershipAttribute.$i$.insert) && targetMembershipAttribute.$i$.translateExpressionTypeCreateOnly == 'staticValues' && targetMembershipAttribute.$i$.showAdvancedAttribute}", repeatGroup: "targetMembershipAttribute", repeatCount: 20}
+# provisioner.genericProvisioner.targetMembershipAttribute.$i$.translateFromStaticValuesCreateOnly =
+
+# Translate expression create only
+# {valueType: "string", order: 6300, indent: 1, required: false, showEl: "${operateOnGrouperMemberships && numberOfMembershipAttributes > $i$ && (!customizeMembershipCrud || targetMembershipAttribute.$i$.insert) && targetMembershipAttribute.$i$.translateExpressionTypeCreateOnly == 'translationScript' && targetMembershipAttribute.$i$.showAdvancedAttribute}", repeatGroup: "targetMembershipAttribute", repeatCount: 20}
+# provisioner.genericProvisioner.targetMembershipAttribute.$i$.translateExpressionCreateOnly =
+
+# Operate on grouper groups
+# {valueType: "boolean", order: 7500, defaultValue: "false", subSection: "group"}
+# provisioner.genericProvisioner.operateOnGrouperGroups =
+
+# If CRUD should be customized, otherwise SELECT INSERT UPDATE DELETE_IF_GROUPER_CREATED_THEN_DELETED
+# {valueType: "boolean", order: 8000, defaultValue: "false", subSection: "group", showEl: "${operateOnGrouperGroups}"}
+# provisioner.genericProvisioner.customizeGroupCrud =
+
+# Select groups
+# {valueType: "boolean", order: 8500, indent: 1, defaultValue: "true", subSection: "group", showEl: "${operateOnGrouperGroups && customizeGroupCrud}"}
+# provisioner.genericProvisioner.selectGroups =
+
+# Insert groups
+# {valueType: "boolean", order: 9000, indent: 1, subSection: "group", defaultValue: "true", showEl: "${operateOnGrouperGroups && customizeGroupCrud}"}
+# provisioner.genericProvisioner.insertGroups =
+
+# Delete groups
+# {valueType: "boolean", order: 9500, indent: 1, defaultValue: "true", subSection: "group", showEl: "${operateOnGrouperGroups && customizeGroupCrud}"}
+# provisioner.genericProvisioner.deleteGroups =
+
+# Delete groups if not exist in grouper
+# {valueType: "boolean", order: 10000, indent: 2, defaultValue: "false", subSection: "group", showEl: "${operateOnGrouperGroups && customizeGroupCrud && deleteGroups}"}
+# provisioner.genericProvisioner.deleteGroupsIfNotExistInGrouper =
+
+# Delete groups if deleted in grouper
+# {valueType: "boolean", order: 10500, indent: 2, defaultValue: "false", subSection: "group", showEl: "${operateOnGrouperGroups && customizeGroupCrud && deleteGroups && deleteGroupsIfNotExistInGrouper == false}"}
+# provisioner.genericProvisioner.deleteGroupsIfGrouperDeleted =
+
+# Delete groups if not exist in grouper
+# {valueType: "boolean", order: 10600, indent: 2, defaultValue: "true", subSection: "group", showEl: "${operateOnGrouperGroups && customizeGroupCrud && deleteGroups && deleteGroupsIfNotExistInGrouper == false && deleteGroupsIfGrouperDeleted == false}"}
+# provisioner.genericProvisioner.deleteGroupsIfGrouperCreated =
+
+# Update groups
+# {valueType: "boolean", order: 11500, indent: 1, defaultValue: "true", subSection: "group", showEl: "${operateOnGrouperGroups && customizeGroupCrud}"}
+# provisioner.genericProvisioner.updateGroups =
+
+# Select all groups
+# {valueType: "boolean", order: 11750, defaultValue: "true", subSection: "group", showEl: "${operateOnGrouperGroups && (!customizeGroupCrud || selectGroups)}"}
+# provisioner.genericProvisioner.selectAllGroups =
+
+# if the groups need to be resolved in target
+# {valueType: "boolean", defaultValue: "false", subSection: "group", showEl:"${operateOnGrouperGroups && selectGroups}", order: 12000}
+# provisioner.genericProvisioner.hasTargetGroupLink =
+
+# number of attributes for target groups
+# {valueType: "integer", order: 19999, subSection: "group", defaultValue: "0", showEl:"${operateOnGrouperGroups}", formElement: "dropdown", optionValues: ["1", "2", "3", "4", "5", "6", "7", "8", "9", "10", "11", "12", "13", "14", "15", "16", "17", "18", "19", "20"] }
+# provisioner.genericProvisioner.numberOfGroupAttributes =
+
+# Name of the attribute
+# {valueType: "string", order: 21000, required: true, showEl: "${operateOnGrouperGroups && numberOfGroupAttributes > $i$}", repeatGroup: "targetGroupAttribute", repeatCount: 20}
+# provisioner.genericProvisioner.targetGroupAttribute.$i$.name =
+
+# Translate type
+# {valueType: "string", order: 21200, showEl: "${operateOnGrouperGroups && numberOfGroupAttributes > $i$}", formElement: "dropdown", optionValues: ["grouperProvisioningGroupField", "staticValues", "translationScript"], repeatGroup: "targetGroupAttribute", repeatCount: 20}
+# provisioner.genericProvisioner.targetGroupAttribute.$i$.translateExpressionType =
+
+# Translate from field
+# {valueType: "string", order: 21400, required: true, showEl: "${operateOnGrouperGroups && numberOfGroupAttributes > $i$ && targetGroupAttribute.$i$.translateExpressionType == 'grouperProvisioningGroupField'}", formElement: "dropdown", optionValues: ["description", "displayExtension", "displayName", "extension", "groupAttributeValueCache0", "groupAttributeValueCache1", "groupAttributeValueCache2", "groupAttributeValueCache3", "id", "idIndex", "idIndexString", "name"], repeatGroup: "targetGroupAttribute", repeatCount: 20}
+# provisioner.genericProvisioner.targetGroupAttribute.$i$.translateFromGrouperProvisioningGroupField =
+
+# Translate from static values
+# {valueType: "string", order: 21600, required: true, showEl: "${operateOnGrouperGroups && numberOfGroupAttributes > $i$ && targetGroupAttribute.$i$.translateExpressionType == 'staticValues'}", repeatGroup: "targetGroupAttribute", repeatCount: 20}
+# provisioner.genericProvisioner.targetGroupAttribute.$i$.translateFromStaticValues =
+
+# Translate expression
+# {valueType: "string", order: 21800, showEl: "${operateOnGrouperGroups && numberOfGroupAttributes > $i$ && targetGroupAttribute.$i$.translateExpressionType == 'translationScript'}", repeatGroup: "targetGroupAttribute", repeatCount: 20}
+# provisioner.genericProvisioner.targetGroupAttribute.$i$.translateExpression =
+
+# Check for nulls in script
+# {valueType: "boolean", order: 21850, defaultValue: "false", showEl: "${operateOnGrouperGroups && numberOfGroupAttributes > $i$ && targetGroupAttribute.$i$.translateExpressionType == 'translationScript'}", repeatGroup: "targetGroupAttribute", repeatCount: 20}
+# provisioner.genericProvisioner.targetGroupAttribute.$i$.nullChecksInScript =
+
+# Condition that must be true in order to continue translation
+# {valueType: "string", formElement: "textarea", order: 21855, showEl: "${operateOnGrouperGroups && numberOfGroupAttributes > $i$ && targetGroupAttribute.$i$.translateExpressionType == 'translationScript' && targetGroupAttribute.$i$.nullChecksInScript}", repeatGroup: "targetGroupAttribute", repeatCount: 20}
+# provisioner.genericProvisioner.targetGroupAttribute.$i$.translationContinueCondition =
+
+# Advanced options
+# {valueType: "boolean", order: 22200, defaultValue: "false", showEl: "${operateOnGrouperGroups && numberOfGroupAttributes > $i$}", repeatGroup: "targetGroupAttribute", repeatCount: 20}
+# provisioner.genericProvisioner.targetGroupAttribute.$i$.showAdvancedAttribute =
+
+# Show group attribute crud
+# {valueType: "boolean", order: 22400, indent: 1, defaultValue: "false", showEl: "${operateOnGrouperGroups && numberOfGroupAttributes > $i$ && targetGroupAttribute.$i$.showAdvancedAttribute}", repeatGroup: "targetGroupAttribute", repeatCount: 20}
+# provisioner.genericProvisioner.targetGroupAttribute.$i$.showAttributeCrud =
+
+# Select attribute?
+# {valueType: "boolean", order: 22500, indent: 2, defaultValue: "true", showEl: "${operateOnGrouperGroups && numberOfGroupAttributes > $i$ && targetGroupAttribute.$i$.showAdvancedAttribute && (selectGroups == null || selectGroups) && targetGroupAttribute.$i$.showAttributeCrud}", repeatGroup: "targetGroupAttribute", repeatCount: 20}
+# provisioner.genericProvisioner.targetGroupAttribute.$i$.select =
+
+# Insert attribute?
+# {valueType: "boolean", order: 23000, indent: 2, defaultValue: "true", showEl: "${operateOnGrouperGroups && numberOfGroupAttributes > $i$ && targetGroupAttribute.$i$.showAdvancedAttribute && (insertGroups == null || insertGroups) && targetGroupAttribute.$i$.showAttributeCrud}", repeatGroup: "targetGroupAttribute", repeatCount: 20}
+# provisioner.genericProvisioner.targetGroupAttribute.$i$.insert =
+
+# Update attribute?
+# {valueType: "boolean", order: 24000, indent: 2, defaultValue: "true", showEl: "${operateOnGrouperGroups && numberOfGroupAttributes > $i$ && targetGroupAttribute.$i$.showAdvancedAttribute && (updateGroups == null || updateGroups) && targetGroupAttribute.$i$.showAttributeCrud}", repeatGroup: "targetGroupAttribute", repeatCount: 20}
+# provisioner.genericProvisioner.targetGroupAttribute.$i$.update =
+
+# Show group attribute validation
+# {valueType: "boolean", order: 25000, indent: 1, defaultValue: "false", showEl: "${operateOnGrouperGroups && numberOfGroupAttributes > $i$ && targetGroupAttribute.$i$.showAdvancedAttribute}", repeatGroup: "targetGroupAttribute", repeatCount: 20}
+# provisioner.genericProvisioner.targetGroupAttribute.$i$.showAttributeValueSettings =
+
+# Value type
+# {valueType: "string", order: 25100, indent: 2, defaultValue: "string", showEl: "${operateOnGrouperGroups && numberOfGroupAttributes > $i$ && targetGroupAttribute.$i$.showAdvancedAttribute && targetGroupAttribute.$i$.showAttributeValueSettings}", formElement: "dropdown", optionValues: ["string", "long", "int"], repeatGroup: "targetGroupAttribute", repeatCount: 20 }
+# provisioner.genericProvisioner.targetGroupAttribute.$i$.valueType =
+
+# Multi-valued attribute?
+# {valueType: "boolean", order: 25200, indent: 2, defaultValue: "false", showEl: "${operateOnGrouperGroups && numberOfGroupAttributes > $i$ && targetGroupAttribute.$i$.showAdvancedAttribute && targetGroupAttribute.$i$.showAttributeValueSettings}", repeatGroup: "targetGroupAttribute", repeatCount: 20}
+# provisioner.genericProvisioner.targetGroupAttribute.$i$.multiValued =
+
+# Default value if there is not a value
+# {valueType: "string", order: 25500, indent: 2, showEl: "${operateOnGrouperGroups && numberOfGroupAttributes > $i$ && targetGroupAttribute.$i$.showAdvancedAttribute && targetGroupAttribute.$i$.showAttributeValueSettings}", repeatGroup: "targetGroupAttribute", repeatCount: 20}
+# provisioner.genericProvisioner.targetGroupAttribute.$i$.defaultValue =
+
+# Ignore this group if this attribute matches any of these values (comma separated)
+# {valueType: "string", order: 26000, indent: 2, multiple: true, showEl: "${operateOnGrouperGroups && numberOfGroupAttributes > $i$ && targetGroupAttribute.$i$.showAdvancedAttribute && targetGroupAttribute.$i$.showAttributeValueSettings}", repeatGroup: "targetGroupAttribute", repeatCount: 20}
+# provisioner.genericProvisioner.targetGroupAttribute.$i$.ignoreIfMatchesValue =
+
+# Show group attribute validation
+# {valueType: "boolean", order: 29200, indent: 1, defaultValue: "false", showEl: "${operateOnGrouperGroups && numberOfGroupAttributes > $i$ && targetGroupAttribute.$i$.showAdvancedAttribute}", repeatGroup: "targetGroupAttribute", repeatCount: 20}
+# provisioner.genericProvisioner.targetGroupAttribute.$i$.showAttributeValidation =
+
+# If a value is required to provision this group
+# {valueType: "boolean", order: 29250, indent: 2, defaultValue: "false", showEl: "${operateOnGrouperGroups && numberOfGroupAttributes > $i$ && targetGroupAttribute.$i$.showAdvancedAttribute && targetGroupAttribute.$i$.showAttributeValidation}", repeatGroup: "targetGroupAttribute", repeatCount: 20}
+# provisioner.genericProvisioner.targetGroupAttribute.$i$.required =
+
+# Maximum length of this field to be valid for provisioning
+# {valueType: "integer", order: 29500, indent: 2, showEl: "${operateOnGrouperGroups && numberOfGroupAttributes > $i$ && targetGroupAttribute.$i$.showAdvancedAttribute && targetGroupAttribute.$i$.showAttributeValidation}", repeatGroup: "targetGroupAttribute", repeatCount: 20}
+# provisioner.genericProvisioner.targetGroupAttribute.$i$.maxlength =
+
+# Validate value with jexl to see if valid for provisioning, the variable 'value' represents the current value. return true if valid and false if invalid
+# {valueType: "string", order: 29750, indent: 2, showEl: "${operateOnGrouperGroups && numberOfGroupAttributes > $i$ && targetGroupAttribute.$i$.showAdvancedAttribute && targetGroupAttribute.$i$.showAttributeValidation}", repeatGroup: "targetGroupAttribute", repeatCount: 20}
+# provisioner.genericProvisioner.targetGroupAttribute.$i$.validExpression =
+
+# Translate expression create only type
+# {valueType: "string", order: 31300, indent: 1, required: false, showEl: "${operateOnGrouperGroups && numberOfGroupAttributes > $i$ && targetGroupAttribute.$i$.showAdvancedAttribute && (!customizeGroupCrud || targetGroupAttribute.$i$.insert)}", formElement: "dropdown", optionValues: ["grouperProvisioningGroupField", "staticValues", "translationScript"], repeatGroup: "targetGroupAttribute", repeatCount: 20}
+# provisioner.genericProvisioner.targetGroupAttribute.$i$.translateExpressionTypeCreateOnly =
+
+# Translate from field create only
+# {valueType: "string", order: 31600, indent: 1, required: true, showEl: "${operateOnGrouperGroups && numberOfGroupAttributes > $i$ && targetGroupAttribute.$i$.showAdvancedAttribute && (!customizeGroupCrud || targetGroupAttribute.$i$.insert) && targetGroupAttribute.$i$.translateExpressionTypeCreateOnly == 'grouperProvisioningGroupField'}", formElement: "dropdown", optionValues: ["description", "displayExtension", "displayName", "extension", "groupAttributeValueCache0", "groupAttributeValueCache1", "groupAttributeValueCache2", "groupAttributeValueCache3", "id", "idIndex", "idIndexString", "name"], repeatGroup: "targetGroupAttribute", repeatCount: 20}
+# provisioner.genericProvisioner.targetGroupAttribute.$i$.translateFromGrouperProvisioningGroupFieldCreateOnly =
+
+# Translate from static values create only
+# {valueType: "string", order: 31800, indent: 1, required: true, showEl: "${operateOnGrouperGroups && numberOfGroupAttributes > $i$ && targetGroupAttribute.$i$.showAdvancedAttribute && (!customizeGroupCrud || targetGroupAttribute.$i$.insert) && targetGroupAttribute.$i$.translateExpressionTypeCreateOnly == 'staticValues'}", repeatGroup: "targetGroupAttribute", repeatCount: 20}
+# provisioner.genericProvisioner.targetGroupAttribute.$i$.translateFromStaticValuesCreateOnly =
+
+# Translate expression create only
+# {valueType: "string", order: 32000, indent: 1, required: false, showEl: "${operateOnGrouperGroups && numberOfGroupAttributes > $i$ && targetGroupAttribute.$i$.showAdvancedAttribute && (!customizeGroupCrud || targetGroupAttribute.$i$.insert) && targetGroupAttribute.$i$.translateExpressionTypeCreateOnly == 'translationScript'}", repeatGroup: "targetGroupAttribute", repeatCount: 20}
+# provisioner.genericProvisioner.targetGroupAttribute.$i$.translateExpressionCreateOnly =
+
+# Operate on grouper entities
+# {valueType: "boolean", order: 37000, defaultValue: "false", subSection: "entity"}
+# provisioner.genericProvisioner.operateOnGrouperEntities =
+
+# (Default), just SELECT entities and do not make changes. If true (make changes), then SELECT INSERT UPDATE DELETE_IF_GROUPER_CREATED_THEN_DELETED
+# {valueType: "boolean", order: 37200, defaultValue: "false", subSection: "entity", showEl: "${operateOnGrouperEntities}"}
+# provisioner.genericProvisioner.makeChangesToEntities =
+
+# If CRUD should be customized, otherwise SELECT (if not makeChangesToEntities), or SELECT INSERT UPDATE DELETE_IF_GROUPER_CREATED_THEN_DELETED (if makeChangesToEntities)
+# {valueType: "boolean", order: 37300, defaultValue: "false", subSection: "entity", showEl: "${operateOnGrouperEntities}"}
+# provisioner.genericProvisioner.customizeEntityCrud =
+
+# Select entities
+# {valueType: "boolean", order: 37500, indent: 1, defaultValue: "true", subSection: "entity", showEl: "${operateOnGrouperEntities && customizeEntityCrud}"}
+# provisioner.genericProvisioner.selectEntities =
+
+# Insert entities
+# {valueType: "boolean", order: 38000, indent: 1, subSection: "entity", defaultValue: "true", showEl: "${operateOnGrouperEntities && customizeEntityCrud && makeChangesToEntities}"}
+# provisioner.genericProvisioner.insertEntities =
+
+# Delete entities
+# {valueType: "boolean", order: 39000, indent: 1, subSection: "entity", defaultValue: "true", showEl: "${operateOnGrouperEntities && customizeEntityCrud && makeChangesToEntities}"}
+# provisioner.genericProvisioner.deleteEntities =
+
+# Delete entities if not exist in grouper
+# {valueType: "boolean", order: 39500, indent: 2, defaultValue: "false", subSection: "entity", showEl: "${operateOnGrouperEntities && customizeEntityCrud && makeChangesToEntities && deleteEntities}"}
+# provisioner.genericProvisioner.deleteEntitiesIfNotExistInGrouper =
+
+# Delete entities if deleted in grouper
+# {valueType: "boolean", order: 40000, indent: 2, defaultValue: "false", subSection: "entity", showEl: "${operateOnGrouperEntities && customizeEntityCrud && makeChangesToEntities && deleteEntities && !deleteEntitiesIfNotExistInGrouper}"}
+# provisioner.genericProvisioner.deleteEntitiesIfGrouperDeleted =
+
+# Delete entities if not exist in grouper
+# {valueType: "boolean", order: 40100, indent: 2, defaultValue: "true", subSection: "entity", showEl: "${operateOnGrouperEntities && customizeEntityCrud && makeChangesToEntities && deleteEntities && !deleteEntitiesIfNotExistInGrouper && !deleteEntitiesIfGrouperDeleted}"}
+# provisioner.genericProvisioner.deleteEntitiesIfGrouperCreated =
+
+# Update entities
+# {valueType: "boolean", order: 41000, indent: 1, defaultValue: "true", subSection: "entity", showEl: "${operateOnGrouperEntities && customizeEntityCrud && makeChangesToEntities}"}
+# provisioner.genericProvisioner.updateEntities =
+
+# Select all entities
+# {valueType: "boolean", order: 42000, required: "true", subSection: "entity", showEl: "${operateOnGrouperEntities && (!customizeEntityCrud || selectEntities)}"}
+# provisioner.genericProvisioner.selectAllEntities =
+
+# if the entities need to be resolved in target
+# {valueType: "boolean", defaultValue: "false", showEl:"${operateOnGrouperEntities && selectEntities}", order: 53000, subSection: "entity"}
+# provisioner.genericProvisioner.hasTargetEntityLink =
+
+# number of attributes for target entities
+# {valueType: "integer", order: 59000, subSection: "entity", defaultValue: "0", showEl:"${operateOnGrouperEntities && (!customizeEntityCrud || selectEntities)}", formElement: "dropdown", optionValues: ["1", "2", "3", "4", "5", "6", "7", "8", "9", "10", "11", "12", "13", "14", "15", "16", "17", "18", "19", "20"] }
+# provisioner.genericProvisioner.numberOfEntityAttributes =
+
+# Name of the attribute
+# {valueType: "string", order: 61000, required: true, showEl: "${operateOnGrouperEntities && numberOfEntityAttributes > $i$}", repeatGroup: "targetEntityAttribute", repeatCount: 20}
+# provisioner.genericProvisioner.targetEntityAttribute.$i$.name =
+
+# Translate type
+# {valueType: "string", order: 61100, showEl: "${operateOnGrouperEntities && numberOfEntityAttributes > $i$}", formElement: "dropdown", optionValues: ["grouperProvisioningEntityField", "staticValues", "translationScript"], repeatGroup: "targetEntityAttribute", repeatCount: 20}
+# provisioner.genericProvisioner.targetEntityAttribute.$i$.translateExpressionType =
+
+# Translate from field
+# {valueType: "string", order: 61200, required: true, showEl: "${operateOnGrouperEntities && numberOfEntityAttributes > $i$ && targetEntityAttribute.$i$.translateExpressionType == 'grouperProvisioningEntityField'}", formElement: "dropdown", optionValues: ["description", "email", "entityAttributeValueCache0", "entityAttributeValueCache1", "entityAttributeValueCache2", "entityAttributeValueCache3", "id", "memberId", "name", "subjectId", "subjectSourceId", "subjectIdentifier", "subjectIdentifier0", "subjectIdentifier1", "subjectIdentifier2", "idIndex"], repeatGroup: "targetEntityAttribute", repeatCount: 20}
+# provisioner.genericProvisioner.targetEntityAttribute.$i$.translateFromGrouperProvisioningEntityField =
+
+# Translate from static values
+# {valueType: "string", order: 61300, required: true, showEl: "${operateOnGrouperEntities && numberOfEntityAttributes > $i$ && targetEntityAttribute.$i$.translateExpressionType == 'staticValues'}", repeatGroup: "targetEntityAttribute", repeatCount: 20}
+# provisioner.genericProvisioner.targetEntityAttribute.$i$.translateFromStaticValues =
+
+# Translate expression
+# {valueType: "string", order: 61400, showEl: "${operateOnGrouperEntities && numberOfEntityAttributes > $i$ && targetEntityAttribute.$i$.translateExpressionType == 'translationScript'}", repeatGroup: "targetEntityAttribute", repeatCount: 20}
+# provisioner.genericProvisioner.targetEntityAttribute.$i$.translateExpression =
+
+# Check for nulls in script
+# {valueType: "boolean", order: 61450, defaultValue: "false", showEl: "${operateOnGrouperEntities && numberOfEntityAttributes > $i$ && targetEntityAttribute.$i$.translateExpressionType == 'translationScript'}", repeatGroup: "targetEntityAttribute", repeatCount: 20}
+# provisioner.genericProvisioner.targetEntityAttribute.$i$.nullChecksInScript =
+
+# Condition that must be true in order to continue translation
+# {valueType: "string", formElement: "textarea", order: 61455, showEl: "${operateOnGrouperEntities && numberOfEntityAttributes > $i$ && targetEntityAttribute.$i$.translateExpressionType == 'translationScript' && targetEntityAttribute.$i$.nullChecksInScript}", repeatGroup: "targetEntityAttribute", repeatCount: 20}
+# provisioner.genericProvisioner.targetEntityAttribute.$i$.translationContinueCondition =
+
+# Advanced options
+# {valueType: "boolean", order: 61500, defaultValue: "false", showEl: "${operateOnGrouperEntities && numberOfEntityAttributes > $i$}", repeatGroup: "targetEntityAttribute", repeatCount: 20}
+# provisioner.genericProvisioner.targetEntityAttribute.$i$.showAdvancedAttribute =
+
+# Show entity attribute crud
+# {valueType: "boolean", order: 62000, indent: 1, defaultValue: "false", showEl: "${operateOnGrouperEntities && numberOfEntityAttributes > $i$ && targetEntityAttribute.$i$.showAdvancedAttribute}", repeatGroup: "targetEntityAttribute", repeatCount: 20}
+# provisioner.genericProvisioner.targetEntityAttribute.$i$.showAttributeCrud =
+
+# Select attribute?
+# {valueType: "boolean", order: 63000, indent: 2, defaultValue: "true", showEl: "${operateOnGrouperEntities && numberOfEntityAttributes > $i$ && targetEntityAttribute.$i$.showAdvancedAttribute && (selectEntities == null || selectEntities) && targetEntityAttribute.$i$.showAttributeCrud}", repeatGroup: "targetEntityAttribute", repeatCount: 20}
+# provisioner.genericProvisioner.targetEntityAttribute.$i$.select =
+
+# Insert attribute?
+# {valueType: "boolean", order: 64000, indent: 2, defaultValue: "true", showEl: "${operateOnGrouperEntities && numberOfEntityAttributes > $i$ && targetEntityAttribute.$i$.showAdvancedAttribute && makeChangesToEntities && (insertEntities == null || insertEntities) && targetEntityAttribute.$i$.showAttributeCrud}", repeatGroup: "targetEntityAttribute", repeatCount: 20}
+# provisioner.genericProvisioner.targetEntityAttribute.$i$.insert =
+
+# Update attribute?
+# {valueType: "boolean", order: 65000, indent: 2, defaultValue: "true", showEl: "${operateOnGrouperEntities && numberOfEntityAttributes > $i$ && targetEntityAttribute.$i$.showAdvancedAttribute && makeChangesToEntities && (updateEntities == null || updateEntities) && targetEntityAttribute.$i$.showAttributeCrud}", repeatGroup: "targetEntityAttribute", repeatCount: 20}
+# provisioner.genericProvisioner.targetEntityAttribute.$i$.update =
+
+# Show entity attribute validation
+# {valueType: "boolean", order: 67100, indent: 1, defaultValue: "false", showEl: "${operateOnGrouperEntities && numberOfEntityAttributes > $i$ && targetEntityAttribute.$i$.showAdvancedAttribute}", repeatGroup: "targetEntityAttribute", repeatCount: 20}
+# provisioner.genericProvisioner.targetEntityAttribute.$i$.showAttributeValueSettings =
+
+# Value type
+# {valueType: "string", order: 67200, indent: 2, defaultValue: "string", showEl: "${operateOnGrouperEntities && numberOfEntityAttributes > $i$ && targetEntityAttribute.$i$.showAdvancedAttribute && targetEntityAttribute.$i$.showAttributeValueSettings}", formElement: "dropdown", optionValues: ["string", "long", "int"], repeatGroup: "targetEntityAttribute", repeatCount: 20 }
+# provisioner.genericProvisioner.targetEntityAttribute.$i$.valueType =
+
+# Multi-valued attribute?
+# {valueType: "boolean", order: 67300, indent: 2, defaultValue: "false", showEl: "${operateOnGrouperEntities && numberOfEntityAttributes > $i$ && targetEntityAttribute.$i$.showAdvancedAttribute && targetEntityAttribute.$i$.showAttributeValueSettings}", repeatGroup: "targetEntityAttribute", repeatCount: 20}
+# provisioner.genericProvisioner.targetEntityAttribute.$i$.multiValued =
+
+# Default value if there is not a value
+# {valueType: "string", order: 67400, indent: 2, showEl: "${operateOnGrouperEntities && numberOfEntityAttributes > $i$ && targetEntityAttribute.$i$.showAdvancedAttribute && targetEntityAttribute.$i$.showAttributeValueSettings}", repeatGroup: "targetEntityAttribute", repeatCount: 20}
+# provisioner.genericProvisioner.targetEntityAttribute.$i$.defaultValue =
+
+# Ignore entity if this attribute matches any of these values (comma separated)
+# {valueType: "string", order: 67500, indent: 2, multiple: true, showEl: "${operateOnGrouperEntities && numberOfEntityAttributes > $i$ && targetEntityAttribute.$i$.showAdvancedAttribute && targetEntityAttribute.$i$.showAttributeValueSettings}", repeatGroup: "targetEntityAttribute", repeatCount: 20}
+# provisioner.genericProvisioner.targetEntityAttribute.$i$.ignoreIfMatchesValue =
+
+# Show entity attribute validation
+# {valueType: "boolean", order: 69125, indent: 1, defaultValue: "false", showEl: "${operateOnGrouperEntities && numberOfEntityAttributes > $i$ && targetEntityAttribute.$i$.showAdvancedAttribute}", repeatGroup: "targetEntityAttribute", repeatCount: 20}
+# provisioner.genericProvisioner.targetEntityAttribute.$i$.showAttributeValidation =
+
+
+# If a value is required to provision this entity
+# {valueType: "boolean", order: 69250, indent: 2, defaultValue: "false", showEl: "${operateOnGrouperEntities && numberOfEntityAttributes > $i$ && targetEntityAttribute.$i$.showAdvancedAttribute && targetEntityAttribute.$i$.showAttributeValidation}", repeatGroup: "targetEntityAttribute", repeatCount: 20}
+# provisioner.genericProvisioner.targetEntityAttribute.$i$.required =
+
+# Maximum length of this field to be valid for provisioning
+# {valueType: "string", order: 69500, indent: 2, showEl: "${operateOnGrouperEntities && numberOfEntityAttributes > $i$ && targetEntityAttribute.$i$.showAdvancedAttribute && targetEntityAttribute.$i$.showAttributeValidation}", repeatGroup: "targetEntityAttribute", repeatCount: 20}
+# provisioner.genericProvisioner.targetEntityAttribute.$i$.maxlength =
+
+# Validate value with jexl to see if valid for provisioning
+# {valueType: "string", order: 69750, indent: 2, showEl: "${operateOnGrouperEntities && numberOfEntityAttributes > $i$ && targetEntityAttribute.$i$.showAdvancedAttribute && targetEntityAttribute.$i$.showAttributeValidation}", repeatGroup: "targetEntityAttribute", repeatCount: 20}
+# provisioner.genericProvisioner.targetEntityAttribute.$i$.validExpression =
+
+# Translate expression create only type
+# {valueType: "string", order: 70650, indent: 1, required: false, showEl: "${operateOnGrouperEntities && numberOfEntityAttributes > $i$ && targetEntityAttribute.$i$.showAdvancedAttribute && makeChangesToEntities && (!customizeEntityCrud || targetEntityAttribute.$i$.insert)}", formElement: "dropdown", optionValues: ["grouperProvisioningEntityField", "staticValues", "translationScript"], repeatGroup: "targetEntityAttribute", repeatCount: 20}
+# provisioner.genericProvisioner.targetEntityAttribute.$i$.translateExpressionTypeCreateOnly =
+
+# Translate from field create only
+# {valueType: "string", order: 70750, indent: 1, required: true, showEl: "${operateOnGrouperEntities && numberOfEntityAttributes > $i$ && targetEntityAttribute.$i$.showAdvancedAttribute && makeChangesToEntities && (!customizeEntityCrud || targetEntityAttribute.$i$.insert) && targetEntityAttribute.$i$.translateExpressionTypeCreateOnly == 'grouperProvisioningEntityField'}", formElement: "dropdown", optionValues: ["description", "email", "entityAttributeValueCache0", "entityAttributeValueCache1", "entityAttributeValueCache2", "entityAttributeValueCache3", "id", "memberId", "name", "subjectId", "subjectSourceId", "subjectIdentifier", "subjectIdentifier0", "subjectIdentifier1", "subjectIdentifier2", "idIndex"], repeatGroup: "targetEntityAttribute", repeatCount: 20}
+# provisioner.genericProvisioner.targetEntityAttribute.$i$.translateFromGrouperProvisioningEntityFieldCreateOnly =
+
+# Translate from static values create only
+# {valueType: "string", order: 70850, indent: 1, required: true, showEl: "${operateOnGrouperEntities && numberOfEntityAttributes > $i$ && targetEntityAttribute.$i$.showAdvancedAttribute && makeChangesToEntities && (!customizeEntityCrud || targetEntityAttribute.$i$.insert) && targetEntityAttribute.$i$.translateExpressionTypeCreateOnly == 'staticValues'}", repeatGroup: "targetEntityAttribute", repeatCount: 20}
+# provisioner.genericProvisioner.targetEntityAttribute.$i$.translateFromStaticValuesCreateOnly =
+
+# Translate expression create only
+# {valueType: "string", order: 72000, indent: 1, required: false, showEl: "${operateOnGrouperEntities && numberOfEntityAttributes > $i$ && targetEntityAttribute.$i$.showAdvancedAttribute && makeChangesToEntities && (!customizeEntityCrud || targetEntityAttribute.$i$.insert) && targetEntityAttribute.$i$.translateExpressionTypeCreateOnly == 'translationScript'}", repeatGroup: "targetEntityAttribute", repeatCount: 20}
+# provisioner.genericProvisioner.targetEntityAttribute.$i$.translateExpressionCreateOnly =
+
+# subject sources to provision
+# {valueType: "string", required: true, order: 76000, multiple: true, formElement: "checkbox", checkboxValuesFromClass: "edu.internet2.middleware.grouper.SubjectFinder", subSection: "general2", showEl: "${operateOnGrouperEntities || operateOnGrouperMemberships}"}
+# provisioner.genericProvisioner.subjectSourcesToProvision =
+
+# Advanced options, note, there might not be any
+# {valueType: "boolean", order: 76500, defaultValue: "false", subSection: "membership2", showEl: "${operateOnGrouperMemberships}"}
+# provisioner.genericProvisioner.membership2AdvancedOptions =
+
+# Matching ID expression
+# {valueType: "string", order: 76510, subSection: "membership2", showEl: "${operateOnGrouperMemberships && membership2AdvancedOptions && provisioningType == 'membershipObjects'}"}
+# provisioner.genericProvisioner.membershipMatchingIdExpression =
+
+# if provisioning normal memberships or privileges
+# {valueType: "string", order: 76520, formElement: "dropdown", subSection: "membership2", showEl: "${operateOnGrouperMemberships && membership2AdvancedOptions}", defaultValue: "members", optionValues: ["members", "read, admin", "update, admin", "admin"]}
+# provisioner.genericProvisioner.membershipFields =
+
+# membership attribute name for groups
+# {valueType: "string", required: true, order: 77000, subSection: "group2", showEl: "${operateOnGrouperGroups && provisioningType == 'groupAttributes'}", formElement: "dropdown", optionValuesFromClass: "edu.internet2.middleware.grouper.app.provisioning.ProvisioningGroupAttributeDropdownOptions"}
+# provisioner.genericProvisioner.groupMembershipAttributeName =
+
+# membership attribute value for groups
+# {valueType: "string", required: true, order: 77010, subSection: "group2", showEl: "${operateOnGrouperGroups && provisioningType == 'groupAttributes'}", formElement: "dropdown", optionValuesFromClass: "edu.internet2.middleware.grouper.app.provisioning.ProvisioningEntityCacheDropdownOptions"}
+# provisioner.genericProvisioner.groupMembershipAttributeValue =
+
+# generally the matching attribute(s) are the same as the search attributes, but they can be different
+# {valueType: "boolean", defaultValue: "true", order: 77220, subSection: "group2", showEl: "${operateOnGrouperGroups && (!customizeGroupCrud || selectGroups || insertGroups || updateGroups || deleteGroups)}"}
+# provisioner.genericProvisioner.groupMatchingAttributeSameAsSearchAttribute =
+
+# how many group matching attributes
+# {valueType: "integer", required: true, order: 77222, subSection: "group2", showEl: "${operateOnGrouperGroups && (!customizeGroupCrud || selectGroups || insertGroups || updateGroups || deleteGroups)}", formElement: "dropdown", optionValues: ["1", "2", "3"] }
+# provisioner.genericProvisioner.groupMatchingAttributeCount =
+
+# group matching attribute 1
+# {valueType: "string", required: true, order: 77226, subSection: "group2", showEl: "${operateOnGrouperGroups && (!customizeGroupCrud || selectGroups || insertGroups || updateGroups || deleteGroups) && groupMatchingAttributeCount >= 1}", formElement: "dropdown", optionValuesFromClass: "edu.internet2.middleware.grouper.app.provisioning.ProvisioningGroupAttributeDropdownOptions" }
+# provisioner.genericProvisioner.groupMatchingAttribute0name =
+
+# group matching attribute 2
+# {valueType: "string", required: true, order: 77230, subSection: "group2", showEl: "${operateOnGrouperGroups && (!customizeGroupCrud || selectGroups || insertGroups || updateGroups || deleteGroups) && groupMatchingAttributeCount >= 2}", formElement: "dropdown", optionValuesFromClass: "edu.internet2.middleware.grouper.app.provisioning.ProvisioningGroupAttributeDropdownOptions" }
+# provisioner.genericProvisioner.groupMatchingAttribute1name =
+
+# group matching attribute 3
+# {valueType: "string", required: true, order: 77234, subSection: "group2", showEl: "${operateOnGrouperGroups && (!customizeGroupCrud || selectGroups || insertGroups || updateGroups || deleteGroups) && groupMatchingAttributeCount >= 3}", formElement: "dropdown", optionValuesFromClass: "edu.internet2.middleware.grouper.app.provisioning.ProvisioningGroupAttributeDropdownOptions" }
+# provisioner.genericProvisioner.groupMatchingAttribute2name =
+
+# how many group search attributes
+# {valueType: "integer", required: true, order: 77250, subSection: "group2", showEl: "${operateOnGrouperGroups && (!customizeGroupCrud || selectGroups || insertGroups || updateGroups || deleteGroups) && !groupMatchingAttributeSameAsSearchAttribute}", formElement: "dropdown", optionValues: ["1", "2", "3"] }
+# provisioner.genericProvisioner.groupSearchAttributeCount =
+
+# group search attribute 1
+# {valueType: "string", required: true, order: 77254, subSection: "group2", showEl: "${operateOnGrouperGroups && (!customizeGroupCrud || selectGroups || insertGroups || updateGroups || deleteGroups) && !groupMatchingAttributeSameAsSearchAttribute && groupSearchAttributeCount >= 1}", formElement: "dropdown", optionValuesFromClass: "edu.internet2.middleware.grouper.app.provisioning.ProvisioningGroupAttributeDropdownOptions" }
+# provisioner.genericProvisioner.groupSearchAttribute0name =
+
+# group search attribute 2
+# {valueType: "string", required: true, order: 77258, subSection: "group2", showEl: "${operateOnGrouperGroups && (!customizeGroupCrud || selectGroups || insertGroups || updateGroups || deleteGroups) && !groupMatchingAttributeSameAsSearchAttribute && groupSearchAttributeCount >= 2}", formElement: "dropdown", optionValuesFromClass: "edu.internet2.middleware.grouper.app.provisioning.ProvisioningGroupAttributeDropdownOptions" }
+# provisioner.genericProvisioner.groupSearchAttribute1name =
+
+# group search attribute 3
+# {valueType: "string", required: true, order: 77262, subSection: "group2", showEl: "${operateOnGrouperGroups && (!customizeGroupCrud || selectGroups || insertGroups || updateGroups || deleteGroups) && !groupMatchingAttributeSameAsSearchAttribute && groupSearchAttributeCount >= 3}", formElement: "dropdown", optionValuesFromClass: "edu.internet2.middleware.grouper.app.provisioning.ProvisioningGroupAttributeDropdownOptions" }
+# provisioner.genericProvisioner.groupSearchAttribute2name =
+
+# Target group link - has groupAttributeValueCache?
+# {valueType: "boolean", defaultValue: "false", subSection: "group2", showEl: "${operateOnGrouperGroups}", order: 78001}
+# provisioner.genericProvisioner.groupAttributeValueCacheHas =
+
+# Target group link - has groupAttributeValueCache0?
+# {valueType: "boolean", indent: 1, defaultValue: "false", subSection: "group2", showEl: "${operateOnGrouperGroups && groupAttributeValueCacheHas}", order: 78001}
+# provisioner.genericProvisioner.groupAttributeValueCache0has =
+
+# Target group link - groupAttributeValueCache0 source
+# {valueType: "string", indent: 2, required: true, subSection: "group2", showEl: "${operateOnGrouperGroups && groupAttributeValueCacheHas && groupAttributeValueCache0has}", order: 78002, formElement: "dropdown", optionValues: ["grouper", "target"]}
+# provisioner.genericProvisioner.groupAttributeValueCache0source =
+
+# Target group link - groupAttributeValueCache0 type
+# {valueType: "string", indent: 2, required: true, subSection: "group2", showEl: "${operateOnGrouperGroups && groupAttributeValueCacheHas && groupAttributeValueCache0has}", order: 78004, formElement: "dropdown", optionValues: ["groupAttribute", "groupObject", "translationScript"]}
+# provisioner.genericProvisioner.groupAttributeValueCache0type =
+
+# Target group link - groupAttributeValueCache0 groupAttribute
+# {valueType: "string", indent: 2, required: true, subSection: "group2", showEl: "${operateOnGrouperGroups && groupAttributeValueCacheHas && groupAttributeValueCache0has && groupAttributeValueCache0type == 'groupAttribute'}", order: 78006, formElement: "dropdown", optionValuesFromClass: "edu.internet2.middleware.grouper.app.provisioning.ProvisioningGroupAttributeDropdownOptions"}
+# provisioner.genericProvisioner.groupAttributeValueCache0groupAttribute =
+
+# Target group link - groupAttributeValueCache0 translationScript
+# {valueType: "string", indent: 2, required: true, subSection: "group2", showEl: "${operateOnGrouperGroups && groupAttributeValueCacheHas && groupAttributeValueCache0has && groupAttributeValueCache0type == 'translationScript'}", order: 78008}
+# provisioner.genericProvisioner.groupAttributeValueCache0translationScript =
+
+# Target group link - has groupAttributeValueCache1?
+# {valueType: "boolean", indent: 1, defaultValue: "false", subSection: "group2", showEl: "${operateOnGrouperGroups && groupAttributeValueCacheHas}", order: 78101}
+# provisioner.genericProvisioner.groupAttributeValueCache1has =
+
+# Target group link - groupAttributeValueCache1 source
+# {valueType: "string", indent: 2, required: true, subSection: "group2", showEl: "${operateOnGrouperGroups && groupAttributeValueCacheHas && groupAttributeValueCache1has}", order: 78102, formElement: "dropdown", optionValues: ["grouper", "target"]}
+# provisioner.genericProvisioner.groupAttributeValueCache1source =
+
+# Target group link - groupAttributeValueCache1 type
+# {valueType: "string", indent: 2, required: true, subSection: "group2", showEl: "${operateOnGrouperGroups && groupAttributeValueCacheHas && groupAttributeValueCache1has}", order: 78104, formElement: "dropdown", optionValues: ["groupAttribute", "groupObject", "translationScript"]}
+# provisioner.genericProvisioner.groupAttributeValueCache1type =
+
+# Target group link - groupAttributeValueCache1 groupAttribute
+# {valueType: "string", indent: 2, required: true, subSection: "group2", showEl: "${operateOnGrouperGroups && groupAttributeValueCacheHas && groupAttributeValueCache1has && groupAttributeValueCache1type == 'groupAttribute'}", order: 78106, formElement: "dropdown", optionValuesFromClass: "edu.internet2.middleware.grouper.app.provisioning.ProvisioningGroupAttributeDropdownOptions"}
+# provisioner.genericProvisioner.groupAttributeValueCache1groupAttribute =
+
+# Target group link - groupAttributeValueCache1 translationScript
+# {valueType: "string", indent: 2, required: true, subSection: "group2", showEl: "${operateOnGrouperGroups && groupAttributeValueCacheHas && groupAttributeValueCache1has && groupAttributeValueCache1type == 'translationScript'}", order: 78108}
+# provisioner.genericProvisioner.groupAttributeValueCache1translationScript =
+
+
+# Target group link - has groupAttributeValueCache2?
+# {valueType: "boolean", indent: 1, defaultValue: "false", subSection: "group2", showEl: "${operateOnGrouperGroups && groupAttributeValueCacheHas}", order: 78201}
+# provisioner.genericProvisioner.groupAttributeValueCache2has =
+
+# Target group link - groupAttributeValueCache2 source
+# {valueType: "string", indent: 2, required: true, subSection: "group2", showEl: "${operateOnGrouperGroups && groupAttributeValueCacheHas && groupAttributeValueCache2has}", order: 78202, formElement: "dropdown", optionValues: ["grouper", "target"]}
+# provisioner.genericProvisioner.groupAttributeValueCache2source =
+
+# Target group link - groupAttributeValueCache2 type
+# {valueType: "string", indent: 2, required: true, subSection: "group2", showEl: "${operateOnGrouperGroups && groupAttributeValueCacheHas && groupAttributeValueCache2has}", order: 78204, formElement: "dropdown", optionValues: ["groupAttribute", "groupObject", "translationScript"]}
+# provisioner.genericProvisioner.groupAttributeValueCache2type =
+
+# Target group link - groupAttributeValueCache2 groupAttribute
+# {valueType: "string", indent: 2, required: true, subSection: "group2", showEl: "${operateOnGrouperGroups && groupAttributeValueCacheHas && groupAttributeValueCache2has && groupAttributeValueCache2type == 'groupAttribute'}", order: 78206, formElement: "dropdown", optionValuesFromClass: "edu.internet2.middleware.grouper.app.provisioning.ProvisioningGroupAttributeDropdownOptions"}
+# provisioner.genericProvisioner.groupAttributeValueCache2groupAttribute =
+
+# Target group link - groupAttributeValueCache2 translationScript
+# {valueType: "string", indent: 2, required: true, subSection: "group2", showEl: "${operateOnGrouperGroups && groupAttributeValueCacheHas && groupAttributeValueCache2has && groupAttributeValueCache2type == 'translationScript'}", order: 78208}
+# provisioner.genericProvisioner.groupAttributeValueCache2translationScript =
+
+
+# Target group link - has groupAttributeValueCache3?
+# {valueType: "boolean", indent: 1, defaultValue: "false", subSection: "group2", showEl: "${operateOnGrouperGroups && groupAttributeValueCacheHas}", order: 78301}
+# provisioner.genericProvisioner.groupAttributeValueCache3has =
+
+# Target group link - groupAttributeValueCache3 source
+# {valueType: "string", indent: 2, required: true, subSection: "group2", showEl: "${operateOnGrouperGroups && groupAttributeValueCacheHas && groupAttributeValueCache3has}", order: 78302, formElement: "dropdown", optionValues: ["grouper", "target"]}
+# provisioner.genericProvisioner.groupAttributeValueCache3source =
+
+# Target group link - groupAttributeValueCache3 type
+# {valueType: "string", indent: 2, required: true, subSection: "group2", showEl: "${operateOnGrouperGroups && groupAttributeValueCacheHas && groupAttributeValueCache3has}", order: 78304, formElement: "dropdown", optionValues: ["groupAttribute", "groupObject", "translationScript"]}
+# provisioner.genericProvisioner.groupAttributeValueCache3type =
+
+# Target group link - groupAttributeValueCache3 groupAttribute
+# {valueType: "string", indent: 2, required: true, subSection: "group2", showEl: "${operateOnGrouperGroups && groupAttributeValueCacheHas && groupAttributeValueCache3has && groupAttributeValueCache3type == 'groupAttribute'}", order: 78306, formElement: "dropdown", optionValuesFromClass: "edu.internet2.middleware.grouper.app.provisioning.ProvisioningGroupAttributeDropdownOptions"}
+# provisioner.genericProvisioner.groupAttributeValueCache3groupAttribute =
+
+# Target group link - groupAttributeValueCache3 translationScript
+# {valueType: "string", indent: 2, required: true, subSection: "group2", showEl: "${operateOnGrouperGroups && groupAttributeValueCacheHas && groupAttributeValueCache3has && groupAttributeValueCache3type == 'translationScript'}", order: 78308}
+# provisioner.genericProvisioner.groupAttributeValueCache3translationScript =
+
+
+# group section 2 advanced options
+# {valueType: "boolean", defaultValue: "false", order: 79800, subSection: "group2", showEl: "${operateOnGrouperGroups}"}
+# provisioner.genericProvisioner.group2advanced =
+
+# groups require members
+# {valueType: "boolean", indent: 1, defaultValue: "false", order: 79800, subSection: "group2", showEl: "${operateOnGrouperGroups && group2advanced}"}
+# provisioner.genericProvisioner.groupsRequireMembers =
+
+# membership attribute name for entities
+# {valueType: "string", required: true, order: 80100, subSection: "entity2", showEl: "${operateOnGrouperEntities && provisioningType == 'entityAttributes'}", formElement: "dropdown", optionValuesFromClass: "edu.internet2.middleware.grouper.app.provisioning.ProvisioningEntityAttributeDropdownOptions"}
+# provisioner.genericProvisioner.entityMembershipAttributeName =
+
+# membership attribute value for entities
+# {valueType: "string", required: true, order: 80101, subSection: "entity2", showEl: "${operateOnGrouperEntities && provisioningType == 'entityAttributes'}", formElement: "dropdown", optionValuesFromClass: "edu.internet2.middleware.grouper.app.provisioning.ProvisioningGroupCacheDropdownOptions"}
+# provisioner.genericProvisioner.entityMembershipAttributeValue =
+
+# generally the matching attribute(s) are the same as the search attributes, but they can be different
+# {valueType: "boolean", defaultValue: "true", order: 80220, subSection: "entity2", showEl: "${operateOnGrouperEntities && (!customizeEntityCrud || selectEntities || (makeChangesToEntities && (insertEntities || updateEntities || deleteEntities)))}"}
+# provisioner.genericProvisioner.entityMatchingAttributeSameAsSearchAttribute =
+
+# how many entity matching attributes
+# {valueType: "integer", required: true, order: 80222, subSection: "entity2", showEl: "${operateOnGrouperEntities && (!customizeEntityCrud || selectEntities || (makeChangesToEntities && (insertEntities || updateEntities || deleteEntities)))}", formElement: "dropdown", optionValues: ["1", "2", "3"] }
+# provisioner.genericProvisioner.entityMatchingAttributeCount =
+
+# entity matching attribute 1
+# {valueType: "string", required: true, order: 80226, subSection: "entity2", showEl: "${operateOnGrouperEntities && (!customizeEntityCrud || selectEntities || (makeChangesToEntities && (insertEntities || updateEntities || deleteEntities))) && entityMatchingAttributeCount >= 1}", formElement: "dropdown", optionValuesFromClass: "edu.internet2.middleware.grouper.app.provisioning.ProvisioningEntityAttributeDropdownOptions" }
+# provisioner.genericProvisioner.entityMatchingAttribute0name =
+
+# entity matching attribute 2
+# {valueType: "string", required: true, order: 80230, subSection: "entity2", showEl: "${operateOnGrouperEntities && (!customizeEntityCrud || selectEntities || (makeChangesToEntities && (insertEntities || updateEntities || deleteEntities))) && entityMatchingAttributeCount >= 2}", formElement: "dropdown", optionValuesFromClass: "edu.internet2.middleware.grouper.app.provisioning.ProvisioningEntityAttributeDropdownOptions" }
+# provisioner.genericProvisioner.entityMatchingAttribute1name =
+
+# entity matching attribute 3
+# {valueType: "string", required: true, order: 80234, subSection: "entity2", showEl: "${operateOnGrouperEntities && (!customizeEntityCrud || selectEntities || (makeChangesToEntities && (insertEntities || updateEntities || deleteEntities))) && entityMatchingAttributeCount >= 3}", formElement: "dropdown", optionValuesFromClass: "edu.internet2.middleware.grouper.app.provisioning.ProvisioningEntityAttributeDropdownOptions" }
+# provisioner.genericProvisioner.entityMatchingAttribute2name =
+
+# how many entity search attributes
+# {valueType: "integer", required: true, order: 80250, subSection: "entity2", showEl: "${operateOnGrouperEntities && (!customizeEntityCrud || selectEntities || (makeChangesToEntities && (insertEntities || updateEntities || deleteEntities))) && !entityMatchingAttributeSameAsSearchAttribute}", formElement: "dropdown", optionValues: ["1", "2", "3"] }
+# provisioner.genericProvisioner.entitySearchAttributeCount =
+
+# entity search attribute 1
+# {valueType: "string", required: true, order: 80254, subSection: "entity2", showEl: "${operateOnGrouperEntities && (!customizeEntityCrud || selectEntities || (makeChangesToEntities && (insertEntities || updateEntities || deleteEntities))) && !entityMatchingAttributeSameAsSearchAttribute && entitySearchAttributeCount >= 1}", formElement: "dropdown", optionValuesFromClass: "edu.internet2.middleware.grouper.app.provisioning.ProvisioningEntityAttributeDropdownOptions" }
+# provisioner.genericProvisioner.entitySearchAttribute0name =
+
+# entity search attribute 2
+# {valueType: "string", required: true, order: 80258, subSection: "entity2", showEl: "${operateOnGrouperEntities && (!customizeEntityCrud || selectEntities || (makeChangesToEntities && (insertEntities || updateEntities || deleteEntities))) && !entityMatchingAttributeSameAsSearchAttribute && entitySearchAttributeCount >= 2}", formElement: "dropdown", optionValuesFromClass: "edu.internet2.middleware.grouper.app.provisioning.ProvisioningEntityAttributeDropdownOptions" }
+# provisioner.genericProvisioner.entitySearchAttribute1name =
+
+# entity search attribute 3
+# {valueType: "string", required: true, order: 80262, subSection: "entity2", showEl: "${operateOnGrouperEntities && (!customizeEntityCrud || selectEntities || (makeChangesToEntities && (insertEntities || updateEntities || deleteEntities))) && !entityMatchingAttributeSameAsSearchAttribute && entitySearchAttributeCount >= 3}", formElement: "dropdown", optionValuesFromClass: "edu.internet2.middleware.grouper.app.provisioning.ProvisioningEntityAttributeDropdownOptions" }
+# provisioner.genericProvisioner.entitySearchAttribute2name =
+
+
+# Target entity link - has entityAttributeValueCache?
+# {valueType: "boolean", defaultValue: "false", subSection: "entity2", showEl: "${operateOnGrouperEntities}", order: 80301}
+# provisioner.genericProvisioner.entityAttributeValueCacheHas =
+
+# Target entity link - has entityAttributeValueCache0?
+# {valueType: "boolean", indent: 1, defaultValue: "false", subSection: "entity2", showEl: "${operateOnGrouperEntities && entityAttributeValueCacheHas}", order: 80301}
+# provisioner.genericProvisioner.entityAttributeValueCache0has =
+
+# Target entity link - entityAttributeValueCache0 source
+# {valueType: "string", indent: 2, required: true, subSection: "entity2", showEl: "${operateOnGrouperEntities && entityAttributeValueCacheHas && entityAttributeValueCache0has}", order: 80302, formElement: "dropdown", optionValues: ["grouper", "target"]}
+# provisioner.genericProvisioner.entityAttributeValueCache0source =
+
+# Target entity link - entityAttributeValueCache0 type
+# {valueType: "string", indent: 2, required: true, subSection: "entity2", showEl: "${operateOnGrouperEntities && entityAttributeValueCacheHas && entityAttributeValueCache0has}", order: 80304, formElement: "dropdown", optionValues: ["entityAttribute", "entityObject", "subjectTranslationScript", "translationScript"]}
+# provisioner.genericProvisioner.entityAttributeValueCache0type =
+
+# Target entity link - entityAttributeValueCache0 entityAttribute
+# {valueType: "string", indent: 2, required: true, subSection: "entity2", showEl: "${operateOnGrouperEntities && entityAttributeValueCacheHas && entityAttributeValueCache0has && entityAttributeValueCache0type == 'entityAttribute'}", order: 80306, formElement: "dropdown", optionValuesFromClass: "edu.internet2.middleware.grouper.app.provisioning.ProvisioningEntityAttributeDropdownOptions"}
+# provisioner.genericProvisioner.entityAttributeValueCache0entityAttribute =
+
+# Target entity link - entityAttributeValueCache0 translationScript
+# {valueType: "string", indent: 2, required: true, subSection: "entity2", showEl: "${operateOnGrouperEntities && entityAttributeValueCacheHas && entityAttributeValueCache0has && (entityAttributeValueCache0type == 'translationScript' || entityAttributeValueCache0type == 'subjectTranslationScript')}", order: 80308}
+# provisioner.genericProvisioner.entityAttributeValueCache0translationScript =
+
+# Target entity link - Entity attribute value cache 0 auto-USDU. This should generally be left as the default (true), USDU should update the value of this cache item from the subject source.
+# {valueType: "boolean", indent: 2, defaultValue: "true", subSection: "entity2", showEl: "${operateOnGrouperEntities && entityAttributeValueCacheHas && entityAttributeValueCache0has}", order: 80309}
+# provisioner.genericProvisioner.entityAttributeValueCache0auto =
+
+
+
+# Target entity link - has entityAttributeValueCache1?
+# {valueType: "boolean", indent: 1, defaultValue: "false", subSection: "entity2", showEl: "${operateOnGrouperEntities && entityAttributeValueCacheHas}", order: 80401}
+# provisioner.genericProvisioner.entityAttributeValueCache1has =
+
+# Target entity link - entityAttributeValueCache1 source
+# {valueType: "string", indent: 2, required: true, subSection: "entity2", showEl: "${operateOnGrouperEntities && entityAttributeValueCacheHas && entityAttributeValueCache1has}", order: 80402, formElement: "dropdown", optionValues: ["grouper", "target"]}
+# provisioner.genericProvisioner.entityAttributeValueCache1source =
+
+# Target entity link - entityAttributeValueCache1 type
+# {valueType: "string", indent: 2, required: true, subSection: "entity2", showEl: "${operateOnGrouperEntities && entityAttributeValueCacheHas && entityAttributeValueCache1has}", order: 80404, formElement: "dropdown", optionValues: ["entityAttribute", "entityObject", "subjectTranslationScript", "translationScript"]}
+# provisioner.genericProvisioner.entityAttributeValueCache1type =
+
+# Target entity link - entityAttributeValueCache1 entityAttribute
+# {valueType: "string", indent: 2, required: true, subSection: "entity2", showEl: "${operateOnGrouperEntities && entityAttributeValueCacheHas && entityAttributeValueCache1has && entityAttributeValueCache1type == 'entityAttribute'}", order: 80406, formElement: "dropdown", optionValuesFromClass: "edu.internet2.middleware.grouper.app.provisioning.ProvisioningEntityAttributeDropdownOptions"}
+# provisioner.genericProvisioner.entityAttributeValueCache1entityAttribute =
+
+# Target entity link - entityAttributeValueCache1 translationScript
+# {valueType: "string", indent: 2, required: true, subSection: "entity2", showEl: "${operateOnGrouperEntities && entityAttributeValueCacheHas && entityAttributeValueCache1has && (entityAttributeValueCache1type == 'translationScript' || entityAttributeValueCache1type == 'subjectTranslationScript')}", order: 80408}
+# provisioner.genericProvisioner.entityAttributeValueCache1translationScript =
+
+# Target entity link - Entity attribute value cache 1 auto-USDU. This should generally be left as the default (true), USDU should update the value of this cache item from the subject source.
+# {valueType: "boolean", indent: 2, defaultValue: "true", subSection: "entity2", showEl: "${operateOnGrouperEntities && entityAttributeValueCacheHas && entityAttributeValueCache1has}", order: 80409}
+# provisioner.genericProvisioner.entityAttributeValueCache1auto =
+
+
+# Target entity link - has entityAttributeValueCache2?
+# {valueType: "boolean", indent: 1, defaultValue: "false", subSection: "entity2", showEl: "${operateOnGrouperEntities && entityAttributeValueCacheHas}", order: 80501}
+# provisioner.genericProvisioner.entityAttributeValueCache2has =
+
+# Target entity link - entityAttributeValueCache2 source
+# {valueType: "string", indent: 2, required: true, subSection: "entity2", showEl: "${operateOnGrouperEntities && entityAttributeValueCacheHas && entityAttributeValueCache2has}", order: 80502, formElement: "dropdown", optionValues: ["grouper", "target"]}
+# provisioner.genericProvisioner.entityAttributeValueCache2source =
+
+# Target entity link - entityAttributeValueCache2 type
+# {valueType: "string", indent: 2, required: true, subSection: "entity2", showEl: "${operateOnGrouperEntities && entityAttributeValueCacheHas && entityAttributeValueCache2has}", order: 80504, formElement: "dropdown", optionValues: ["entityAttribute", "entityObject", "subjectTranslationScript", "translationScript"]}
+# provisioner.genericProvisioner.entityAttributeValueCache2type =
+
+# Target entity link - entityAttributeValueCache2 entityAttribute
+# {valueType: "string", indent: 2, required: true, subSection: "entity2", showEl: "${operateOnGrouperEntities && entityAttributeValueCacheHas && entityAttributeValueCache2has && entityAttributeValueCache2type == 'entityAttribute'}", order: 80506, formElement: "dropdown", optionValuesFromClass: "edu.internet2.middleware.grouper.app.provisioning.ProvisioningEntityAttributeDropdownOptions"}
+# provisioner.genericProvisioner.entityAttributeValueCache2entityAttribute =
+
+# Target entity link - entityAttributeValueCache2 translationScript
+# {valueType: "string", indent: 2, required: true, subSection: "entity2", showEl: "${operateOnGrouperEntities && entityAttributeValueCacheHas && entityAttributeValueCache2has && (entityAttributeValueCache2type == 'translationScript' || entityAttributeValueCache2type == 'subjectTranslationScript')}", order: 80508}
+# provisioner.genericProvisioner.entityAttributeValueCache2translationScript =
+
+# Target entity link - Entity attribute value cache 2 auto-USDU. This should generally be left as the default (true), USDU should update the value of this cache item from the subject source.
+# {valueType: "boolean", indent: 2, defaultValue: "true", subSection: "entity2", showEl: "${operateOnGrouperEntities && entityAttributeValueCacheHas && entityAttributeValueCache2has}", order: 80509}
+# provisioner.genericProvisioner.entityAttributeValueCache2auto =
+
+
+# Target entity link - has entityAttributeValueCache3?
+# {valueType: "boolean", indent: 1, defaultValue: "false", subSection: "entity2", showEl: "${operateOnGrouperEntities && entityAttributeValueCacheHas}", order: 80601}
+# provisioner.genericProvisioner.entityAttributeValueCache3has =
+
+# Target entity link - entityAttributeValueCache3 source
+# {valueType: "string", indent: 2, required: true, subSection: "entity2", showEl: "${operateOnGrouperEntities && entityAttributeValueCacheHas && entityAttributeValueCache3has}", order: 80602, formElement: "dropdown", optionValues: ["grouper", "target"]}
+# provisioner.genericProvisioner.entityAttributeValueCache3source =
+
+# Target entity link - entityAttributeValueCache3 type
+# {valueType: "string", indent: 2, required: true, subSection: "entity2", showEl: "${operateOnGrouperEntities && entityAttributeValueCacheHas && entityAttributeValueCache3has}", order: 80604, formElement: "dropdown", optionValues: ["entityAttribute", "entityObject", "subjectTranslationScript", "translationScript"]}
+# provisioner.genericProvisioner.entityAttributeValueCache3type =
+
+# Target entity link - entityAttributeValueCache3 entityAttribute
+# {valueType: "string", indent: 2, required: true, subSection: "entity2", showEl: "${operateOnGrouperEntities && entityAttributeValueCacheHas && entityAttributeValueCache3has && entityAttributeValueCache3type == 'entityAttribute'}", order: 80606, formElement: "dropdown", optionValuesFromClass: "edu.internet2.middleware.grouper.app.provisioning.ProvisioningEntityAttributeDropdownOptions"}
+# provisioner.genericProvisioner.entityAttributeValueCache3entityAttribute =
+
+# Target entity link - entityAttributeValueCache3 translationScript
+# {valueType: "string", indent: 2, required: true, subSection: "entity2", showEl: "${operateOnGrouperEntities && entityAttributeValueCacheHas && entityAttributeValueCache3has && (entityAttributeValueCache3type == 'translationScript' || entityAttributeValueCache3type == 'subjectTranslationScript')}", order: 80608}
+# provisioner.genericProvisioner.entityAttributeValueCache3translationScript =
+
+# Target entity link - Entity attribute value cache 3 auto-USDU. This should generally be left as the default (true), USDU should update the value of this cache item from the subject source.
+# {valueType: "boolean", indent: 2, defaultValue: "true", subSection: "entity2", showEl: "${operateOnGrouperEntities && entityAttributeValueCacheHas && entityAttributeValueCache3has}", order: 80509}
+# provisioner.genericProvisioner.entityAttributeValueCache3auto =
+
+
+# entity section 2 advanced options
+# {valueType: "boolean", defaultValue: "false", order: 81000, subSection: "entity2", showEl: "${operateOnGrouperEntities}"}
+# provisioner.genericProvisioner.entity2advanced =
+
+# overall group of entities to provision. If not specified, then provision entities with any memberships optional
+# {valueType: "string", order: 81010, showEl: "${operateOnGrouperEntities && entity2advanced}", subSection: "entity2"}
+# provisioner.genericProvisioner.groupIdOfUsersToProvision =
+
+# optional override for subject identifier to sync to member sync table
+# {valueType: "string", order: 81020, showEl: "${operateOnGrouperEntities && entity2advanced}", formElement: "dropdown", optionValues: ["subjectIdentifier0", "subjectIdentifier1", "subjectIdentifier2"], subSection: "entity2"}
+# provisioner.genericProvisioner.subjectIdentifierForMemberSyncTable =
+
+# Show provisioning diagnostics
+# {valueType: "boolean", order: 82000, defaultValue: "false", subSection: "provisioningDiagnostics"}
+# provisioner.genericProvisioner.showProvisioningDiagnostics =
+
+# Select all groups during diagnostics
+# {valueType: "boolean", order: 82100, defaultValue: "false", subSection: "provisioningDiagnostics", showEl: "${showProvisioningDiagnostics}"}
+# provisioner.genericProvisioner.selectAllGroupsDuringDiagnostics =
+
+# Select all entities during diagnostics
+# {valueType: "boolean", order: 82200, defaultValue: "false", subSection: "provisioningDiagnostics", showEl: "${showProvisioningDiagnostics}"}
+# provisioner.genericProvisioner.selectAllEntitiesDuringDiagnostics =
+
+# Select all memberships during diagnostics
+# {valueType: "boolean", order: 82300, defaultValue: "false", subSection: "provisioningDiagnostics", showEl: "${showProvisioningDiagnostics}"}
+# provisioner.genericProvisioner.selectAllMembershipsDuringDiagnostics =
+
+# Test group name
+# {valueType: "string", order: 82400, subSection: "provisioningDiagnostics", showEl: "${showProvisioningDiagnostics}"}
+# provisioner.genericProvisioner.testGroupName =
+
+# create group during diagnostics
+# {valueType: "boolean", order: 82500, defaultValue: "false", subSection: "provisioningDiagnostics", showEl: "${showProvisioningDiagnostics}"}
+# provisioner.genericProvisioner.createGroupDuringDiagnostics =
+
+# delete group during diagnostics
+# {valueType: "boolean", order: 83000, defaultValue: "false", subSection: "provisioningDiagnostics", showEl: "${showProvisioningDiagnostics}"}
+# provisioner.genericProvisioner.deleteGroupDuringDiagnostics =
+
+# Test subject id or identifier
+# {valueType: "string", order: 84000, subSection: "provisioningDiagnostics", showEl: "${showProvisioningDiagnostics}"}
+# provisioner.genericProvisioner.testSubjectIdOrIdentifier =
+
+# create entity during diagnostics
+# {valueType: "boolean", order: 85000, defaultValue: "false", subSection: "provisioningDiagnostics", showEl: "${showProvisioningDiagnostics}"}
+# provisioner.genericProvisioner.createEntityDuringDiagnostics =
+
+# delete entity during diagnostics
+# {valueType: "boolean", order: 86000, defaultValue: "false", subSection: "provisioningDiagnostics", showEl: "${showProvisioningDiagnostics}"}
+# provisioner.genericProvisioner.deleteEntityDuringDiagnostics =
+
+# Show assigning provisioning
+# {valueType: "boolean", subSection: "assigningProvisioning", order: 86500, defaultValue: "false"}
+# provisioner.genericProvisioner.showAssigningProvisioning =
+
+# Group allowed to assign
+# {valueType: "string", subSection: "assigningProvisioning", order: 86550, showEl: "${showAssigningProvisioning}"}
+# provisioner.genericProvisioner.groupAllowedToAssign =
+
+# Group allowed to view
+# {valueType: "string", subSection: "assigningProvisioning", order: 86560, showEl: "${showAssigningProvisioning}"}
+# provisioner.genericProvisioner.groupAllowedToView =
+
+# Allow assignment only on one stem
+# {valueType: "boolean", subSection: "assigningProvisioning", defaultValue: "false", order: 86600, showEl: "${showAssigningProvisioning}"}
+# provisioner.genericProvisioner.allowAssignmentsOnlyOnOneStem =
+
+# Only provision policy groups
+# {valueType: "boolean", order: 86700, defaultValue: "false", subSection: "assigningProvisioning", showEl: "${showAssigningProvisioning}"}
+# provisioner.genericProvisioner.onlyProvisionPolicyGroups =
+
+# If you want a metadata item on folders for specifying if provision only policy groups
+# {valueType: "boolean", order: 86750, defaultValue: "true", subSection: "assigningProvisioning", showEl: "${showAssigningProvisioning}"}
+# provisioner.genericProvisioner.allowPolicyGroupOverride =
+
+# If you want to filter for groups in a provisionable folder by a regex on its name, specify here. If the regex matches then the group in the folder is provisionable. e.g. folderExtension matches ^.*_someExtension folderName matches ^.*_someExtension groupExtension matches ^.*_someExtension groupName matches ^.*_someExtension$
+# {valueType: "String", order: 86775, subSection: "assigningProvisioning", showEl: "${showAssigningProvisioning}"}
+# provisioner.genericProvisioner.provisionableRegex =
+
+# If you want a metadata item on folders for specifying regex of names of objects to provision
+# {valueType: "boolean", order: 86800, defaultValue: "true", subSection: "assigningProvisioning", showEl: "${showAssigningProvisioning}"}
+# provisioner.genericProvisioner.allowProvisionableRegexOverride =
+
+# Configure metadata
+# {valueType: "boolean", order: 86790, defaultValue: "false", subSection: "metadata"}
+# provisioner.genericProvisioner.configureMetadata =
+
+# number of metadata
+# {valueType: "integer", order: 86800, subSection: "metadata", defaultValue: "0", formElement: "dropdown", showEl: "${configureMetadata}", optionValues: ["1", "2", "3", "4", "5", "6", "7", "8", "9", "10", "11", "12", "13", "14", "15", "16", "17", "18", "19", "20"] }
+# provisioner.genericProvisioner.numberOfMetadata =
+
+# name of metadata item. This will be the name in the json attribute and can be assigned to a group, entity, or membership attribute.
+# this should be unique across metadata for this provisioner. Must start with md_
+# {valueType: "string", order: 86810, showEl: "${configureMetadata && numberOfMetadata > $i$}", repeatGroup: "metadata", repeatCount: 20}
+# provisioner.genericProvisioner.metadata.$i$.name =
+
+# if this metadata item should show when marking a folder as provisionable
+# {valueType: "boolean", order: 86840, defaultValue: "false", showEl: "${configureMetadata && numberOfMetadata > $i$}", repeatGroup: "metadata", repeatCount: 20}
+# provisioner.genericProvisioner.metadata.$i$.showForFolder =
+
+# if this metadata item should show when marking a group as provisionable
+# {valueType: "boolean", order: 86850, defaultValue: "false", showEl: "${configureMetadata && numberOfMetadata > $i$}", repeatGroup: "metadata", repeatCount: 20}
+# provisioner.genericProvisioner.metadata.$i$.showForGroup =
+
+# if this metadata item should show when marking a member (entity) as provisionable
+# {valueType: "boolean", order: 86860, defaultValue: "false", showEl: "${configureMetadata && numberOfMetadata > $i$}", repeatGroup: "metadata", repeatCount: 20}
+# provisioner.genericProvisioner.metadata.$i$.showForMember =
+
+# if this metadata item should show when marking a membership as provisionable
+# {valueType: "boolean", order: 86870, defaultValue: "false", showEl: "${configureMetadata && numberOfMetadata > $i$}", repeatGroup: "metadata", repeatCount: 20}
+# provisioner.genericProvisioner.metadata.$i$.showForMembership =
+
+# if this metadata item can be changed
+# {valueType: "boolean", order: 86871, defaultValue: "true", showEl: "${configureMetadata && numberOfMetadata > $i$}", repeatGroup: "metadata", repeatCount: 20}
+# provisioner.genericProvisioner.metadata.$i$.canChange =
+
+# if this metadata item can be affected once it's in target
+# {valueType: "boolean", order: 86872, defaultValue: "true", showEl: "${configureMetadata && numberOfMetadata > $i$}", repeatGroup: "metadata", repeatCount: 20}
+# provisioner.genericProvisioner.metadata.$i$.canUpdate =
+
+# value type from the web form
+# {valueType: "string", order: 86874, defaultValue: "string", showEl: "${configureMetadata && numberOfMetadata > $i$}", repeatGroup: "metadata", repeatCount: 20, formElement: "dropdown", optionValuesFromClass: "edu.internet2.middleware.grouper.app.provisioning.GrouperProvisioningObjectMetadataItemValueType" }
+# provisioner.genericProvisioner.metadata.$i$.valueType =
+
+# if this item is required
+# {valueType: "boolean", order: 86875, defaultValue: "false", showEl: "${configureMetadata && numberOfMetadata > $i$}", repeatGroup: "metadata", repeatCount: 20 }
+# provisioner.genericProvisioner.metadata.$i$.required =
+
+# default value of the metadata if the user does not enter anything
+# {valueType: "string", order: 86880, showEl: "${configureMetadata && numberOfMetadata > $i$ && !metadata.$i$.required}", repeatGroup: "metadata", repeatCount: 20 }
+# provisioner.genericProvisioner.metadata.$i$.defaultValue =
+
+# form element type for value
+# {valueType: "string", order: 86890, defaultValue: "text", showEl: "${configureMetadata && numberOfMetadata > $i$ && metadata.$i$.valueType != 'boolean'}", repeatGroup: "metadata", repeatCount: 20, formElement: "dropdown", optionValues: ["text", "textarea", "dropdown"] }
+# provisioner.genericProvisioner.metadata.$i$.formElementType =
+
+# comma-separated drop down values, escape commas in values with the hex code &#x2c;
+# {valueType: "string", order: 86900, showEl: "${configureMetadata && numberOfMetadata > $i$ && metadata.$i$.formElementType == 'dropdown'}", repeatGroup: "metadata", repeatCount: 20 }
+# provisioner.genericProvisioner.metadata.$i$.dropdownValues =
+
+# group id that can update this value
+# {valueType: "string", order: 86920, showEl: "${configureMetadata && numberOfMetadata > $i$}", repeatGroup: "metadata", repeatCount: 20 }
+# provisioner.genericProvisioner.metadata.$i$.groupIdThatCanView =
+
+# group id that can update this value
+# {valueType: "string", order: 86930, showEl: "${configureMetadata && numberOfMetadata > $i$}", repeatGroup: "metadata", repeatCount: 20 }
+# provisioner.genericProvisioner.metadata.$i$.groupIdThatCanUpdate =
+
+# Show failsafe options
+# {valueType: "boolean", order: 120000, defaultValue: "false", subSection: "failsafe"}
+# provisioner.genericProvisioner.showFailsafe =
+
+# If the loader should check to see too many users were removed, if so, then error out and
+# wait for manual intervention. This setting means have global defaults. If there are local settings
+# those will still be used.
+# {valueType: "string", order: 121000, formElement: "dropdown", subSection: "failsafe", showEl: "${showFailsafe}", optionValues: ["false", "true"]}
+# provisioner.genericProvisioner.failsafeUse =
+
+# if sending email on loader failsafe issues. Default to true if there are email addresses to send to
+# {valueType: "string", order: 122000, formElement: "dropdown", subSection: "failsafe", showEl: "${showFailsafe}", optionValues: ["false", "true"]}
+# provisioner.genericProvisioner.failsafeSendEmail =
+
+# If a group has a size less than this (default 200), then make changes including blanking it out.
+# if -1 then do not have a global default
+# {valueType: "integer", order: 123000, subSection: "failsafe", showEl: "${showFailsafe}"}
+# provisioner.genericProvisioner.failsafeMinGroupSize =
+
+# if a group with more members than the loader.failsafe.minGroupSize have more than this percent (default 30)
+# removed, then log it as error, fail the job, and don't actually remove the members
+# In order to run the job, an admin would need to change this param in the config,
+# and run the job manually, then change this config back.
+# if -1 then do not have a global max percent remove
+# {valueType: "integer", order: 124000, subSection: "failsafe", showEl: "${showFailsafe}"}
+# provisioner.genericProvisioner.failsafeMaxPercentRemove =
+
+# Only applicable if the number of managed groups (i.e. match the groupLikeString) that have
+# members in Grouper before the loader starts is at least this amount.
+# {valueType: "integer", order: 125000, subSection: "failsafe", showEl: "${showFailsafe}"}
+# provisioner.genericProvisioner.failsafeMinManagedGroups =
+
+# If the group list meets the criteria above and the percentage of groups that are managed by
+# the loader (i.e. match the groupLikeString) that currently have members in Grouper but
+# wouldn't after the job runs is greater than this percentage, then don't remove members,
+# log it as an error and fail the job. An admin would need to approve the failsafe or change this param in the config,
+# and run the job manually, then change this config back.
+# {valueType: "integer", order: 126000, subSection: "failsafe", showEl: "${showFailsafe}"}
+# provisioner.genericProvisioner.failsafeMaxOverallPercentGroupsRemove =
+
+# This does not work for grouper loader currently. If the group list meets the criteria above and the
+# percentage of memberships that are managed by
+# the loader (i.e. match the groupLikeString) that currently have members in Grouper but
+# wouldn't after the job runs is greater than this percentage, then don't remove members,
+# log it as an error and fail the job. An admin would need to approve the failsafe or change this param in the config,
+# and run the job manually, then change this config back.
+# {valueType: "integer", order: 127000, subSection: "failsafe", showEl: "${showFailsafe}"}
+# provisioner.genericProvisioner.failsafeMaxOverallPercentMembershipsRemove =
+
+# If the overall membership count of the job is less than this amount then trigger a failsafe (do not run the job).
+# -1 means disable this failsafe. There is no default value for this configuration.
+# {valueType: "integer", order: 128000, subSection: "failsafe", showEl: "${showFailsafe}"}
+# provisioner.genericProvisioner.failsafeMinOverallNumberOfMembers =
+
+# Show error handling options
+# {valueType: "boolean", order: 130000, defaultValue: "false", subSection: "errorHandling"}
+# provisioner.genericProvisioner.errorHandlingShow =
+
+# If the full or incremental provisioner should have a ERROR if there is an error in a group / entity / membership
+# {valueType: "boolean", order: 130010, defaultValue: "true", subSection: "errorHandling", showEl: "${errorHandlingShow}"}
+# provisioner.genericProvisioner.errorHandlingProvisionerDaemonShouldFailOnObjectError =
+
+# Object errors will be logged, at least a handful of each type
+# {valueType: "boolean", order: 130020, defaultValue: "true", subSection: "errorHandling", showEl: "${errorHandlingShow}"}
+# provisioner.genericProvisioner.errorHandlingLogErrors =
+
+# Object errors will be logged, at least a handful of each type
+# {valueType: "integer", order: 130030, defaultValue: "5", subSection: "errorHandling", showEl: "${errorHandlingShow && errorHandlingLogErrors}"}
+# provisioner.genericProvisioner.errorHandlingLogCountPerType =
+
+# If invalid data counts as an error. Data is invalid if it is the wrong type or fails a validation
+# {valueType: "boolean", order: 130040, defaultValue: "true", subSection: "errorHandling", showEl: "${errorHandlingShow}"}
+# provisioner.genericProvisioner.errorHandlingInvalidDataIsAnError =
+
+# If attribute length validation counts as an error. This happens when there is a max length on an attribute and the data is too long
+# {valueType: "boolean", order: 130050, defaultValue: "true", subSection: "errorHandling", showEl: "${errorHandlingShow}"}
+# provisioner.genericProvisioner.errorHandlingLengthValidationIsAnError =
+
+# If required but missing attributes count as an error. Attribute can be marked as required, if they are blank then this problem happens
+# {valueType: "boolean", order: 130060, defaultValue: "true", subSection: "errorHandling", showEl: "${errorHandlingShow}"}
+# provisioner.genericProvisioner.errorHandlingRequiredValidationIsAnError =
+
+# If the grouper translated objects match to multiple target objects on the same attribute, then this problem happens
+# {valueType: "boolean", order: 130065, defaultValue: "true", subSection: "errorHandling", showEl: "${errorHandlingShow}"}
+# provisioner.genericProvisioner.errorHandlingMatchingValidationIsAnError =
+
+# If missing object in target counts as an error. If the object is missing from the target and cannot be created this this problem happens
+# {valueType: "boolean", order: 130070, defaultValue: "true", subSection: "errorHandling", showEl: "${errorHandlingShow}"}
+# provisioner.genericProvisioner.errorHandlingTargetObjectDoesNotExistIsAnError =
+
+# Show advanced options
+# {valueType: "boolean", order: 137000, defaultValue: "false", subSection: "advanced"}
+# provisioner.genericProvisioner.showAdvanced =
+
+# Thread pool size
+# {valueType: "integer", order: 137500, defaultValue: "5", subSection: "advanced", showEl: "${showAdvanced}"}
+# provisioner.genericProvisioner.threadPoolSize =
+
+# Can full sync
+# {valueType: "boolean", order: 138000, defaultValue: "true", subSection: "advanced", showEl: "${showAdvanced}"}
+# provisioner.genericProvisioner.canFullSync =
+
+
+# if the target should be checked before sending actions. e.g. if an addMember is made to a provisionable group, then check the target to see if the entity is already a member first.
+# {valueType: "boolean", order: 139000, defaultValue: "false", subSection: "advanced", showEl: "${showAdvanced}"}
+# provisioner.genericProvisioner.recalculateAllOperations =
+
+# if recalcing, see if user exists in target and only add if they exist
+# {valueType: "boolean", order: 139050, defaultValue: "false", subSection: "advanced", showEl: "${showAdvanced && recalculateAllOperations}"}
+# provisioner.genericProvisioner.onlyAddMembershipsIfUserExistsInTarget =
+
+# enable debug log
+# {valueType: "boolean", subSection: "advanced", defaultValue: "false", order: 139100, showEl: "${showAdvanced}"}
+# provisioner.genericProvisioner.debugLog =
+
+# log all objects verbose
+# {valueType: "boolean", subSection: "advanced", defaultValue: "false", order: 139100, showEl: "${showAdvanced}"}
+# provisioner.genericProvisioner.logAllObjectsVerbose =
+
+# log all objects verbose to log file
+# {valueType: "boolean", indent: 1, subSection: "advanced", defaultValue: "true", order: 139101, showEl: "${showAdvanced && logAllObjectsVerbose}"}
+# provisioner.genericProvisioner.logAllObjectsVerboseToLogFile =
+
+# log all objects verbose to daemon DB log
+# {valueType: "boolean", indent: 1, subSection: "advanced", defaultValue: "true", order: 139102, showEl: "${showAdvanced && logAllObjectsVerbose}"}
+# provisioner.genericProvisioner.logAllObjectsVerboseToDaemonDbLog =
+
+# keep a log of all commands, and then log to the log file
+# {valueType: "boolean", subSection: "advanced", defaultValue: "false", order: 139130, showEl: "${showAdvanced}"}
+# provisioner.genericProvisioner.logCommandsAlways =
+
+# keep a log of all commands, and if there is an error and if so then log to the log file
+# {valueType: "boolean", indent: 1, subSection: "advanced", defaultValue: "false", order: 139160, showEl: "${showAdvanced && !logCommandsAlways}"}
+# provisioner.genericProvisioner.logCommandsOnError =
+
+# when there is an error, log max this many of each time (to avoid filling up the logs with redundant entries)
+# {valueType: "integer", subSection: "advanced", defaultValue: "10", order: 139180, showEl: "${showAdvanced}"}
+# provisioner.genericProvisioner.logMaxErrorsPerType =
+
+# if the target should be checked before sending actions. e.g. if an addMember is made to a provisionable
+# group, then check the target to see if the entity is already a member first.
+# default to provisionerDefault.membershipsConvertToGroupSyncThreshold = 500
+# {valueType: "integer", order: 139200, subSection: "advanced", showEl: "${showAdvanced}"}
+# provisioner.genericProvisioner.membershipsConvertToGroupSyncThreshold =
+
+# In incremental processing, each provisionable group/entity to sync memberships counts as 10,
+# each provisionable membership to sync counts as 1. If the total score is more than this number,
+# it will convert the incrementals to a a full sync. e.g. 10000 individual memberships to sync
+# (and not more than 500 in a single group), or 1000 groups to sync, or a combination.
+# -1 means do not convert to full sync
+# default to provisionerDefault.scoreConvertToFullSyncThreshold = 10000
+# {valueType: "integer", order: 139300, subSection: "advanced", showEl: "${showAdvanced}"}
+# provisioner.genericProvisioner.scoreConvertToFullSyncThreshold =
+
+# Read only
+# {valueType: "boolean", subSection: "advanced", defaultValue: "false", order: 139400, showEl: "${showAdvanced}"}
+# provisioner.genericProvisioner.readOnly =
+
+# refresh target group link if less than this amount
+# {valueType: "integer", defaultValue: 20, subSection: "advanced", showEl: "${operateOnGrouperGroups && hasTargetGroupLink && showAdvanced}", order: 139500}
+# provisioner.genericProvisioner.refreshGroupLinkIfLessThanAmount =
+
+# refresh subject link if less than this amount
+# {valueType: "integer", defaultValue: 20, showEl: "${operateOnGrouperEntities && showAdvanced}", order: 140000, subSection: "advanced"}
+# provisioner.genericProvisioner.refreshSubjectLinkIfLessThanAmount =
+
+# refresh target user link if less than this amount
+# {valueType: "integer", defaultValue: 20, showEl: "${hasTargetEntityLink && operateOnGrouperEntities && showAdvanced}", order: 145000, subSection: "advanced"}
+# provisioner.genericProvisioner.refreshEntityLinkIfLessThanAmount =
+
+# Add disabled full sync daemon?
+# {valueType: "boolean", subSection: "advanced", defaultValue: "false", order: 154000, showEl: "${showAdvanced}"}
+# provisioner.genericProvisioner.addDisabledFullSyncDaemon =
+
+# Add disabled incremental sync daemon?
+# {valueType: "boolean", subSection: "advanced", defaultValue: "false", order: 155000, showEl: "${showAdvanced}"}
+# provisioner.genericProvisioner.addDisabledIncrementalSyncDaemon =
+
+# Unresolvable subjects - remove unresolvable subjects
+# {valueType: "boolean", subSection: "advanced", defaultValue: "false", order: 156000, showEl: "${showAdvanced}"}
+# provisioner.genericProvisioner.unresolvableSubjectsRemove =
+
+# Unresolvable subjects - insert if not resolvable
+# {valueType: "boolean", subSection: "advanced", defaultValue: "false", order: 157000, showEl: "${showAdvanced && !unresolvableSubjectsRemove}"}
+# provisioner.genericProvisioner.unresolvableSubjectsInsert =
+
+########################################
+## box provisioner
+########################################
+
+# Generic provisioner key suffixes based on regex (comma separated) to ignore for box provisioner. delimiter is "," and U+002C is part of regex and substitute for comma
+# {valueType: "string"}
+# provisionerPropertiesToIgnore.GrouperBoxProvisioner.keySuffixRegexes =
+
+# Subsections to ignore for box provisioner
+# {valueType: "string"}
+# provisionerPropertiesToIgnore.GrouperBoxProvisioner.subsections = group,user
+
+# provisioner class
+# {valueType: "class", required: true, readOnly: true, order: 10}
+# provisioner.myBoxProvisioner.class = edu.internet2.middleware.grouper.app.boxProvisioner.GrouperBoxProvisioner
+
+# this is the box external system config id
+# {valueType: "string", required: true, order: 20, formElement: "dropdown", optionValuesFromClass: "edu.internet2.middleware.grouper.app.boxProvisioner.BoxGrouperExternalSystem"}
+# provisioner.myBoxProvisioner.boxExternalSystemConfigId =
+
+# number of attributes for memberships
+# {valueType: "integer", order: 5701, subSection: "membership", defaultValue: "0", showEl:"${false}", formElement: "dropdown", optionValues: ["1", "2", "3", "4", "5", "6", "7", "8", "9", "10", "11", "12", "13", "14", "15", "16", "17", "18", "19", "20"] }
+# provisioner.myBoxProvisioner.numberOfMembershipAttributes =
+
+# Name of the attribute
+# {valueType: "string", order: 61000, required: true, showEl: "${operateOnGrouperEntities && numberOfEntityAttributes > $i$}", formElement: "dropdown", optionValues: ["canSeeManagedUsers", "id", "login", "name", "isExemptFromDeviceLimits", "isExemptFromLoginVerification", "isExternalCollabRestricted", "isPlatformAccessOnly", "isSyncEnabled", "maxUploadSize", "role", "spaceAmount", "spaceUsed", "status", "type"], repeatGroup: "targetEntityAttribute", repeatCount: 20}
+# provisioner.myBoxProvisioner.targetEntityAttribute.$i$.name =
+
+# Name of the attribute
+# {valueType: "string", order: 21000, required: true, showEl: "${operateOnGrouperGroups && numberOfGroupAttributes > $i$}", formElement: "dropdown", optionValues: ["canInviteAsCollaborator", "description", "externalSyncIdentifier", "groupType", "id", "invitabilityLevel", "memberViewabilityLevel", "name", "provenance", "type"], repeatGroup: "targetGroupAttribute", repeatCount: 20}
+# provisioner.myBoxProvisioner.targetGroupAttribute.$i$.name =
+
+########################################
+## ldap provisioner
+########################################
+
+# provisioner class
+# {valueType: "class", required: true, readOnly: true, order: 10}
+# provisioner.myLdapProvisioner.class = edu.internet2.middleware.grouper.app.ldapProvisioning.LdapSync
+
+# this is the ldap external system config id
+# {valueType: "string", required: true, order: 20, formElement: "dropdown", optionValuesFromClass: "edu.internet2.middleware.grouper.app.externalSystem.LdapGrouperExternalSystem"}
+# provisioner.myLdapProvisioner.ldapExternalSystemConfigId =
+
+# groupAttributes: group ldap object has attribute to hold memberships.
+# entityAttributes: user ldap object has attribute to hold memberships
+# {valueType: "string", required: true, order: 1000, subSection: "membership", showEl: "${operateOnGrouperMemberships}", formElement: "dropdown", optionValues: ["groupAttributes", "entityAttributes"]}
+# provisioner.myLdapProvisioner.provisioningType =
+
+# number of attributes for memberships
+# {valueType: "integer", order: 5701, subSection: "membership", defaultValue: "0", showEl:"${false}", formElement: "dropdown", optionValues: ["1", "2", "3", "4", "5", "6", "7", "8", "9", "10", "11", "12", "13", "14", "15", "16", "17", "18", "19", "20"] }
+# provisioner.myLdapProvisioner.numberOfMembershipAttributes =
+
+# where users are
+# {valueType: "string", subSection: "entity", order: 58010, showEl: "${operateOnGrouperEntities && provisioningType == 'entityAttributes' || hasTargetEntityLink}"}
+# provisioner.myLdapProvisioner.userSearchBaseDn =
+
+# how to find a user
+# {valueType: "string", subSection: "entity", order: 58020, showEl: "${operateOnGrouperEntities && provisioningType == 'entityAttributes' || hasTargetEntityLink}"}
+# provisioner.myLdapProvisioner.userSearchFilter =
+
+# filter users when searching all
+# {valueType: "string", subSection: "entity", order: 58030, showEl: "${operateOnGrouperEntities && provisioningType == 'entityAttributes' || hasTargetEntityLink}"}
+# provisioner.myLdapProvisioner.userSearchAllFilter =
+
+# group search base dn, this is below the ldap connection base dn which is in the external system url. e.g. ou=Groups,dc=example,dc=edu
+# {valueType: "string", subSection: "group", order: 18600, showEl: "${ operateOnGrouperGroups && (provisioningType == 'groupAttributes' || hasTargetGroupLink) && !onlyLdapGroupDnOverride}"}
+# provisioner.myLdapProvisioner.groupSearchBaseDn =
+
+# find a single group. You can use the variable 'targetGroup'. e.g. (gidNumber=${targetGroup.retrieveAttributeValue('gidNumber')})
+# e.g. (dn=${targetGroup.getName()})
+# {valueType: "string", subSection: "group", order: 18650, showEl: "${ operateOnGrouperGroups && (provisioningType == 'groupAttributes' || hasTargetGroupLink) }"}
+# provisioner.myLdapProvisioner.groupSearchFilter =
+
+# find all groups. e.g. (objectClass=posixGroup)
+# e.g. (objectClass=groupOfNames)
+# {valueType: "string", subSection: "group", order: 18700, showEl: "${ operateOnGrouperGroups && (provisioningType == 'groupAttributes' || hasTargetGroupLink) && !onlyLdapGroupDnOverride }"}
+# provisioner.myLdapProvisioner.groupSearchAllFilter =
+
+# If you want a metadata item on groups to allow a DN override
+# {valueType: "boolean", order: 18720, defaultValue: "false", subSection: "group", showEl: "${operateOnGrouperGroups && provisioningType == 'groupAttributes'}"}
+# provisioner.myLdapProvisioner.allowLdapGroupDnOverride =
+
+# If you are only doing DN overrides
+# {valueType: "boolean", order: 18721, defaultValue: "false", subSection: "group", showEl: "${operateOnGrouperGroups && provisioningType == 'groupAttributes' && allowLdapGroupDnOverride}"}
+# provisioner.myLdapProvisioner.onlyLdapGroupDnOverride =
+
+# when doing flat or bushy provisioning, this is the ldap "group" rdn, defaults to "cn"
+# {valueType: "string", subSection: "group2", order: 77100, defaultValue: "cn", showEl: "${ operateOnGrouperGroups && provisioningType == 'groupAttributes'}", formElement: "dropdown", optionValuesFromClass: "edu.internet2.middleware.grouper.app.provisioning.ProvisioningGroupAttributeDropdownOptions"}
+# provisioner.myLdapProvisioner.groupRdnAttribute =
+
+# when adding users, this is the rdn of the dn (e.g. uid if dn is uid=123,ou=users,ou...)
+# {valueType: "string", subSection: "entity2", order: 80150, showEl: "${ operateOnGrouperEntities && makeChangesToEntities && (!customizeEntityCrud || insertEntities)}", formElement: "dropdown", optionValuesFromClass: "edu.internet2.middleware.grouper.app.provisioning.ProvisioningEntityAttributeDropdownOptions"}
+# provisioner.myLdapProvisioner.userRdnAttribute =
+
+# bushy makes an ou for each folder and cn is extension. flat is cn is group name
+# {valueType: "string", subSection: "group", order: 18750, required: true, formElement: "dropdown", optionValues: ["bushy", "flat"], showEl: "${ operateOnGrouperGroups && provisioningType == 'groupAttributes' && !onlyLdapGroupDnOverride}"}
+# provisioner.myLdapProvisioner.groupDnType =
+
+# when doing bushy provisioning, this is the ldap "folder" rdn, defaults to "ou"
+# {valueType: "string", subSection: "group", order: 18760, defaultValue: "ou", showEl: "${ operateOnGrouperGroups && provisioningType == 'groupAttributes' && groupDnType == 'bushy'}"}
+# provisioner.myLdapProvisioner.folderRdnAttribute =
+
+# bushy makes an ou for each folder these are the object classes that will be set on creation for the folder, e.g. top, organizationalUnit
+# {valueType: "string", subSection: "group", order: 18770, defaultValue: "top, organizationalUnit", showEl: "${ operateOnGrouperGroups && provisioningType == 'groupAttributes' && groupDnType == 'bushy'}", multiple: true}
+# provisioner.myLdapProvisioner.folderObjectClasses =
+
+########################################
+## sql provisioner
+########################################
+
+# provisioner class
+# {valueType: "class", required: true, readOnly: true, order: 10}
+# provisioner.someSqlProvisioner.class = edu.internet2.middleware.grouper.app.sqlProvisioning.SqlProvisioner
+
+# this is the sql external system config id
+# {valueType: "string", order: 20, required: true, formElement: "dropdown", optionValuesFromClass: "edu.internet2.middleware.grouper.app.loader.db.DatabaseGrouperExternalSystem"}
+# provisioner.someSqlProvisioner.dbExternalSystemConfigId =
+
+# Last modified column type. This is the database column type. The attribute in the representation is long always. This must exist for all tables being provisioned.
+# {valueType: "string", order: 76050, subSection: "general2", formElement: "dropdown", optionValues: ["long", "timestamp"]}
+# provisioner.someSqlProvisioner.sqlLastModifiedColumnType =
+
+# Last modified column name e.g. last_modified. In the database, this is either a timestamp or millis since 1970. It's always increasing. This must exist for all tables being provisioned.
+# {valueType: "string", order: 76100, required: true, subSection: "general2", showEl: "${sqlLastModifiedColumnType != null}"}
+# provisioner.someSqlProvisioner.sqlLastModifiedColumnName =
+
+# Deleted column name. If it's there, it must be of type that can store 'T' or 'F'. This must exist for all tables being provisioned. This column must be required and never null.
+# {valueType: "string", order: 76200, subSection: "general2"}
+# provisioner.someSqlProvisioner.sqlDeletedColumnName =
+
+# users table to query to lookup users required if hasTargetEntityLink
+# {valueType: "string", order: 49010, subSection: "entity", showEl: "${ operateOnGrouperEntities && (!customizeEntityCrud || selectEntities) }"}
+# provisioner.someSqlProvisioner.userTableName =
+
+# users table primary key column of user table
+# {valueType: "string", order: 80995, subSection: "entity2", showEl: "${operateOnGrouperEntities && (!customizeEntityCrud || selectEntities) }", formElement: "dropdown", optionValuesFromClass: "edu.internet2.middleware.grouper.app.provisioning.ProvisioningEntityAttributeDropdownOptions"}
+# provisioner.someSqlProvisioner.userPrimaryKey =
+
+# if this is more complicated than just a simple select, put the query here optional, select * from users where ...
+# {valueType: "string", order: 81007, subSection: "entity2", showEl: "${operateOnGrouperEntities && (!customizeEntityCrud || selectEntities) && entity2Advanced}"}
+# provisioner.someSqlProvisioner.userSearchQuery =
+
+# memberships table where memberships go. include schema name if necessary
+# {valueType: "string", required: true, order: 5605, subSection: "membership", showEl: "${operateOnGrouperMemberships && provisioningType == 'membershipObjects' }"}
+# provisioner.someSqlProvisioner.membershipTableName =
+
+# column from membership table which is the foreign key to the group table
+# {valueType: "string", required: false, order: 78050, subSection: "membership2", showEl: "${operateOnGrouperMemberships && provisioningType == 'membershipObjects' && operateOnGrouperGroups && (!customizeGroupCrud || selectGroups) }", formElement: "dropdown", optionValuesFromClass: "edu.internet2.middleware.grouper.app.provisioning.ProvisioningMembershipAttributeDropdownOptions"}
+# provisioner.someSqlProvisioner.membershipGroupForeignKeyColumn =
+
+# column from membership table which is the foreign key to the entity table
+# {valueType: "string", required: false, order: 78051, subSection: "membership2", showEl: "${operateOnGrouperMemberships && provisioningType == 'membershipObjects' && operateOnGrouperEntities && (!customizeEntityCrud || selectEntities) }", formElement: "dropdown", optionValuesFromClass: "edu.internet2.middleware.grouper.app.provisioning.ProvisioningMembershipAttributeDropdownOptions"}
+# provisioner.someSqlProvisioner.membershipEntityForeignKeyColumn =
+
+# if this is more complicated than just a simple select, put the query here optional, select * from memberships where ...
+# {valueType: "string", order: 5630, subSection: "membership", showEl: "${operateOnGrouperMemberships && provisioningType == 'membershipObjects' && membershipAdvancedOptions}"}
+# provisioner.someSqlProvisioner.membershipSearchQuery =
+
+# groups table to query to lookup users required if hasTargetEntityLink
+# {valueType: "string", subSection: "group", order: 15010, showEl: "${operateOnGrouperGroups }"}
+# provisioner.someSqlProvisioner.groupTableName =
+
+# groups table primary key column of group table
+# {valueType: "string", subSection: "group2", order: 79400, showEl: "${operateOnGrouperGroups }", formElement: "dropdown", optionValuesFromClass: "edu.internet2.middleware.grouper.app.provisioning.ProvisioningGroupAttributeDropdownOptions"}
+# provisioner.someSqlProvisioner.groupTableIdColumn =
+
+# Use separate table for group attributes
+# {valueType: "boolean", order: 15041, defaultValue: "false", subSection: "group", showEl: "${operateOnGrouperGroups}"}
+# provisioner.someSqlProvisioner.useSeparateTableForGroupAttributes =
+
+# table to store group attributes
+# {valueType: "string", indent: 1, subSection: "group", order: 15042, showEl: "${operateOnGrouperGroups && useSeparateTableForGroupAttributes}"}
+# provisioner.someSqlProvisioner.groupAttributesTableName =
+
+# column from group table which is the foreign key in the group attribute table. Include schema name if necessary.
+# {valueType: "string", indent: 1, subSection: "group", order: 15043, showEl: "${operateOnGrouperGroups && useSeparateTableForGroupAttributes}"}
+# provisioner.someSqlProvisioner.groupAttributesGroupForeignKeyColumn =
+
+# name of the column in group attribute table that will store attribute names. Include schema name if necessary.
+# {valueType: "string", indent: 1, subSection: "group", defaultValue: "attribute_name", order: 15044, showEl: "${operateOnGrouperGroups && useSeparateTableForGroupAttributes}"}
+# provisioner.someSqlProvisioner.groupAttributesAttributeNameColumn =
+
+# name of the column in group attribute table that will store attribute values. Include schema name if necessary.
+# {valueType: "string", indent: 1, subSection: "group", order: 15045, defaultValue: "attribute_value", showEl: "${operateOnGrouperGroups && useSeparateTableForGroupAttributes}"}
+# provisioner.someSqlProvisioner.groupAttributesAttributeValueColumn =
+
+# if this is more complicated than just a simple select, put the query here optional, select * from groups where ...
+# {valueType: "string", indent: 1, subSection: "group2", order: 79912, showEl: "${operateOnGrouperGroups && group2advanced }"}
+# provisioner.someSqlProvisioner.groupSearchQuery =
+
+# Storage type
+# {valueType: "string", order: 20001, required: true, showEl: "${operateOnGrouperGroups && numberOfGroupAttributes > $i$ && useSeparateTableForGroupAttributes}", formElement: "dropdown", optionValues: ["groupTableColumn", "separateAttributesTable"], repeatGroup: "targetGroupAttribute", repeatCount: 20}
+# provisioner.someSqlProvisioner.targetGroupAttribute.$i$.storageType =
+
+
+# Use separate table for entity attributes
+# {valueType: "boolean", order: 49011, defaultValue: "false", subSection: "entity", showEl: "${operateOnGrouperEntities && (!customizeEntityCrud || selectEntities) }"}
+# provisioner.someSqlProvisioner.useSeparateTableForEntityAttributes =
+
+# table to store entity attributes
+# {valueType: "string", indent: 1, subSection: "entity", order: 49012, showEl: "${operateOnGrouperEntities && useSeparateTableForEntityAttributes}"}
+# provisioner.someSqlProvisioner.entityAttributesTableName =
+
+# column from entity table which is the foreign key in the entity attribute table. Include schema name if necessary.
+# {valueType: "string", indent: 1, subSection: "entity", order: 49013, showEl: "${operateOnGrouperEntities && useSeparateTableForEntityAttributes}"}
+# provisioner.someSqlProvisioner.entityAttributesEntityForeignKeyColumn =
+
+# name of the column in entity attribute table that will store attribute names. Include schema name if necessary.
+# {valueType: "string", indent: 1, subSection: "entity", defaultValue: "attribute_name", order: 49014, showEl: "${operateOnGrouperEntities && useSeparateTableForEntityAttributes}"}
+# provisioner.someSqlProvisioner.entityAttributesAttributeNameColumn =
+
+# name of the column in entity attribute table that will store attribute values. Include schema name if necessary.
+# {valueType: "string", indent: 1, subSection: "entity", order: 49015, defaultValue: "attribute_value", showEl: "${operateOnGrouperEntities && useSeparateTableForEntityAttributes}"}
+# provisioner.someSqlProvisioner.entityAttributesAttributeValueColumn =
+
+# Storage type
+# {valueType: "string", order: 60001, required: true, showEl: "${operateOnGrouperEntities && numberOfEntityAttributes > $i$ && useSeparateTableForEntityAttributes}", formElement: "dropdown", optionValues: ["entityTableColumn", "separateAttributesTable"], repeatGroup: "targetEntityAttribute", repeatCount: 20}
+# provisioner.someSqlProvisioner.targetEntityAttribute.$i$.storageType =
+
+########################################
+## scim provisioner
+########################################
+
+# provisioner class
+# {valueType: "class", required: true, readOnly: true, order: 10}
+# provisioner.myScimProvisioner.class = edu.internet2.middleware.grouper.app.scim2Provisioning.GrouperScim2Provisioner
+
+# bearer token external system id
+# {valueType: "string", required: true, order: 20, formElement: "dropdown", optionValuesFromClass: "edu.internet2.middleware.grouper.app.externalSystem.WsBearerTokenExternalSystem"}
+# provisioner.myScimProvisioner.bearerTokenExternalSystemConfigId =
+
+# {valueType: "string", required: true, order: 25, formElement: "dropdown", optionValues: ["AWS", "Github", "generic"]}
+# provisioner.myScimProvisioner.scimType =
+
+# accept header. For github use "application/vnd.github.v3+json"
+# {valueType: "string", required: false, readOnly: false, order: 30, showEl: "${scimType != 'AWS'}"}
+# provisioner.myScimProvisioner.acceptHeader =
+
+
+# {valueType: "string", required: true, order: 1000, subSection: "membership", showEl: "${operateOnGrouperMemberships}", readOnly: true}
+# provisioner.myScimProvisioner.provisioningType = membershipObjects
+
+# Select memberships
+# {valueType: "string", readOnly: true, order: 1500, subSection: "membership", showEl: "${operateOnGrouperMemberships}"}
+# provisioner.myScimProvisioner.selectMemberships = false
+
+# Replace memberships
+# {valueType: "boolean", order: 2491, defaultValue: "false", subSection: "membership", showEl: "${operateOnGrouperMemberships}"}
+# provisioner.myScimProvisioner.replaceMemberships =
+
+# Update groups
+# {valueType: "string", readOnly: true, order: 11500, subSection: "group", showEl: "${operateOnGrouperGroups}"}
+# provisioner.myScimProvisioner.updateGroups = false
+
+# number of attributes for memberships
+# {valueType: "integer", order: 5701, subSection: "membership", defaultValue: "0", showEl:"${false}", formElement: "dropdown", optionValues: ["1", "2", "3", "4", "5", "6", "7", "8", "9", "10", "11", "12", "13", "14", "15", "16", "17", "18", "19", "20"] }
+# provisioner.myScimProvisioner.numberOfMembershipAttributes =
+
+# Name of the attribute
+# {valueType: "string", order: 21000, required: true, showEl: "${operateOnGrouperGroups && numberOfGroupAttributes > $i$}", formElement: "dropdown", optionValues: ["displayName", "id"], repeatGroup: "targetGroupAttribute", repeatCount: 20}
+# provisioner.myScimProvisioner.targetGroupAttribute.$i$.name =
+
+# Name of the attribute
+# {valueType: "string", order: 61000, required: true, showEl: "${operateOnGrouperEntities && numberOfEntityAttributes > $i$}", formElement: "dropdown", optionValues: ["costCenter", "displayName", "emailType", "emailValue", "employeeNumber", "externalId", "familyName", "formattedName", "givenName", "id", "middleName", "userName", "userType"], repeatGroup: "targetEntityAttribute", repeatCount: 20}
+# provisioner.myScimProvisioner.targetEntityAttribute.$i$.name =
+
+##############
+## Zoom
+##############
+
+
+# endpoint of zoom including the version
+# {valueType: "string", defaultValue: "https://api.zoom.us/v2"}
+# zoom.myConfigId.endpoint = https://api.zoom.us/v2
+
+# zoom jwt api key
+# {valueType: "string"}
+# zoom.myConfigId.jwtApiKey =
+
+# zoom jwt api key
+# {valueType: "password", sensitive: true}
+# zoom.myConfigId.jwtApiSecretPassword =
+
+# cache jwt for minutes, must be at least 2, or could be 0 to not cache. If it is 1 it will be changed to 2.
+# {valueType: "integer", defaultValue: "30"}
+# zoom.myConfigId.cacheJwtForMinutes = 30
+
+# master account id (used in custom ui)
+# {valueType: "string"}
+# zoom.myConfigId.masterAccountId =
+
+# page size when retrieving members, max is 300
+# {valueType: "integer", defaultValue: "300"}
+# zoom.myConfigId.pageSizeMemberships = 300
+
+# base folder
+# {valueType: "string"}
+# zoom.myConfigId.folderToProvision =
+
+# if provisioning groups should remove only
+# {valueType: "boolean", defaultValue: "false"}
+# zoom.myConfigId.groupProvisionRemoveOnly =
+
+# base folder
+# {valueType: "string"}
+# zoom.myConfigId.roleFolderToProvision =
+
+# if provisioning roles should remove only
+# {valueType: "boolean", defaultValue: "false"}
+# zoom.myConfigId.roleProvisionRemoveOnly =
+
+# subject sources to provision
+# {valueType: "string", multiple: true}
+# zoom.myConfigId.sourcesForSubjects =
+
+# ignore user ids in zoom (dont remove them) e.g. admin ids
+# {valueType: "string", multiple: true}
+# zoom.myConfigId.ignoreUserIds =
+
+# subject attribute to match zoom email address (generally eppn)
+# {valueType: "string"}
+# zoom.myConfigId.subjectAttributeForZoomEmail =
+
+# if deleting users, this is the group of users to delete. Load this group with your grace period policy
+# {valueType: "string"}
+# zoom.myConfigId.groupNameToDeleteUsers = a:b:c
+
+# if deleting users, this will just log instead of actually deleting
+# {valueType: "boolean", defaultValue: "false"}
+# zoom.myConfigId.logUserDeletesInsteadOfDeleting = false
+
+# if deleting users, this will remove the user from the grouper group (of users to delete), after the deleting occurs (if they have an immediate membership there)
+# {valueType: "boolean", defaultValue: "false"}
+# zoom.myConfigId.removeGrouperMembershipFromDeletedGroupAfterDeleteZoomUser = false
+
+# if deactivating users, this is the group of users to deactivate. Load this group with your grace period policy
+# {valueType: "string"}
+# zoom.myConfigId.groupNameToDeactivateUsers = a:b:c
+
+# if deactivating users, this will just log instead of actually deactivating
+# {valueType: "boolean", defaultValue: "false"}
+# zoom.myConfigId.logUserDeactivatesInsteadOfDeactivating = false
+
+# if deactivating users, this will remove the user from the grouper group (of users to deactivate), after the deactivating occurs (if they have an immediate membership there)
+# {valueType: "boolean", defaultValue: "false"}
+# zoom.myConfigId.removeGrouperMembershipFromDeactivatedGroupAfterDeactivateZoomUser = false
+
+# $$lowerEmailAddresses$$ will be the bind variables to lookup email addresses. the first col is the email, the second col is the subject id,
+# the third col is the source_id
+# e.g. select LOWER_EMAIL_ADDRESS, CHAR_PENN_ID, 'pennperson' as subject_source_id from person_source_email_lookup_v where lower_email_address in ($$lowerEmailAddresses$$)
+# {valueType: "string"}
+# zoom.myConfigId.emailLookupQuery =
+
+# database where the email lookup occurs
+# {valueType: "string"}
+# zoom.myConfigId.emailLookupDbConfigId =
+
+# if there are unresolvables then log them so they can be dealt with
+# {valueType: "boolean", defaultValue: "false"}
+# zoom.myConfigId.logUnresolvables = false
+
+# proxy requests here, e.g. https://server:1234
+# {valueType: "string"}
+# zoom.myConfigId.proxyUrl =
+
+# socks or http
+# {valueType: "string", formElement: "dropdown", optionValues: ["PROXY_HTTP", "PROXY_SOCKS5"]}
+# zoom.myConfigId.proxyType =
+
+
+#################
+## Zoom full provisioning
+#################
+
+# {valueType: "class", mustExtendClass: "edu.internet2.middleware.grouper.app.loader.OtherJobBase", mustImplementInterface: "org.quartz.Job"}
+# otherJob.myZoomFull.class = edu.internet2.middleware.grouper.app.zoom.GrouperZoomFullSync
+
+# zoom full cron, default to 2:20
+# {valueType: "string", required: true}
+# otherJob.myZoomFull.quartzCron = 0 20 2 * * ?
+
+# links to zoom config id
+# {valueType: "string"}
+# otherJob.myZoomFull.zoomConfigId = myConfigId
+
+#################
+## Zoom incremental provisioning
+#################
+
+# esb consumer
+# {valueType: "class", required: true, mustExtendClass: "edu.internet2.middleware.grouper.changeLog.esb.consumer.EsbConsumer"}
+# changeLog.consumer.zoomEsbProd.class = edu.internet2.middleware.grouper.changeLog.esb.consumer.EsbConsumer
+
+# zoom incremental cron, defualt to every hour except 2am (to not conflict with full)
+# {valueType: "string"}
+# changeLog.consumer.zoomEsbProd.quartzCron = 0 * 0,1,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23 * * ?
+
+# zoom publishing class
+# {valueType: "class", mustExtendClass: "edu.internet2.middleware.grouper.changeLog.esb.consumer.EsbMessagingPublisher"}
+# changeLog.consumer.zoomEsbProd.publisher.class = edu.internet2.middleware.grouper.app.zoom.ZoomEsbPublisher
+
+# el filter
+# {valueType: "string"}
+# changeLog.consumer.zoomEsbProd.elfilter = (event.sourceId == null || event.sourceId eq 'pennperson') && (event.groupName =~ '^penn\:isc\:ait\:apps\:zoom\:service\:policy\:groups\:.*$' || event.name =~ '^penn\:isc\:ait\:apps\:zoom\:service\:policy\:groups\:.*$' ) && (event.eventType eq 'GROUP_DELETE' || event.eventType eq 'GROUP_ADD' || event.eventType eq 'GROUP_UPDATE' || event.eventType eq 'MEMBERSHIP_DELETE' || event.eventType eq 'MEMBERSHIP_ADD' || event.eventType eq 'MEMBERSHIP_UPDATE')
+
+# add subject attributes
+# {valueType: "string", multiple: true}
+# changeLog.consumer.zoomEsbProd.publisher.addSubjectAttributes = EPPN
+
+# zoom config id
+# {valueType: "string"}
+# changeLog.consumer.zoomEsbProd.zoomConfigId = myConfigId
+
+#################
+## Zoom loading
+#################
+
+# {valueType: "class", mustExtendClass: "edu.internet2.middleware.grouper.app.loader.OtherJobBase", mustImplementInterface: "org.quartz.Job"}
+# otherJob.myZoomLoader.class = edu.internet2.middleware.grouper.app.zoom.GrouperZoomLoader
+
+# zoom full cron, default to every hour at 40 minutes after
+# {valueType: "string", required: true}
+# otherJob.myZoomLoader.quartzCron = 0 40 * * * ?
+
+# links to zoom config id
+# {valueType: "string"}
+# otherJob.myZoomLoader.zoomConfigId = myConfigId
+
+# if loading groups from zoom to grouper
+# {valueType: "boolean", defaultValue: "false"}
+# otherJob.myZoomLoader.zoomLoadGroups = false
+
+# if zoomLoadGroups is true then load groups into this folder
+# {valueType: "string"}
+# otherJob.myZoomLoader.zoomLoadGroupsFolderName = a:b
+
+# if loading roles from zoom to grouper
+# {valueType: "boolean", defaultValue: "false"}
+# otherJob.myZoomLoader.zoomLoadRoles = false
+
+# if zoomLoadRoles is true then load roles into this folder
+# {valueType: "string"}
+# otherJob.myZoomLoader.zoomLoadRolesFolderName = c:d
+
+# if loading user types from zoom to grouper
+# {valueType: "boolean", defaultValue: "false"}
+# otherJob.myZoomLoader.zoomLoadUserTypes = false
+
+# if zoomLoadUserTypes is true then load userTypes into this folder
+# {valueType: "string"}
+# otherJob.myZoomLoader.zoomLoadUserTypesFolderName = d:e
+
+# if loading user statuses from zoom to grouper
+# {valueType: "boolean", defaultValue: "false"}
+# otherJob.myZoomLoader.zoomLoadUserStatuses = false
+
+# if zoomLoadUserStatuses is true then load user statuses into this folder
+# {valueType: "string"}
+# otherJob.myZoomLoader.zoomLoadUserStatusesFolderName = d:e
+
+# if loading users to the grouper_zoom_user table (v2.6.1+)
+# {valueType: "boolean", defaultValue: "false"}
+# otherJob.myZoomLoader.zoomLoadUsersToTable = false
+
+############################################
+## Azure external system
+## specify the azure connection with user, pass, endpoint etc
+## the string after "azureConnector." is the name of the connection, and it should not have
+## spaces or other special chars in it
+############################################
+
+# azure login base uri to get a token. Should end in a slash. e.g. https://login.microsoftonline.com/
+# {valueType: "string", required: true, regex: "^grouper\\.azureConnector\\.([^.]+)\\.loginEndpoint$"}
+# grouper.azureConnector.myAzure.loginEndpoint = https://login.microsoftonline.com/
+
+# azure directory id. eg: 6c4dxxx0d
+# {valueType: "string", required: true, regex: "^grouper\\.azureConnector\\.([^.]+)\\.tenantId$"}
+# grouper.azureConnector.myAzure.tenantId =
+
+# client id. eg: fd805xxxxdfb
+# {valueType: "string", required: true, regex: "^grouper\\.azureConnector\\.([^.]+)\\.clientId"}
+# grouper.azureConnector.myAzure.clientId =
+
+# client secret
+# {valueType: "password", sensitive: true, regex: "^db\\.([^.]+)\\.clientSecret"}
+#grouper.azureConnector.myAzure.clientSecret =
+
+# resource. generally same as graph endpoint. eg: https://graph.microsoft.com
+# {valueType: "string", required: true, regex: "^grouper\\.azureConnector\\.([^.]+)\\.resource$"}
+# grouper.azureConnector.myAzure.resource =
+
+# azure resource base uri. Should include the version and end in a slash, e.g. https://graph.microsoft.com/v1.0/ or https://graph.microsoft.com/beta/
+# {valueType: "string", required: true, regex: "^grouper\\.azureConnector\\.([^.]+)\\.resourceEndpoint$"}
+# grouper.azureConnector.myAzure.resourceEndpoint = https://graph.microsoft.com/v1.0/
+
+# graph endpoint. eg: https://graph.microsoft.com
+# {valueType: "string", required: true, regex: "^grouper\\.azureConnector\\.([^.]+)\\.graphEndpoint$"}
+# grouper.azureConnector.myAzure.graphEndpoint =
+
+# graph version. eg: v1.0 or beta
+# {valueType: "string", required: true, regex: "^grouper\\.azureConnector\\.([^.]+)\\.graphVersion$"}
+# grouper.azureConnector.myAzure.graphVersion =
+
+# group lookup attribute for Custom UI. eg: displayName
+# {valueType: "string", regex: "^grouper\\.azureConnector\\.([^.]+)\\.groupLookupAttribute$"}
+# grouper.azureConnector.myAzure.groupLookupAttribute =
+
+# group lookup value format for Custom UI. eg: ${group.getName()}
+# {valueType: "string", regex: "^grouper\\.azureConnector\\.([^.]+)\\.groupLookupValueFormat$"}
+# grouper.azureConnector.myAzure.groupLookupValueFormat =
+
+# require subject attribute for Custom UI. eg: netId
+# {valueType: "string", regex: "^grouper\\.azureConnector\\.([^.]+)\\.requireSubjectAttribute$"}
+# grouper.azureConnector.myAzure.requireSubjectAttribute =
+
+# subject id value format for Custom UI. eg: ${subject.getAttributeValue("netId")}@school.edu
+# {valueType: "string", regex: "^grouper\\.azureConnector\\.([^.]+)\\.subjectIdValueFormat$"}
+# grouper.azureConnector.myAzure.subjectIdValueFormat =
+
+# proxy requests here, e.g. https://server:1234
+# {valueType: "string", regex: "^grouper\\.azureConnector\\.([^.]+)\\.proxyUrl$"}
+# grouper.azureConnector.myAzure.proxyUrl =
+
+# socks or http
+# {valueType: "string", regex: "^grouper\\.azureConnector\\.([^.]+)\\.proxyType$", formElement: "dropdown", optionValues: ["PROXY_HTTP", "PROXY_SOCKS5"]}
+# grouper.azureConnector.myAzure.proxyType =
+
+# if you are getting errors, you can temporarily set this to true to log authentication bodies. Then set back to false so the tokens (secrets) arent logged
+# {valueType: "boolean", regex: "^grouper\\.azureConnector\\.([^.]+)\\.logAuthenticationResponseBody$", defaultValue: "false"}
+# grouper.azureConnector.myAzure.logAuthenticationResponseBody =
+
+# if this azure connector is enabled
+# {valueType: "boolean", regex: "^grouper\\.azureConnector\\.([^.]+)\\.enabled$", defaultValue: "true"}
+# grouper.azureConnector.myAzure.enabled =
+
+############################################
+## WS bearer token external system
+## this is a simple URL with an Authorization bearer token secret
+############################################
+
+# Base website URL for WS with bearer token authn. e.g. https://scim.us-east-1.amazonaws.com/abc123/scim/v2/
+# {valueType: "string", required: true, regex: "^grouper\\.myWsBearerToken\\.([^.]+)\\.endpoint$"}
+# grouper.wsBearerToken.myWsBearerToken.endpoint =
+
+# Bearer token secret, e.g. AWS access token
+# {valueType: "password", sensitive: true, required: true, regex: "^grouper\\.myWsBearerToken\\.([^.]+)\\.accessTokenPassword$"}
+# grouper.wsBearerToken.myWsBearerToken.accessTokenPassword =
+
+# proxy requests here, e.g. https://server:1234
+# {valueType: "string", regex: "^grouper\\.myWsBearerToken\\.([^.]+)\\.proxyUrl$"}
+# grouper.wsBearerToken.myWsBearerToken.proxyUrl =
+
+# socks or http
+# {valueType: "string", regex: "^grouper\\.myWsBearerToken\\.([^.]+)\\.proxyType$", formElement: "dropdown", optionValues: ["PROXY_HTTP", "PROXY_SOCKS5"]}
+# grouper.wsBearerToken.myWsBearerToken.proxyType =
+
+# if this WS endpoing connector is enabled
+# {valueType: "boolean", regex: "^grouper\\.myWsBearerToken\\.([^.]+)\\.enabled$", defaultValue: "true"}
+# grouper.wsBearerToken.myWsBearerToken.enabled =
+
+# Test URL suffix that returns a 200
+# {valueType: "string", regex: "^grouper\\.myWsBearerToken\\.([^.]+)\\.testUrlSuffix$"}
+# grouper.wsBearerToken.myWsBearerToken.testUrlSuffix =
+
+# Test URL method, defaults to GET. Could be POST or whatever.
+# {valueType: "string", defaultValue: "GET", regex: "^grouper\\.myWsBearerToken\\.([^.]+)\\.testHttpMethod$"}
+# grouper.wsBearerToken.myWsBearerToken.testHttpMethod =
+
+# Test URL response code. Defaults to 200
+# {valueType: "integer", defaultValue: "200", regex: "^grouper\\.myWsBearerToken\\.([^.]+)\\.testHttpResponseCode$"}
+# grouper.wsBearerToken.myWsBearerToken.testHttpResponseCode =
+
+# Test URL response regex to match to see if valid (optional)
+# {valueType: "string", regex: "^grouper\\.myWsBearerToken\\.([^.]+)\\.testUrlResponseBodyRegex$"}
+# grouper.wsBearerToken.myWsBearerToken.testUrlResponseBodyRegex =
+
+########################################
+## Azure provisioner
+########################################
+
+# provisioner class
+# {valueType: "class", required: true, readOnly: true}
+# provisioner.myAzureProvisioner.class = edu.internet2.middleware.grouper.app.azure.GrouperAzureProvisioner
+
+# this is the Azure external system config id
+# {valueType: "string", required: true, order: 20, formElement: "dropdown", optionValuesFromClass: "edu.internet2.middleware.grouper.app.azure.AzureGrouperExternalSystem"}
+# provisioner.myAzureProvisioner.azureExternalSystemConfigId =
+
+# azure is always membershipObjects
+# {valueType: "string", required: true, order: 1000, subSection: "membership", showEl: "${operateOnGrouperMemberships}", formElement: "dropdown", optionValues: ["membershipObjects"]}
+# provisioner.myAzureProvisioner.provisioningType =
+
+# number of attributes for memberships
+# {valueType: "integer", order: 5701, subSection: "membership", defaultValue: "0", showEl:"${false}", formElement: "dropdown", optionValues: ["1", "2", "3", "4", "5", "6", "7", "8", "9", "10", "11", "12", "13", "14", "15", "16", "17", "18", "19", "20"] }
+# provisioner.myAzureProvisioner.numberOfMembershipAttributes =
+
+# Name of the attribute
+# {valueType: "string", order: 61000, required: true, showEl: "${operateOnGrouperEntities && numberOfEntityAttributes > $i$}", formElement: "dropdown", optionValues: ["accountEnabled", "displayName", "id", "mailNickname", "onPremisesImmutableId", "userPrincipalName"], repeatGroup: "targetEntityAttribute", repeatCount: 20}
+# provisioner.myAzureProvisioner.targetEntityAttribute.$i$.name =
+
+# Name of the attribute
+# {valueType: "string", order: 21000, required: true, showEl: "${operateOnGrouperGroups && numberOfGroupAttributes > $i$}", formElement: "dropdown", optionValues: ["description", "displayName", "groupType", "groupTypeUnified", "id", "mailEnabled", "mailNickname", "securityEnabled", "visibility", "allowOnlyMembersToPost", "hideGroupInOutlook", "subscribeNewGroupMembers", "welcomeEmailDisabled", "resourceProvisioningOptionsTeam", "isAssignableToRole"], repeatGroup: "targetGroupAttribute", repeatCount: 20}
+# provisioner.myAzureProvisioner.targetGroupAttribute.$i$.name =
+
+# If you want a metadata item on isAssignableToRole
+# {valueType: "boolean", order: 18705, defaultValue: "false", subSection: "group", showEl: "${operateOnGrouperGroups && provisioningType == 'membershipObjects'}"}
+# provisioner.myAzureProvisioner.assignableToRole =
+
+# If you want a metadata item on group type
+# {valueType: "boolean", order: 18710, defaultValue: "false", subSection: "group", showEl: "${operateOnGrouperGroups && provisioningType == 'membershipObjects'}"}
+# provisioner.myAzureProvisioner.azureGroupType =
+
+# If you want a metadata item on groups to allow only members to post
+# {valueType: "boolean", order: 18720, defaultValue: "false", subSection: "group", showEl: "${operateOnGrouperGroups && provisioningType == 'membershipObjects'}"}
+# provisioner.myAzureProvisioner.allowOnlyMembersToPost =
+
+# If you want a metadata item on groups to set hide group in outtook
+# {valueType: "boolean", order: 18750, defaultValue: "false", subSection: "group", showEl: "${operateOnGrouperGroups && provisioningType == 'membershipObjects'}"}
+# provisioner.myAzureProvisioner.hideGroupInOutlook =
+
+# If you want a metadata item on groups to set subscribe new group members
+# {valueType: "boolean", order: 18810, defaultValue: "false", subSection: "group", showEl: "${operateOnGrouperGroups && provisioningType == 'membershipObjects'}"}
+# provisioner.myAzureProvisioner.subscribeNewGroupMembers =
+
+# If you want a metadata item on groups to have welcome email disabled
+# {valueType: "boolean", order: 18820, defaultValue: "false", subSection: "group", showEl: "${operateOnGrouperGroups && provisioningType == 'membershipObjects'}"}
+# provisioner.myAzureProvisioner.welcomeEmailDisabled =
+
+# If you want a metadata item on groups to have resource provisioning options set as Team
+# {valueType: "boolean", order: 18830, defaultValue: "false", subSection: "group", showEl: "${operateOnGrouperGroups && provisioningType == 'membershipObjects'}"}
+# provisioner.myAzureProvisioner.resourceProvisioningOptionsTeam =
+
+
+########################################
+## Duo provisioner
+########################################
+
+# provisioner class
+# {valueType: "class", required: true, readOnly: true}
+# provisioner.myDuoProvisioner.class = edu.internet2.middleware.grouper.app.duo.GrouperDuoProvisioner
+
+# this is the Duo external system config id
+# {valueType: "string", required: true, order: 20, formElement: "dropdown", optionValuesFromClass: "edu.internet2.middleware.grouperDuo.DuoGrouperExternalSystem"}
+# provisioner.myDuoProvisioner.duoExternalSystemConfigId =
+
+# number of attributes for memberships
+# {valueType: "integer", order: 5701, subSection: "membership", defaultValue: "0", showEl:"${false}", formElement: "dropdown", optionValues: ["1", "2", "3", "4", "5", "6", "7", "8", "9", "10", "11", "12", "13", "14", "15", "16", "17", "18", "19", "20"] }
+# provisioner.myDuoProvisioner.numberOfMembershipAttributes =
+
+# Name of the attribute
+# {valueType: "string", order: 21000, required: true, showEl: "${operateOnGrouperGroups && numberOfGroupAttributes > $i$}", formElement: "dropdown", optionValues: ["description", "name", "id" ], repeatGroup: "targetGroupAttribute", repeatCount: 20}
+# provisioner.myDuoProvisioner.targetGroupAttribute.$i$.name =
+
+# load entities to grouper table
+# {valueType: "boolean", order: 37650, defaultValue: "false", subSection: "entity", showEl: "${operateOnGrouperEntities && selectEntities && selectAllEntities}"}
+# provisioner.myDuoProvisioner.loadEntitiesToGrouperTable =
+
+# Name of the attribute
+# {valueType: "string", order: 61000, required: true, showEl: "${operateOnGrouperEntities && numberOfEntityAttributes > $i$}", formElement: "dropdown", optionValues: ["email", "firstName", "id", "lastName", "loginId", "name"], repeatGroup: "targetEntityAttribute", repeatCount: 20}
+# provisioner.myDuoProvisioner.targetEntityAttribute.$i$.name =
+
+########################################
+## Duo role provisioner
+########################################
+
+# provisioner class
+# {valueType: "class", required: true, readOnly: true}
+# provisioner.myDuoRoleProvisioner.class = edu.internet2.middleware.grouper.app.duo.role.GrouperDuoRoleProvisioner
+
+# this is the Duo external system config id
+# {valueType: "string", required: true, order: 20, formElement: "dropdown", optionValuesFromClass: "edu.internet2.middleware.grouperDuo.DuoGrouperExternalSystem"}
+# provisioner.myDuoRoleProvisioner.duoExternalSystemConfigId =
+
+# number of attributes for memberships
+# {valueType: "integer", order: 5701, subSection: "membership", defaultValue: "0", showEl:"${false}", formElement: "dropdown", optionValues: ["1", "2", "3", "4", "5", "6", "7", "8", "9", "10", "11", "12", "13", "14", "15", "16", "17", "18", "19", "20"] }
+# provisioner.myDuoRoleProvisioner.numberOfMembershipAttributes =
+
+# Insert groups
+# {valueType: "boolean", order: 9000, subSection: "group", defaultValue: "false", showEl: "${false}"}
+# provisioner.myDuoRoleProvisioner.insertGroups =
+
+# Delete groups
+# {valueType: "boolean", order: 9500, defaultValue: "false", subSection: "group", showEl: "${false}"}
+# provisioner.myDuoRoleProvisioner.deleteGroups =
+
+# Update groups
+# {valueType: "boolean", order: 11500, defaultValue: "false", subSection: "group", showEl: "${false}"}
+# provisioner.myDuoRoleProvisioner.updateGroups =
+
+# Name of the attribute
+# {valueType: "string", order: 21000, required: true, showEl: "${operateOnGrouperGroups && numberOfGroupAttributes > $i$}", formElement: "dropdown", optionValues: ["role"], repeatGroup: "targetGroupAttribute", repeatCount: 20}
+# provisioner.myDuoRoleProvisioner.targetGroupAttribute.$i$.name =
+
+# Name of the attribute
+# {valueType: "string", order: 61000, required: true, showEl: "${operateOnGrouperEntities && numberOfEntityAttributes > $i$}", formElement: "dropdown", optionValues: ["id", "name", "email", "role"], repeatGroup: "targetEntityAttribute", repeatCount: 20}
+# provisioner.myDuoRoleProvisioner.targetEntityAttribute.$i$.name =
+
+
+########################################
+## Messaging provisioner
+########################################
+
+# provisioner class
+# {valueType: "class", required: true, readOnly: true}
+# provisioner.myMessagingProvisioner.class = edu.internet2.middleware.grouper.app.messagingProvisioning.GrouperMessagingProvisioner
+
+# this is the messaging external system config id
+# {valueType: "string", required: true, order: 20, formElement: "dropdown", optionValuesFromClass: "edu.internet2.middleware.grouper.app.messagingProvisioning.MessagingGrouperExternalSystem"}
+# provisioner.myMessagingProvisioner.messagingExternalSystemConfigId =
+
+# messaging format type
+# {valueType: "string", required: true, formElement: "dropdown", optionValues: ["EsbEventJson"]}
+# provisioner.myMessagingProvisioner.messagingFormatType =
+
+# target type - queue or topic
+# {valueType: "string", required: true, formElement: "dropdown", optionValues: ["queue", "topic"]}
+# provisioner.myMessagingProvisioner.queueType =
+
+# queue or topic name
+# {valueType: "string", required: true}
+# provisioner.myMessagingProvisioner.queueOrTopicName =
+
+# routing key - Valid only for rabbitMq
+# {valueType: "string"}
+# provisioner.myMessagingProvisioner.routingKey =
+
+# Exchange type - Valid only for rabbitMq
+# {valueType: "string", formElement: "dropdown", optionValues: ["DIRECT", "TOPIC", "HEADERS", "FANOUT"]}
+# provisioner.myMessagingProvisioner.exchangeType =
+
+# Set up queue arguments
+# {valueType: "boolean", order: 400, defaultValue: "false", subSection: "queueArguments"}
+# provisioner.myMessagingProvisioner.setupQueueArguments =
+
+# number of queue arguments
+# {valueType: "integer", order: 401, subSection: "queueArguments", defaultValue: "0", showEl:"${setupQueueArguments}", formElement: "dropdown", optionValues: ["1", "2", "3", "4", "5", "6", "7", "8", "9", "10", "11", "12", "13", "14", "15", "16", "17", "18", "19", "20"] }
+# provisioner.myMessagingProvisioner.numberOfQueueArguments =
+
+# Queue argument key
+# {valueType: "string", order: 402, required: true, showEl: "${numberOfQueueArguments > $i$}", repeatGroup: "queueArgument", repeatCount: 20}
+# provisioner.myMessagingProvisioner.queueArgument.$i$.key =
+
+# Queue argument value
+# {valueType: "string", order: 403, required: true, showEl: "${numberOfQueueArguments > $i$}", repeatGroup: "queueArgument", repeatCount: 20}
+# provisioner.myMessagingProvisioner.queueArgument.$i$.value =
+
+# {valueType: "string", required: true, order: 1000, subSection: "membership", showEl: "${operateOnGrouperMemberships}", formElement: "dropdown", optionValues: ["membershipObjects"]}
+# provisioner.myMessagingProvisioner.provisioningType =
+
+
+# Select memberships
+# {valueType: "boolean", order: 1500, defaultValue: "false", subSection: "membership", showEl: "${false}"}
+# provisioner.myMessagingProvisioner.selectMemberships =
+
+# Delete memberships if not exist in grouper
+# {valueType: "boolean", order: 4500, defaultValue: "false", subSection: "membership", showEl: "${false}"}
+# provisioner.myMessagingProvisioner.deleteMembershipsIfNotExistInGrouper =
+
+# number of attributes for memberships
+# {valueType: "integer", order: 5701, subSection: "membership", defaultValue: "0", showEl:"${false}", formElement: "dropdown", optionValues: ["1", "2", "3", "4", "5", "6", "7", "8", "9", "10", "11", "12", "13", "14", "15", "16", "17", "18", "19", "20"] }
+# provisioner.myMessagingProvisioner.numberOfMembershipAttributes =
+
+# Select groups
+# {valueType: "boolean", order: 8500, defaultValue: "false", subSection: "group", showEl: "${false}"}
+# provisioner.myMessagingProvisioner.selectGroups =
+
+# Delete groups if not exist in grouper
+# {valueType: "boolean", order: 10000, defaultValue: "false", subSection: "group", showEl: "${false}"}
+# provisioner.myMessagingProvisioner.deleteGroupsIfNotExistInGrouper =
+
+# if the groups need to be resolved in target
+# {valueType: "boolean", defaultValue: "false", subSection: "group", showEl:"${false}", order: 12000}
+# provisioner.myMessagingProvisioner.hasTargetGroupLink =
+
+# Select entities
+# {valueType: "boolean", order: 37500, defaultValue: "false", subSection: "entity", showEl: "${false}"}
+# provisioner.myMessagingProvisioner.selectEntities =
+
+# Select all entities
+# {valueType: "boolean", order: 37600, defaultValue: "false", subSection: "entity", showEl: "${false}"}
+# provisioner.myMessagingProvisioner.selectAllEntities =
+
+# Delete entities if not exist in grouper
+# {valueType: "boolean", order: 39500, defaultValue: "false", subSection: "entity", showEl: "${false}"}
+# provisioner.myMessagingProvisioner.deleteEntitiesIfNotExistInGrouper =
+
+# if the entities need to be resolved in target
+# {valueType: "boolean", defaultValue: "false", showEl:"${false}", order: 53000, subSection: "entity"}
+# provisioner.myMessagingProvisioner.hasTargetEntityLink =
+
+# number of attributes for target groups
+# {valueType: "integer", order: 19999, subSection: "group", defaultValue: "0", showEl:"${false}", formElement: "dropdown", optionValues: ["1", "2", "3", "4", "5", "6", "7", "8", "9", "10", "11", "12", "13", "14", "15", "16", "17", "18", "19", "20"] }
+# provisioner.myMessagingProvisioner.numberOfGroupAttributes =
+
+# number of attributes for target entities
+# {valueType: "integer", order: 59000, subSection: "entity", defaultValue: "0", showEl:"${false}", formElement: "dropdown", optionValues: ["1", "2", "3", "4", "5", "6", "7", "8", "9", "10", "11", "12", "13", "14", "15", "16", "17", "18", "19", "20"] }
+# provisioner.myMessagingProvisioner.numberOfEntityAttributes =
+
+# Select all groups during diagnostics
+# {valueType: "boolean", order: 78000, defaultValue: "false", subSection: "provisioningDiagnostics", showEl: "${false}"}
+# provisioner.myMessagingProvisioner.selectAllGroupsDuringDiagnostics =
+
+# Select all entities during diagnostics
+# {valueType: "boolean", order: 79000, defaultValue: "false", subSection: "provisioningDiagnostics", showEl: "${false}"}
+# provisioner.myMessagingProvisioner.selectAllEntitiesDuringDiagnostics =
+
+# Select all memberships during diagnostics
+# {valueType: "boolean", order: 80000, defaultValue: "false", subSection: "provisioningDiagnostics", showEl: "${false}"}
+# provisioner.myMessagingProvisioner.selectAllMembershipsDuringDiagnostics =
+
+# Can full sync
+# {valueType: "boolean", order: 88000, defaultValue: "false", subSection: "advanced", showEl: "${false}"}
+# provisioner.myMessagingProvisioner.canFullSync =
+
+########################################
+## Generic provisioner
+########################################
+
+# provisioner class
+# {valueType: "class", required: true, readOnly: true}
+# provisioner.genericDaoProvisioner.class = edu.internet2.middleware.grouper.app.genericProvisioner.GrouperGenericProvisioner
+
+# If all you need is a DAO class, implement that and put the fully qualified class name here. e.g. a.b.c.MyDao
+# {valueType: "string", required: true, order: 20, mustExtendClass: "edu.internet2.middleware.grouper.app.provisioning.targetDao.GrouperProvisionerTargetDaoBase"}
+# provisioner.genericDaoProvisioner.genericProvisionerDaoClassName =
+
+
+########################################
+## Google GCP provisioner
+########################################
+
+# provisioner class
+# {valueType: "class", required: true, readOnly: true}
+# provisioner.myGoogleProvisioner.class = edu.internet2.middleware.grouper.app.google.GrouperGoogleProvisioner
+
+# this is the google external system config id
+# {valueType: "string", required: true, order: 20, formElement: "dropdown", optionValuesFromClass: "edu.internet2.middleware.grouper.app.google.GoogleGrouperExternalSystem"}
+# provisioner.myGoogleProvisioner.googleExternalSystemConfigId =
+
+# Default message deny notification text
+# {valueType: "string", order: 18001, subSection: "group", showEl: "${operateOnGrouperGroups && selectGroups}"}
+# provisioner.myGoogleProvisioner.defaultMessageDenyNotificationText =
+
+# How to handle deleted group
+# {valueType: "string", defaultValue: "delete", order: 18002, subSection: "group", showEl:"${operateOnGrouperGroups && customizeGroupCrud && deleteGroups}", formElement: "dropdown", optionValues: ["archive", "delete"]}
+# provisioner.myGoogleProvisioner.handleDeletedGroup =
+
+
+# Message moderation level
+# {valueType: "string", order: 18003, subSection: "group", showEl:"${operateOnGrouperGroups && selectGroups}", formElement: "dropdown", optionValues: ["MODERATE_ALL_MESSAGES", "MODERATE_NON_MEMBERS", "MODERATE_NEW_MEMBERS", "MODERATE_NONE"]}
+# provisioner.myGoogleProvisioner.messageModerationLevel =
+
+# Reply to
+# {valueType: "string", order: 18004, subSection: "group", showEl:"${operateOnGrouperGroups && selectGroups}", formElement: "dropdown", optionValues: ["REPLY_TO_SENDER", "REPLY_TO_LIST", "REPLY_TO_OWNER", "REPLY_TO_IGNORE", "REPLY_TO_MANAGERS"]}
+# provisioner.myGoogleProvisioner.replyTo =
+
+# Send Message Deny Notification
+# {valueType: "boolean", order: 18005, subSection: "group", showEl:"${operateOnGrouperGroups && selectGroups}"}
+# provisioner.myGoogleProvisioner.sendMessageDenyNotification =
+
+# Spam Moderation Level
+# {valueType: "string", order: 18006, subSection: "group", showEl:"${operateOnGrouperGroups && selectGroups}", formElement: "dropdown", optionValues: ["ALLOW", "MODERATE", "SILENTLY_MODERATE", "REJECT"]}
+# provisioner.myGoogleProvisioner.spamModerationLevel =
+
+# Name of the attribute
+# {valueType: "string", order: 21000, required: true, showEl: "${operateOnGrouperGroups && numberOfGroupAttributes > $i$}", formElement: "dropdown", optionValues: ["allowExternalMembers", "allowGoogleCommunication", "allowWebPosting", "description", "email", "id", "name", "whoCanAdd", "whoCanInvite", "whoCanJoin", "whoCanPostMessage", "whoCanViewGroup", "whoCanViewMembership"], repeatGroup: "targetGroupAttribute", repeatCount: 20}
+# provisioner.myGoogleProvisioner.targetGroupAttribute.$i$.name =
+
+# Name of the attribute
+# {valueType: "string", order: 61000, required: true, showEl: "${operateOnGrouperEntities && numberOfEntityAttributes > $i$}", formElement: "dropdown", optionValues: ["email", "familyName", "givenName", "id"], repeatGroup: "targetEntityAttribute", repeatCount: 20}
+# provisioner.myGoogleProvisioner.targetEntityAttribute.$i$.name =
+
+# If you want a metadata item on groups to configure who can add
+# {valueType: "boolean", order: 18720, defaultValue: "false", subSection: "group", showEl: "${operateOnGrouperGroups && provisioningType == 'membershipObjects'}"}
+# provisioner.myGoogleProvisioner.whoCanAdd =
+
+# If you want a metadata item on groups to configure who can join the group
+# {valueType: "boolean", order: 18750, defaultValue: "false", subSection: "group", showEl: "${operateOnGrouperGroups && provisioningType == 'membershipObjects'}"}
+# provisioner.myGoogleProvisioner.whoCanJoin =
+
+# If you want a metadata item on groups to configure who can view membership
+# {valueType: "boolean", order: 18810, defaultValue: "false", subSection: "group", showEl: "${operateOnGrouperGroups && provisioningType == 'membershipObjects'}"}
+# provisioner.myGoogleProvisioner.whoCanViewMembership =
+
+# If you want a metadata item on groups to configure who can view group
+# {valueType: "boolean", order: 18820, defaultValue: "false", subSection: "group", showEl: "${operateOnGrouperGroups && provisioningType == 'membershipObjects'}"}
+# provisioner.myGoogleProvisioner.whoCanViewGroup =
+
+# If you want a metadata item on groups to configure who can invite
+# {valueType: "boolean", order: 18830, defaultValue: "false", subSection: "group", showEl: "${operateOnGrouperGroups && provisioningType == 'membershipObjects'}"}
+# provisioner.myGoogleProvisioner.whoCanInvite =
+
+# If you want a metadata item on groups to configure allowing external members
+# {valueType: "boolean", order: 18840, defaultValue: "false", subSection: "group", showEl: "${operateOnGrouperGroups && provisioningType == 'membershipObjects'}"}
+# provisioner.myGoogleProvisioner.allowExternalMembers =
+
+# If you want a metadata item on groups to configure who can post message
+# {valueType: "boolean", order: 18840, defaultValue: "false", subSection: "group", showEl: "${operateOnGrouperGroups && provisioningType == 'membershipObjects'}"}
+# provisioner.myGoogleProvisioner.whoCanPostMessage =
+
+# If you want a metadata item on groups to configure allowing web posting
+# {valueType: "boolean", order: 18840, defaultValue: "false", subSection: "group", showEl: "${operateOnGrouperGroups && provisioningType == 'membershipObjects'}"}
+# provisioner.myGoogleProvisioner.allowWebPosting =
+
+
+###############################################
+## provisioner startWiths - sql common
+###############################################
+
+# this is the sql external system config id
+# {order: 50, valueType: "string", required: true, order: 20, formElement: "dropdown", optionValuesFromClass: "edu.internet2.middleware.grouper.app.loader.db.DatabaseGrouperExternalSystem"}
+# provisionerStartWith.sqlCommon.dbExternalSystemConfigId =
+
+# this is the sql external system config id
+# {valueType: "string", order: 25, readOnly: true}
+# provisionerStartWith.sqlCommon.startWith = sqlCommon
+
+# Sql pattern
+# {valueType: "string", order: 50, required: true, formElement: "dropdown", showEl: "${dbExternalSystemConfigId != null}", optionValues: ["entityTable", "entityTableWithAttributeTable", "entityTableWithAttributeTableAndMemberships", "entityTableMembershipTable", "groupTable", "groupTableWithAttributeTable", "groupTableWithAttributeTableAndMemberships", "groupTableMembershipTable", "groupTableEntityTableMembershipTable", "membershipTable", "other"]}
+# provisionerStartWith.sqlCommon.sqlPattern =
+
+# User attributes type
+# {valueType: "string", order: 100, required: true, formElement: "dropdown", showEl: "${dbExternalSystemConfigId != null && sqlPattern != null}", optionValues: ["core", "entityResolver", "subjectSource", "subjectSourceAndEntityResolver"]}
+# provisionerStartWith.sqlCommon.userAttributesType =
+
+# Membership structure
+# {valueType: "string", order: 200, defaultValue: "membershipObjects", formElement: "dropdown", showEl: "${dbExternalSystemConfigId != null && sqlPattern != null && userAttributesType != null}", optionValues: ["entityAttributes", "groupAttributes", "membershipObjects", "notApplicable"]}
+# provisionerStartWith.sqlCommon.membershipStructure =
+
+# subject source entity resolver attributes
+# {valueType: "string", order: 300, required: true, showEl: "${userAttributesType == 'subjectSource' || userAttributesType == 'subjectSourceAndEntityResolver'}"}
+# provisionerStartWith.sqlCommon.subjectSourceEntityResolverAttributes =
+
+# has group table
+# {valueType: "boolean", order: 400, defaultValue: "false", showEl: "${dbExternalSystemConfigId != null && sqlPattern != null && userAttributesType != null}"}
+# provisionerStartWith.sqlCommon.hasGroupTable =
+
+# group table name
+# {valueType: "string", order: 500, required: true, showEl: "${dbExternalSystemConfigId != null && sqlPattern != null && userAttributesType != null && hasGroupTable}"}
+# provisionerStartWith.sqlCommon.groupTableName =
+
+# group table primary column
+# {valueType: "string", order: 600, required: true, showEl: "${dbExternalSystemConfigId != null && sqlPattern != null && userAttributesType != null && hasGroupTable}"}
+# provisionerStartWith.sqlCommon.groupTableIdColumn =
+
+# group table primary key value
+# {valueType: "string", order: 650, required: true, formElement: "dropdown", showEl: "${dbExternalSystemConfigId != null && sqlPattern != null && userAttributesType != null && hasGroupTable}", optionValues: ["groupExtension", "groupIdIndex", "groupName", "groupUuid", "other", "script"]}
+# provisionerStartWith.sqlCommon.groupTablePrimaryKeyValue =
+
+# group table column names
+# {valueType: "string", order: 700, showEl: "${dbExternalSystemConfigId != null && sqlPattern != null && userAttributesType != null && hasGroupTable}"}
+# provisionerStartWith.sqlCommon.groupTableColumnNames =
+
+# need group link?
+# {valueType: "boolean", order: 800, showEl: "${dbExternalSystemConfigId != null && sqlPattern != null && userAttributesType != null && hasGroupTable}"}
+# provisionerStartWith.sqlCommon.hasTargetGroupLink =
+
+# has group attribute table?
+# {valueType: "boolean", order: 900, defaultValue: "false", showEl: "${dbExternalSystemConfigId != null && sqlPattern != null && userAttributesType != null && hasGroupTable}"}
+# provisionerStartWith.sqlCommon.hasGroupAttributeTable =
+
+# group attribute table name
+# {valueType: "string", order: 1000, required: true, showEl: "${dbExternalSystemConfigId != null && sqlPattern != null && userAttributesType != null && hasGroupTable && hasGroupAttributeTable}"}
+# provisionerStartWith.sqlCommon.groupAttributesTableName =
+
+# column name which is foreign key to group table
+# {valueType: "string", order: 1100, required: true, showEl: "${dbExternalSystemConfigId != null && sqlPattern != null && userAttributesType != null && hasGroupTable && hasGroupAttributeTable}"}
+# provisionerStartWith.sqlCommon.groupAttributesGroupForeignKeyColumn =
+
+# column name which is the attribute name
+# {valueType: "string", order: 1200, required: true, showEl: "${dbExternalSystemConfigId != null && sqlPattern != null && userAttributesType != null && hasGroupTable && hasGroupAttributeTable}"}
+# provisionerStartWith.sqlCommon.groupAttributesAttributeNameColumn =
+
+# column name which is the attribute value
+# {valueType: "string", order: 1300, required: true, showEl: "${dbExternalSystemConfigId != null && sqlPattern != null && userAttributesType != null && hasGroupTable && hasGroupAttributeTable}"}
+# provisionerStartWith.sqlCommon.groupAttributesAttributeValueColumn =
+
+# membership attribute name
+# {valueType: "string", order: 1400, required: true, showEl: "${dbExternalSystemConfigId != null && sqlPattern != null && userAttributesType != null && hasGroupTable && hasGroupAttributeTable && membershipStructure == 'groupAttributes'}"}
+# provisionerStartWith.sqlCommon.groupMembershipAttributeName =
+
+# membership attribute value
+# {valueType: "string", order: 1500, required: true, formElement: "dropdown", showEl: "${dbExternalSystemConfigId != null && sqlPattern != null && userAttributesType != null && hasGroupTable && hasGroupAttributeTable && membershipStructure == 'groupAttributes'}", optionValues: ["entityPrimaryKey", "other", "script", "subjectId", "subjectIdentifier0", "subjectIdentifier1", "subjectIdentifier2"]}
+# provisionerStartWith.sqlCommon.groupMembershipAttributeValue =
+
+# other attribute names in attribute table
+# {valueType: "string", order: 1600, showEl: "${dbExternalSystemConfigId != null && sqlPattern != null && userAttributesType != null && hasGroupTable && hasGroupAttributeTable}"}
+# provisionerStartWith.sqlCommon.groupOtherAttributeNames =
+
+# has entity table
+# {valueType: "boolean", order: 1700, defaultValue: "false", showEl: "${dbExternalSystemConfigId != null && sqlPattern != null && userAttributesType != null}"}
+# provisionerStartWith.sqlCommon.hasEntityTable =
+
+# entity table name
+# {valueType: "string", order: 1800, required: true, showEl: "${dbExternalSystemConfigId != null && sqlPattern != null && userAttributesType != null && hasEntityTable}"}
+# provisionerStartWith.sqlCommon.entityTableName =
+
+# entity table primary column
+# {valueType: "string", order: 1900, required: true, showEl: "${dbExternalSystemConfigId != null && sqlPattern != null && userAttributesType != null && hasEntityTable}"}
+# provisionerStartWith.sqlCommon.entityTableIdColumn =
+
+# entity table primary key value
+# {valueType: "string", order: 2000, required: true, formElement: "dropdown", showEl: "${dbExternalSystemConfigId != null && sqlPattern != null && userAttributesType != null && hasEntityTable}", optionValues: ["email", "entityUuid", "entityDescription", "entityName", "other", "script", "subjectId", "subjectIdentifier0", "subjectIdentifier1", "subjectIdentifier2"]}
+# provisionerStartWith.sqlCommon.entityTablePrimaryKeyValue =
+
+# other entity table column names
+# {valueType: "string", order: 2100, showEl: "${dbExternalSystemConfigId != null && sqlPattern != null && userAttributesType != null && hasEntityTable}"}
+# provisionerStartWith.sqlCommon.entityTableColumnNames =
+
+# need entity link?
+# {valueType: "boolean", order: 2200, showEl: "${dbExternalSystemConfigId != null && sqlPattern != null && userAttributesType != null && hasEntityTable}"}
+# provisionerStartWith.sqlCommon.hasTargetEntityLink =
+
+# has entity attribute table?
+# {valueType: "boolean", order: 2300, defaultValue: "false", showEl: "${dbExternalSystemConfigId != null && sqlPattern != null && userAttributesType != null && hasEntityTable}"}
+# provisionerStartWith.sqlCommon.hasEntityAttributeTable =
+
+# entity attribute table name
+# {valueType: "string", order: 2400, required: true, showEl: "${dbExternalSystemConfigId != null && sqlPattern != null && userAttributesType != null && hasEntityTable && hasEntityAttributeTable}"}
+# provisionerStartWith.sqlCommon.entityAttributesTableName =
+
+# column name which is foreign key to entity table
+# {valueType: "string", order: 2500, required: true, showEl: "${dbExternalSystemConfigId != null && sqlPattern != null && userAttributesType != null && hasEntityTable && hasEntityAttributeTable}"}
+# provisionerStartWith.sqlCommon.entityAttributesEntityForeignKeyColumn =
+
+# column name which is the attribute name
+# {valueType: "string", order: 2600, required: true, showEl: "${dbExternalSystemConfigId != null && sqlPattern != null && userAttributesType != null && hasEntityTable && hasEntityAttributeTable}"}
+# provisionerStartWith.sqlCommon.entityAttributesAttributeNameColumn =
+
+# column name which is the attribute value
+# {valueType: "string", order: 2700, required: true, showEl: "${dbExternalSystemConfigId != null && sqlPattern != null && userAttributesType != null && hasEntityTable && hasEntityAttributeTable}"}
+# provisionerStartWith.sqlCommon.entityAttributesAttributeValueColumn =
+
+# membership attribute name
+# {valueType: "string", order: 2800, required: true, showEl: "${dbExternalSystemConfigId != null && sqlPattern != null && userAttributesType != null && hasEntityTable && hasEntityAttributeTable && membershipStructure == 'entityAttributes'}"}
+# provisionerStartWith.sqlCommon.entityMembershipAttributeName =
+
+# membership attribute value
+# {valueType: "string", order: 2900, required: true, formElement: "dropdown", showEl: "${dbExternalSystemConfigId != null && sqlPattern != null && userAttributesType != null && hasEntityTable && hasEntityAttributeTable && membershipStructure == 'entityAttributes'}", optionValues: ["groupExtension", "groupIdIndex", "groupName", "groupPrimaryKey", "groupUuid", "other", "script"]}
+# provisionerStartWith.sqlCommon.entityMembershipAttributeValue =
+
+# other attribute names in attribute table
+# {valueType: "string", order: 3000, showEl: "${dbExternalSystemConfigId != null && sqlPattern != null && userAttributesType != null && hasEntityTable && hasEntityAttributeTable}"}
+# provisionerStartWith.sqlCommon.entityOtherAttributeNames =
+
+# membership table name
+# {valueType: "string", order: 3150, required: true, showEl: "${dbExternalSystemConfigId != null && sqlPattern != null && userAttributesType != null && membershipStructure == 'membershipObjects'}"}
+# provisionerStartWith.sqlCommon.membershipTableName =
+
+# group column
+# {valueType: "string", order: 3200, required: true, showEl: "${dbExternalSystemConfigId != null && sqlPattern != null && userAttributesType != null && membershipStructure == 'membershipObjects'}"}
+# provisionerStartWith.sqlCommon.membershipTableGroupColumn =
+
+# group value
+# {valueType: "string", order: 3300, required: true, formElement: "dropdown", showEl: "${dbExternalSystemConfigId != null && sqlPattern != null && userAttributesType != null && membershipStructure == 'membershipObjects'}", optionValues: ["groupExtension", "groupIdIndex", "groupName", "groupPrimaryKey", "groupUuid", "other", "script"]}
+# provisionerStartWith.sqlCommon.membershipTableGroupValue =
+
+# entity column
+# {valueType: "string", order: 3400, required: true, showEl: "${dbExternalSystemConfigId != null && sqlPattern != null && userAttributesType != null && membershipStructure == 'membershipObjects'}"}
+# provisionerStartWith.sqlCommon.membershipTableEntityColumn =
+
+# entity value
+# {valueType: "string", order: 3500, required: true, formElement: "dropdown", showEl: "${dbExternalSystemConfigId != null && sqlPattern != null && userAttributesType != null && membershipStructure == 'membershipObjects'}", optionValues: ["entityPrimaryKey", "other", "script", "subjectId", "subjectIdentifier0", "subjectIdentifier1", "subjectIdentifier2"]}
+# provisionerStartWith.sqlCommon.membershipTableEntityValue =
+
+# add disabled full sync daemon?
+# {valueType: "boolean", order: 3600, defaultValue: "false", showEl: "${dbExternalSystemConfigId != null && sqlPattern != null && userAttributesType != null}"}
+# provisionerStartWith.sqlCommon.addDisabledFullSyncDaemon =
+
+# add disabled incremental sync daemon?
+# {valueType: "boolean", order: 3700, defaultValue: "false", showEl: "${dbExternalSystemConfigId != null && sqlPattern != null && userAttributesType != null}"}
+# provisionerStartWith.sqlCommon.addDisabledIncrementalSyncDaemon =
+
+################################################
+## provisioner startWith - ldap memberships
+################################################
+
+# Ldap memberships
+# {valueType: "string", order: 25, readOnly: true}
+# provisionerStartWith.ldapMemberships.startWith = ldapMemberships
+
+# this is the ldap external system config id
+# {valueType: "string", required: true, order: 20, formElement: "dropdown", optionValuesFromClass: "edu.internet2.middleware.grouper.app.externalSystem.LdapGrouperExternalSystem"}
+# provisionerStartWith.ldapMemberships.ldapExternalSystemConfigId =
+
+# Ldap pattern
+# {valueType: "string", order: 50, required: true, formElement: "dropdown", showEl: "${ldapExternalSystemConfigId != null}", optionValues: ["activeDirectoryGroups", "bushyGroupsWithMembershipDNs", "bushyGroupsWithMembershipSubjectIds", "flatGroupsWithMembershipDNs", "flatGroupsWithMembershipSubjectIds", "groupOfNames", "other", "posixGroups", "usersWithEduPersonAffiliations", "usersWithEduPersonEntitlements", "usersWithMembershipGroupExtensions", "usersWithMembershipGroupNames"]}
+# provisionerStartWith.ldapMemberships.ldapPattern =
+
+# Membership structure
+# {valueType: "string", order: 300, required: true, formElement: "dropdown", showEl: "${ldapPattern != null}", optionValues: ["groupAttributes", "entityAttributes"]}
+# provisionerStartWith.ldapMemberships.membershipStructure =
+
+# membershipValue is DN?
+# {valueType: "boolean", order: 400, required: true, showEl: "${membershipStructure != null}"}
+# provisionerStartWith.ldapMemberships.membershipValueDn =
+
+# Group organization: bushy or flat
+# {valueType: "string", order: 500, required: true, formElement: "dropdown", showEl: "${!onlyLdapGroupDnOverride && membershipValueDn != null && membershipStructure == 'groupAttributes'}", optionValues: ["bushy", "flat"]}
+# provisionerStartWith.ldapMemberships.groupDnType =
+
+# User attributes type
+# {valueType: "string", order: 550, required: true, formElement: "dropdown", showEl: "${groupDnType != null}", optionValues: ["core", "entityResolver", "subjectSource", "subjectSourceAndEntityResolver"]}
+# provisionerStartWith.ldapMemberships.userAttributesType =
+
+# subject source entity resolver attributes
+# {valueType: "string", order: 600, required: true, showEl: "${userAttributesType == 'subjectSource' || userAttributesType == 'subjectSourceAndEntityResolver'}"}
+# provisionerStartWith.ldapMemberships.subjectSourceEntityResolverAttributes =
+
+# group link needed for another reason?
+# {valueType: "boolean", order: 700, defaultValue: "false", showEl: "${membershipStructure != null && membershipStructure != 'groupAttributes' && !membershipValueDn}"}
+# provisionerStartWith.ldapMemberships.groupLinkForAnotherReason =
+
+# group base OU
+# {valueType: "string", order: 800, required: true, showEl: "${!onlyLdapGroupDnOverride && (groupLinkForAnotherReason || membershipStructure == 'groupAttributes' || membershipValueDn)}"}
+# provisionerStartWith.ldapMemberships.groupSearchBaseDn =
+
+# what attribute is RDN for groups?
+# {valueType: "string", order: 900, required: true, showEl: "${groupLinkForAnotherReason || membershipStructure == 'groupAttributes' || membershipValueDn}"}
+# provisionerStartWith.ldapMemberships.groupRdnAttribute =
+
+# what is RDN value for groups?
+# {valueType: "string", order: 1000, required: true, formElement: "dropdown", showEl: "${groupLinkForAnotherReason || membershipStructure == 'groupAttributes' || membershipValueDn}", optionValues: ["extension", "extensionUnderscoreIdIndex", "id", "idIndex", "idIndexString", "name", "nameBackwardsUnderscoreMax64", "other", "script"]}
+# provisionerStartWith.ldapMemberships.rdnValueForGroups =
+
+# Membership attribute name for groups
+# {valueType: "string", order: 1100, required: true, showEl: "${membershipStructure == 'groupAttributes'}"}
+# provisionerStartWith.ldapMemberships.membershipAttributeNameForGroups =
+
+# Membership value for groups
+# {valueType: "string", order: 1200, required: true, formElement: "dropdown", showEl: "${ (groupLinkForAnotherReason || membershipStructure == 'groupAttributes' || membershipValueDn) && (!membershipValueDn)}", optionValuesFromClass: "edu.internet2.middleware.grouper.app.provisioning.ProvisioningEntityCacheDropdownOptions"}
+# provisionerStartWith.ldapMemberships.groupMembershipAttributeValue =
+
+# IdIndex attribute
+# {valueType: "string", order: 1300, showEl: "${groupLinkForAnotherReason || membershipStructure == 'groupAttributes' || membershipValueDn}"}
+# provisionerStartWith.ldapMemberships.idIndexAttribute =
+
+# matching search attribute different than RDN or idIndex? boolean default false
+# {valueType: "boolean", order: 1400, defaultValue: "false", showEl: "${groupLinkForAnotherReason || membershipStructure == 'groupAttributes' || membershipValueDn}"}
+# provisionerStartWith.ldapMemberships.matchingSearchAttributeDifferentThanRdnorIdIndex =
+
+# matching search attribute name for groups
+# {valueType: "string", order: 1500, required: true, showEl: "${ (groupLinkForAnotherReason || membershipStructure == 'groupAttributes' || membershipValueDn) && (matchingSearchAttributeDifferentThanRdnorIdIndex)}"}
+# provisionerStartWith.ldapMemberships.matchingSearchAttributeNameForGroups =
+
+# matching search attribute value for groups
+# {valueType: "string", order: 1600, required: true, formElement: "dropdown", showEl: "${ (groupLinkForAnotherReason || membershipStructure == 'groupAttributes' || membershipValueDn) && (matchingSearchAttributeDifferentThanRdnorIdIndex)}", optionValues: ["extension", "id", "idIndex", "name", "other", "script"]}
+# provisionerStartWith.ldapMemberships.matchingSearchAttributeValueForGroups =
+
+# object classes for groups
+# {valueType: "string", order: 1700, showEl: "${groupLinkForAnotherReason || membershipStructure == 'groupAttributes' || membershipValueDn}"}
+# provisionerStartWith.ldapMemberships.objectClassesForGroups =
+
+# list other group ldap attributes (not configured yet)
+# {valueType: "string", order: 1800, showEl: "${groupLinkForAnotherReason || membershipStructure == 'groupAttributes' || membershipValueDn}"}
+# provisionerStartWith.ldapMemberships.otherGroupLdapAttributes =
+
+# if allow group DN override
+# {valueType: "boolean", order: 1900, defaultValue: "false", showEl: "${groupLinkForAnotherReason || membershipStructure == 'groupAttributes' || membershipValueDn}"}
+# provisionerStartWith.ldapMemberships.allowLdapGroupDnOverride =
+
+# if only group DN override
+# {valueType: "boolean", order: 1950, defaultValue: "false", showEl: "${allowLdapGroupDnOverride && (groupLinkForAnotherReason || membershipStructure == 'groupAttributes' || membershipValueDn)}"}
+# provisionerStartWith.ldapMemberships.onlyLdapGroupDnOverride =
+
+# if need entity link for another reason
+# {valueType: "boolean", order: 2000, defaultValue: "false", showEl: "${membershipStructure != null && membershipStructure != 'entityAttributes' && !membershipValueDn}"}
+# provisionerStartWith.ldapMemberships.entityLinkForAnotherReason =
+
+# Entity base OU
+# {valueType: "string", order: 2100, required: true, showEl: "${entityLinkForAnotherReason || membershipStructure == 'entityAttributes' || membershipValueDn}"}
+# provisionerStartWith.ldapMemberships.userSearchBaseDn =
+
+# change entities in LDAP (besides entity attribute if doing entity attributes)?
+# {valueType: "boolean", order: 2200, defaultValue: "false", showEl: "${entityLinkForAnotherReason || membershipStructure == 'entityAttributes' || membershipValueDn}"}
+# provisionerStartWith.ldapMemberships.changeEntitiesInLdap =
+
+# RDN attribute for entities
+# {valueType: "string", order: 2300, required: true, showEl: "${ (entityLinkForAnotherReason || membershipStructure == 'entityAttributes' || membershipValueDn) && (changeEntitiesInLdap)}"}
+# provisionerStartWith.ldapMemberships.userRdnAttribute =
+
+# what is RDN value for entities
+# {valueType: "string", order: 2400, required: true, formElement: "dropdown", showEl: "${ (entityLinkForAnotherReason || membershipStructure == 'entityAttributes' || membershipValueDn) && (changeEntitiesInLdap)}", optionValues: ["other", "script", "subjectId", "subjectIdentifier0", "subjectIdentifier1", "subjectIdentifier2"]}
+# provisionerStartWith.ldapMemberships.rdnValueForEntities =
+
+# Membership attribute name for entities
+# {valueType: "string", order: 2500, required: true, showEl: "${membershipStructure == 'entityAttributes'}"}
+# provisionerStartWith.ldapMemberships.membershipAttributeNameForEntities =
+
+# Membership value for entities
+# {valueType: "string", order: 2600, required: true, formElement: "dropdown", showEl: "${ (entityLinkForAnotherReason || membershipStructure == 'entityAttributes' || membershipValueDn) && (!membershipValueDn)}", optionValues: ["extension", "idIndex", "name", "other", "script", "uuid"]}
+# provisionerStartWith.ldapMemberships.membershipValueForEntities =
+
+# matching search attribute different than RDN?
+# {valueType: "boolean", order: 2700, defaultValue: "false", showEl: "${ (entityLinkForAnotherReason || membershipStructure == 'entityAttributes' || membershipValueDn) && (changeEntitiesInLdap)}"}
+# provisionerStartWith.ldapMemberships.matchingSearchAttributeDifferentThanRDN =
+
+# matching/search attribute name for entities
+# {valueType: "string", order: 2800, required: true, showEl: "${ (entityLinkForAnotherReason || membershipStructure == 'entityAttributes' || membershipValueDn) && (!changeEntitiesInLdap || matchingSearchAttributeDifferentThanRDN)}"}
+# provisionerStartWith.ldapMemberships.matchingSearchAttributeNameForEntities =
+
+# matching/search attribute value for entities
+# {valueType: "string", order: 2900, required: true, formElement: "dropdown", showEl: "${ (entityLinkForAnotherReason || membershipStructure == 'entityAttributes' || membershipValueDn) && (!changeEntitiesInLdap || matchingSearchAttributeDifferentThanRDN)}", optionValues: ["other", "script", "subjectId", "subjectIdentifier0", "subjectIdentifier1", "subjectIdentifier2"]}
+# provisionerStartWith.ldapMemberships.matchingSearchAttributeValueForEntities =
+
+# object classes for entities
+# {valueType: "string", order: 3000, showEl: "${entityLinkForAnotherReason || membershipStructure == 'entityAttributes' || membershipValueDn}"}
+# provisionerStartWith.ldapMemberships.objectClassesForEntities =
+
+# list other entity ldap attributes (not configured yet)
+# {valueType: "string", order: 3100, showEl: "${entityLinkForAnotherReason || membershipStructure == 'entityAttributes' || membershipValueDn}"}
+# provisionerStartWith.ldapMemberships.otherEntityLdapAttributes =
+
+# add disabled full sync daemon?
+# {valueType: "boolean", order: 3300, defaultValue: "true", showEl: "${membershipStructure != null}"}
+# provisionerStartWith.ldapMemberships.addDisabledFullSyncDaemon =
+
+# add disabled incremental sync daemon?
+# {valueType: "boolean", order: 3400, defaultValue: "true", showEl: "${membershipStructure != null}"}
+# provisionerStartWith.ldapMemberships.addDisabledIncrementalSyncDaemon =
+
+################################################
+## provisioner startWith - Azure
+################################################
+
+# azure common
+# {valueType: "string", order: 25, readOnly: true}
+# provisionerStartWith.azureCommon.startWith = azureCommon
+
+# this is the azure external system config id
+# {valueType: "string", required: true, order: 20, formElement: "dropdown", optionValuesFromClass: "edu.internet2.middleware.grouper.app.azure.AzureGrouperExternalSystem"}
+# provisionerStartWith.azureCommon.azureExternalSystemConfigId =
+
+# Azure pattern
+# {valueType: "string", order: 50, required: true, formElement: "dropdown", showEl: "${azureExternalSystemConfigId != null}", optionValues: ["manageGroupsManageEntities", "manageGroupsReadonlyEntities", "other"]}
+# provisionerStartWith.azureCommon.azurePattern =
+
+# User attributes type
+# {valueType: "string", order: 100, required: true, formElement: "dropdown", showEl: "${azurePattern != null}", optionValues: ["core", "entityResolver", "subjectSource", "subjectSourceAndEntityResolver"]}
+# provisionerStartWith.azureCommon.userAttributesType =
+
+# subject source entity resolver attributes
+# {valueType: "string", order: 200, required: true, showEl: "${userAttributesType == 'subjectSource' || userAttributesType == 'subjectSourceAndEntityResolver'}"}
+# provisionerStartWith.azureCommon.subjectSourceEntityResolverAttributes =
+
+# group display name attribute value
+# {valueType: "string", order: 300, required: true, formElement: "dropdown", showEl: "${azurePattern != null}", optionValues: ["extension", "idIndex", "name", "other", "script", "uuid"]}
+# provisionerStartWith.azureCommon.groupDisplayNameAttributeValue =
+
+# use group description
+# {valueType: "boolean", order: 400, defaultValue: "true", showEl: "${azurePattern != null}"}
+# provisionerStartWith.azureCommon.useGroupDescription =
+
+# mailNickname attribute value
+# {valueType: "string", order: 500, required: true, formElement: "dropdown", showEl: "${azurePattern != null}", optionValues: ["extension", "idIndex", "name", "other", "script", "uuid"]}
+# provisionerStartWith.azureCommon.mailNicknameAttributeValue =
+
+# has metadata for 'group type'
+# {valueType: "boolean", order: 600, defaultValue: "true", showEl: "${azurePattern != null}"}
+# provisionerStartWith.azureCommon.hasMetadataForGroupType =
+
+# has metadata for allowOnlyMembersToPost
+# {valueType: "boolean", order: 700, defaultValue: "true", showEl: "${azurePattern != null}"}
+# provisionerStartWith.azureCommon.hasMetadataForAllowOnlyMembersToPost =
+
+# has metadata for hideGroupInOutlook
+# {valueType: "boolean", order: 800, defaultValue: "false", showEl: "${azurePattern != null}"}
+# provisionerStartWith.azureCommon.hasMetadataForHideGroupInOutlook =
+
+# has metadata for subscribeNewGroupMembers
+# {valueType: "boolean", order: 900, defaultValue: "false", showEl: "${azurePattern != null}"}
+# provisionerStartWith.azureCommon.hasMetadataForSubscribeNewGroupMembers =
+
+# has metadata for welcomeEmailDisabled
+# {valueType: "boolean", order: 1000, defaultValue: "false", showEl: "${azurePattern != null}"}
+# provisionerStartWith.azureCommon.hasMetadataForWelcomeEmailDisabled =
+
+# has metadata for resourceProvisioningOptionsTeam
+# {valueType: "boolean", order: 1100, defaultValue: "false", showEl: "${azurePattern != null}"}
+# provisionerStartWith.azureCommon.hasMetadataForResourceProvisioningOptionsTeam =
+
+# Entity user principal name
+# {valueType: "string", order: 1200, formElement: "dropdown", showEl: "${azurePattern != null}", optionValues: ["other", "script", "subjectId", "subjectIdentifier0", "subjectIdentifier1", "subjectIdentifier2"]}
+# provisionerStartWith.azureCommon.entityUserPrincipalName =
+
+# Entity mail nickname
+# {valueType: "string", order: 1300, formElement: "dropdown", showEl: "${azurePattern != null}", optionValues: ["other", "script", "subjectId", "subjectIdentifier0", "subjectIdentifier1", "subjectIdentifier2"]}
+# provisionerStartWith.azureCommon.entityMailNickname =
+
+# Entity on premises immutable ID
+# {valueType: "string", order: 1400, formElement: "dropdown", showEl: "${azurePattern != null}", optionValues: ["other", "script", "subjectId", "subjectIdentifier0", "subjectIdentifier1", "subjectIdentifier2"]}
+# provisionerStartWith.azureCommon.entityOnPremisesImmutableId =
+
+# Manage entities in Azure?
+# {valueType: "boolean", order: 1500, defaultValue: "false", showEl: "${azurePattern != null}"}
+# provisionerStartWith.azureCommon.manageEntitiesInAzure =
+
+# Entity display name
+# {valueType: "string", order: 1600, required: true, formElement: "dropdown", showEl: "${azurePattern != null && manageEntitiesInAzure == true}", optionValues: ["name", "none", "other", "script", "subjectId", "subjectIdentifier0", "subjectIdentifier1", "subjectIdentifier2"]}
+# provisionerStartWith.azureCommon.entityDisplayName =
+
+# add disabled full sync daemon?
+# {valueType: "boolean", order: 1700, defaultValue: "true", showEl: "${azurePattern != null}"}
+# provisionerStartWith.azureCommon.addDisabledFullSyncDaemon =
+
+# add disabled incremental sync daemon?
+# {valueType: "boolean", order: 1800, defaultValue: "true", showEl: "${azurePattern != null}"}
+# provisionerStartWith.azureCommon.addDisabledIncrementalSyncDaemon =
+
+
+################################################
+## provisioner startWith - Duo
+################################################
+
+# azure common
+# {valueType: "string", order: 25, readOnly: true}
+# provisionerStartWith.duoCommon.startWith = duoCommon
+
+# this is the duo external system config id
+# {valueType: "string", required: true, order: 20, formElement: "dropdown", optionValuesFromClass: "edu.internet2.middleware.grouperDuo.DuoGrouperExternalSystem"}
+# provisionerStartWith.duoCommon.duoExternalSystemConfigId =
+
+# Duo pattern
+# {valueType: "string", order: 50, required: true, formElement: "dropdown", showEl: "${duoExternalSystemConfigId != null}", optionValues: ["manageGroupsManageEntities", "manageGroupsReadonlyEntities", "manageEntities", "other"]}
+# provisionerStartWith.duoCommon.duoPattern =
+
+# User attributes type
+# {valueType: "string", order: 100, required: true, formElement: "dropdown", showEl: "${duoPattern != null}", optionValues: ["core", "entityResolver", "subjectSource", "subjectSourceAndEntityResolver"]}
+# provisionerStartWith.duoCommon.userAttributesType =
+
+# subject source entity resolver attributes
+# {valueType: "string", order: 200, required: true, showEl: "${userAttributesType == 'subjectSource' || userAttributesType == 'subjectSourceAndEntityResolver'}"}
+# provisionerStartWith.duoCommon.subjectSourceEntityResolverAttributes =
+
+# manage groups
+# {valueType: "boolean", order: 250, defaultValue: "false", showEl: "${duoPattern != null}"}
+# provisionerStartWith.duoCommon.manageGroups =
+
+# group name attribute value
+# {valueType: "string", order: 300, required: true, formElement: "dropdown", showEl: "${manageGroups == true}", optionValues: ["extension", "idIndex", "name", "other", "script", "uuid"]}
+# provisionerStartWith.duoCommon.groupNameAttributeValue =
+
+# use group description
+# {valueType: "boolean", order: 400, defaultValue: "true", showEl: "${manageGroups == true}"}
+# provisionerStartWith.duoCommon.useGroupDescription =
+
+# manage entities
+# {valueType: "boolean", order: 500, defaultValue: "false", showEl: "${duoPattern != null}"}
+# provisionerStartWith.duoCommon.manageEntities =
+
+# Entity user name
+# {valueType: "string", order: 600, required: true, formElement: "dropdown", showEl: "${manageEntities == true}", optionValues: ["other", "script", "subjectId", "subjectIdentifier0", "subjectIdentifier1", "subjectIdentifier2"]}
+# provisionerStartWith.duoCommon.entityUserName =
+
+# Entity name subject attribute
+# {valueType: "string", order: 700, showEl: "${manageEntities == true}"}
+# provisionerStartWith.duoCommon.entityNameSubjectAttribute =
+
+# Entity first name subject attribute
+# {valueType: "string", order: 800, showEl: "${manageEntities == true}"}
+# provisionerStartWith.duoCommon.entityFirstNameSubjectAttribute =
+
+# Entity email subject attribute
+# {valueType: "string", order: 900, showEl: "${manageEntities == true}"}
+# provisionerStartWith.duoCommon.entityEmailSubjectAttribute =
+
+# add disabled full sync daemon?
+# {valueType: "boolean", order: 1700, defaultValue: "true", showEl: "${duoPattern != null}"}
+# provisionerStartWith.duoCommon.addDisabledFullSyncDaemon =
+
+# add disabled incremental sync daemon?
+# {valueType: "boolean", order: 1800, defaultValue: "true", showEl: "${duoPattern != null}"}
+# provisionerStartWith.duoCommon.addDisabledIncrementalSyncDaemon =
+
+
+
+#####################################################
+## subject change daemon
+#####################################################
+
+# set this for subject change daemon
+# {valueType: "class", readOnly: true, mustExtendClass: "edu.internet2.middleware.grouper.app.loader.OtherJobBase"}
+# otherJob.mySubjectChangeId.class = edu.internet2.middleware.grouper.app.usdu.SubjectChangeDaemon
+
+# cron string
+# {valueType: "cron", required: true}
+# otherJob.mySubjectChangeId.quartzCron =
+
+# which source to update subjects for
+# {valueType: "string", regex: "^otherJob\\.([^.]+)\\.subjectChangeDaemon\\.subjectSourceId$", required: true, formElement: "dropdown", optionValuesFromClass: "edu.internet2.middleware.subject.provider.SourceManagerOptionValueDriver"}
+# otherJob.mySubjectChangeId.subjectChangeDaemon.subjectSourceId =
+
+# database external system config id to hit, default to "grouper"
+# {valueType: "string", regex: "^otherJob\\.([^.]+)\\.subjectChangeDaemon\\.database$", formElement: "dropdown", optionValuesFromClass: "edu.internet2.middleware.grouper.app.loader.db.DatabaseGrouperExternalSystem"}
+# otherJob.mySubjectChangeId.subjectChangeDaemon.database =
+
+# table with subject changes that need to be handled by this job, e.g. some_table. or you can qualify by schema: some_schema.another_table
+# {valueType: "string", regex: "^otherJob\\.([^.]+)\\.subjectChangeDaemon\\.table$", required: true}
+# otherJob.mySubjectChangeId.subjectChangeDaemon.table =
+
+# look up subjects by id or identifier
+# {valueType: "string", required: true, regex: "^otherJob\\.([^.]+)\\.subjectChangeDaemon\\.useSubjectIdOrIdentifier$", formElement: "dropdown", optionValues: ["subjectId", "subjectIdentifier"]}
+# otherJob.mySubjectChangeId.subjectChangeDaemon.useSubjectIdOrIdentifier =
+
+# subject id column
+# {valueType: "string", required: true, showEl: "${subjectChangeDaemon.useSubjectIdOrIdentifier == 'subjectId'}", regex: "^otherJob\\.([^.]+)\\.subjectChangeDaemon\\.columnSubjectId$"}
+# otherJob.mySubjectChangeId.subjectChangeDaemon.columnSubjectId =
+
+# if finding subjects by identifier, this is the column that represents the identifier
+# {valueType: "string", required: true, showEl: "${subjectChangeDaemon.useSubjectIdOrIdentifier == 'subjectIdentifier'}", regex: "^otherJob\\.([^.]+)\\.subjectChangeDaemon\\.columnSubjectIdentifier$"}
+# otherJob.mySubjectChangeId.subjectChangeDaemon.columnSubjectIdentifier =
+
+# primary key column, e.g. col1
+# {valueType: "string", regex: "^otherJob\\.([^.]+)\\.subjectChangeDaemon\\.columnPrimaryKey$", required: true}
+# otherJob.mySubjectChangeId.subjectChangeDaemon.columnPrimaryKey =
+
+# should processed rows by deleted
+# {valueType: "boolean", regex: "^otherJob\\.([^.]+)\\.subjectChangeDaemon\\.deleteProcessedRows$", defaultValue: "false"}
+# otherJob.mySubjectChangeId.subjectChangeDaemon.deleteProcessedRows =
+
+# name of a column that contains the timestamp of when a row is inserted
+# {valueType: "string", required: true, regex: "^otherJob\\.([^.]+)\\.subjectChangeDaemon\\.columnCreateTimestamp$"}
+# otherJob.mySubjectChangeId.subjectChangeDaemon.columnCreateTimestamp =
+
+# name of a column that would be updated with the timestamp of when a row has been processed
+# {valueType: "string", required: true, showEl: "${subjectChangeDaemon.deleteProcessedRows == false}", regex: "^otherJob\\.([^.]+)\\.subjectChangeDaemon\\.columnProcessedTimestamp$"}
+# otherJob.mySubjectChangeId.subjectChangeDaemon.columnProcessedTimestamp =
+
+########################################
+## midpoint provisioner
+########################################
+
+# provisioner class
+# {valueType: "class", required: true, readOnly: true, order: 10}
+# provisioner.someMidpointProvisioner.class = edu.internet2.middleware.grouper.app.midpointProvisioning.MidPointProvisioner
+
+# this is the sql external system config id
+# {valueType: "string", order: 20, required: true, formElement: "dropdown", optionValuesFromClass: "edu.internet2.middleware.grouper.app.loader.db.DatabaseGrouperExternalSystem"}
+# provisioner.someMidpointProvisioner.dbExternalSystemConfigId =
+
+# this is the prefix for table names
+# {valueType: "string", order: 50, required: true}
+# provisioner.someMidpointProvisioner.midPointTablesPrefix =
+
+# last modified column type. This is the database column type. The attribute in the representation is long always. This must exist for all tables being provisioned.
+# {valueType: "string", order: 76050, subSection: "general2", formElement: "dropdown", optionValues: ["long", "timestamp"]}
+# provisioner.someMidpointProvisioner.midPointLastModifiedColumnType =
+
+# last modified column name e.g. last_modified. In the database, this is either a timestamp or millis since 1970. It's always increasing. This must exist for all tables being provisioned.
+# {valueType: "string", order: 76100, required: true, subSection: "general2", showEl: "${midPointLastModifiedColumnType != null}"}
+# provisioner.someMidpointProvisioner.midPointLastModifiedColumnName =
+
+# deleted column name. If it's there, it must be of type that can store 'T' or 'F'. This must exist for all tables being provisioned. This column must be required and never null.
+# {valueType: "string", order: 76200, subSection: "general2"}
+# provisioner.someMidpointProvisioner.midPointDeletedColumnName =
+
+# Do you want target attribute to be stored in the group attributes table?
+# {valueType: "boolean", order: 60, defaultValue: "true"}
+# provisioner.someMidpointProvisioner.midPointHasTargetAttribute =
+
+# comma separated list of targets
+# {valueType: "string", order: 70, showEl: "${midPointHasTargetAttribute}"}
+# provisioner.someMidpointProvisioner.midPointListOfTargets =
+
+# provisioning type
+# {valueType: "string", required: true, order: 1000, subSection: "membership", showEl: "${operateOnGrouperMemberships}", formElement: "dropdown", optionValues: ["membershipObjects"]}
+# provisioner.someMidpointProvisioner.provisioningType =
+
+# number of attributes for memberships
+# {valueType: "integer", order: 5700, subSection: "membership", defaultValue: "0", showEl: "${false}", formElement: "dropdown", optionValues: ["1", "2", "3", "4", "5", "6", "7", "8", "9", "10", "11", "12", "13", "14", "15", "16", "17", "18", "19", "20"] }
+# provisioner.someMidpointProvisioner.numberOfMembershipAttributes =
+
+# if the groups need to be resolved in target
+# {valueType: "boolean", defaultValue: "false", subSection: "group", showEl: "${false}", order: 12000}
+# provisioner.someMidpointProvisioner.hasTargetGroupLink =
+
+# number of attributes for target groups
+# {valueType: "integer", order: 19999, subSection: "group", defaultValue: "0", showEl:"${false}", formElement: "dropdown", optionValues: ["1", "2", "3", "4", "5", "6", "7", "8", "9", "10", "11", "12", "13", "14", "15", "16", "17", "18", "19", "20"] }
+# provisioner.someMidpointProvisioner.numberOfGroupAttributes =
+
+# if the entities need to be resolved in target
+# {valueType: "boolean", defaultValue: "false", showEl:"${false}", order: 53000, subSection: "entity"}
+# provisioner.someMidpointProvisioner.hasTargetEntityLink =
+
+# number of attributes for target entities
+# {valueType: "integer", order: 59000, subSection: "entity", defaultValue: "0", showEl:"${false}", formElement: "dropdown", optionValues: ["1", "2", "3", "4", "5", "6", "7", "8", "9", "10", "11", "12", "13", "14", "15", "16", "17", "18", "19", "20"] }
+# provisioner.someMidpointProvisioner.numberOfEntityAttributes =
+
+# Matching ID expression
+# {valueType: "string", order: 76510, subSection: "membership2", showEl: "${false}"}
+# provisioner.someMidpointProvisioner.membershipMatchingIdExpression =
+
+# generally the matching attribute(s) are the same as the search attributes, but they can be different
+# {valueType: "boolean", defaultValue: "true", order: 77220, subSection: "group2", showEl: "${false}"}
+# provisioner.someMidpointProvisioner.groupMatchingAttributeSameAsSearchAttribute =
+
+# how many group matching attributes
+# {valueType: "integer", required: true, order: 77222, subSection: "group2", showEl: "${false}", formElement: "dropdown", optionValues: ["1", "2", "3"] }
+# provisioner.someMidpointProvisioner.groupMatchingAttributeCount =
+
+# Target group link - has groupAttributeValueCache?
+# {valueType: "boolean", defaultValue: "false", subSection: "group2", showEl: "${false}", order: 78001}
+# provisioner.someMidpointProvisioner.groupAttributeValueCacheHas =
+
+# group section 2 advanced options
+# {valueType: "boolean", defaultValue: "false", order: 79800, subSection: "group2", showEl: "${false}"}
+# provisioner.someMidpointProvisioner.group2advanced =
+
+# generally the matching attribute(s) are the same as the search attributes, but they can be different
+# {valueType: "boolean", defaultValue: "true", order: 80220, subSection: "entity2", showEl: "${false}"}
+# provisioner.someMidpointProvisioner.entityMatchingAttributeSameAsSearchAttribute =
+
+
+# how many entity matching attributes
+# {valueType: "integer", required: true, order: 80222, subSection: "entity2", showEl: "${false}", formElement: "dropdown", optionValues: ["1", "2", "3"] }
+# provisioner.someMidpointProvisioner.entityMatchingAttributeCount =
+
+# Target entity link - has entityAttributeValueCache?
+# {valueType: "boolean", defaultValue: "false", subSection: "entity2", showEl: "${false}", order: 80301}
+# provisioner.someMidpointProvisioner.entityAttributeValueCacheHas =
+
+# entity section 2 advanced options
+# {valueType: "boolean", defaultValue: "false", order: 81000, subSection: "entity2", showEl: "${false}"}
+# provisioner.someMidpointProvisioner.entity2advanced =
+
+########################################
+## institution specific provisioners
+########################################
+
+# This is the provisioner configuration class that extends edu.internet2.middleware.grouper.app.provisioning.ProvisioningConfiguration
+# {valueType: "string", regex: "^grouperExtraProvisionerConfiguration\\.[^.]+\\.class$", mustExtendClass: "edu.internet2.middleware.grouper.app.provisioning.ProvisioningConfiguration"}
+# grouperExtraProvisionerConfiguration.<configId>.class =
diff --git a/container_files/grouperWebapp/WEB-INF/classes/log4j.properties b/container_files/grouperWebapp/WEB-INF/classes/log4j.properties
new file mode 100644
index 00000000..75bc0249
--- /dev/null
+++ b/container_files/grouperWebapp/WEB-INF/classes/log4j.properties
@@ -0,0 +1,105 @@
+
+#
+# Copyright 2014 Internet2
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+#${grouper.home} will be substituted with the System property "grouper.home", which must have a trailing \ or /
+# depending on your OS. Of course you can use absolute paths if you prefer
+
+
+#
+# log4j Configuration
+# $Id: log4j.example.properties,v 1.13 2009-12-18 13:56:51 tzeller Exp $
+#
+
+# Appenders
+
+## Log messages to stderr
+log4j.appender.grouper_stderr = org.apache.log4j.ConsoleAppender
+log4j.appender.grouper_stderr.Target = System.err
+log4j.appender.grouper_stderr.layout = org.apache.log4j.PatternLayout
+log4j.appender.grouper_stderr.layout.ConversionPattern = %d{ISO8601}: [%t] %-5p %C{1}.%M(%L) - %x - %m%n
+
+## Grouper API error logging
+log4j.appender.grouper_error = org.apache.log4j.DailyRollingFileAppender
+log4j.appender.grouper_error.File = /opt/grouper/logs/grouper.log
+log4j.appender.grouper_error.DatePattern = '.'yyyy-MM-dd
+log4j.appender.grouper_error.MaxBackupIndex = 30
+log4j.appender.grouper_error.layout = org.apache.log4j.PatternLayout
+log4j.appender.grouper_error.layout.ConversionPattern = %d{ISO8601}: [%t] %-5p %C{1}.%M(%L) - %x - %m%n
+
+log4j.appender.grouper_daemon = org.apache.log4j.DailyRollingFileAppender
+log4j.appender.grouper_daemon.File = /opt/grouper/logs/grouperDaemon.log
+log4j.appender.grouper_daemon.DatePattern = '.'yyyy-MM-dd
+log4j.appender.grouper_daemon.MaxBackupIndex = 30
+log4j.appender.grouper_daemon.layout = org.apache.log4j.PatternLayout
+log4j.appender.grouper_daemon.layout.ConversionPattern = %d{ISO8601}: [%t] %-5p %C{1}.%M(%L) - %x - %m%n
+
+log4j.appender.grouper_pspng = org.apache.log4j.DailyRollingFileAppender
+log4j.appender.grouper_pspng.File = /opt/grouper/logs/pspng.log
+log4j.appender.grouper_pspng.DatePattern = '.'yyyy-MM-dd
+log4j.appender.grouper_pspng.MaxBackupIndex = 30
+log4j.appender.grouper_pspng.layout = org.apache.log4j.PatternLayout
+log4j.appender.grouper_pspng.layout.ConversionPattern = %d{ISO8601}: [%t] %-5p %C{1}.%M(%L) - %x - %m%n
+
+log4j.appender.grouper_provisioning = org.apache.log4j.DailyRollingFileAppender
+log4j.appender.grouper_provisioning.File = /opt/grouper/logs/provisioning.log
+log4j.appender.grouper_provisioning.DatePattern = '.'yyyy-MM-dd
+log4j.appender.grouper_provisioning.MaxBackupIndex = 30
+log4j.appender.grouper_provisioning.layout = org.apache.log4j.PatternLayout
+log4j.appender.grouper_provisioning.layout.ConversionPattern = %d{ISO8601}: [%t] %-5p %C{1}.%M(%L) - %x - %m%n
+
+
+# Loggers
+
+## Default logger; will log *everything*
+log4j.rootLogger = ERROR, grouper_stderr, grouper_error
+
+ ## All Internet2 (warn to grouper_error per default logger)
+log4j.logger.edu.internet2.middleware = WARN
+
+log4j.logger.edu.internet2.middleware.grouper.app.loader.GrouperLoaderLog = DEBUG, grouper_daemon
+log4j.additivity.edu.internet2.middleware.grouper.app.loader.GrouperLoaderLog = false
+
+log4j.logger.edu.internet2.middleware.grouper.pspng = INFO, grouper_pspng
+log4j.additivity.edu.internet2.middleware.grouper.pspng = false
+
+log4j.logger.edu.internet2.middleware.grouper.app.provisioning.GrouperProvisioningObjectLog = DEBUG, grouper_provisioning
+log4j.additivity.edu.internet2.middleware.grouper.app.provisioning.GrouperProvisioningObjectLog = false
+
+log4j.logger.edu.internet2.middleware.grouper.app.syncToGrouper.SyncToGrouperFromSqlDaemon = DEBUG
+
+log4j.logger.edu.internet2.middleware.grouper.app.provisioning.GrouperProvisioningLogCommands = DEBUG
+
+log4j.logger.edu.internet2.middleware.grouper.stem.StemViewPrivilegeEsbListener = DEBUG
+
+log4j.logger.edu.internet2.middleware.grouper.stem.StemViewPrivilegeFullDaemonLogic = DEBUG
+
+
+#######################################################
+##Optional settings for debug logs
+#######################################################
+
+## Hooks debug info
+#log4j.logger.edu.internet2.middleware.grouper.hooks.examples.GroupTypeTupleIncludeExcludeHook = DEBUG
+#log4j.logger.edu.internet2.middleware.grouper.Group = DEBUG
+
+#log4j.logger.edu.internet2.middleware.grouper.hooks.examples.GroupTypeSecurityHook = DEBUG
+
+
+# added by grouper-installer
+log4j.logger.org.apache.tools.ant = WARN
+
+log4j.logger.edu.internet2.middleware.grouper.util.PerformanceLogger = INFO
\ No newline at end of file
diff --git a/container_files/grouperWebapp/WEB-INF/classes/log4j2.additionalAppenders.xml.txt b/container_files/grouperWebapp/WEB-INF/classes/log4j2.additionalAppenders.xml.txt
new file mode 100644
index 00000000..e69de29b
diff --git a/container_files/grouperWebapp/WEB-INF/classes/log4j2.additionalLoggers.xml.txt b/container_files/grouperWebapp/WEB-INF/classes/log4j2.additionalLoggers.xml.txt
new file mode 100644
index 00000000..e69de29b
diff --git a/container_files/grouperWebapp/WEB-INF/classes/log4j2.xml b/container_files/grouperWebapp/WEB-INF/classes/log4j2.xml
new file mode 100644
index 00000000..800f8157
--- /dev/null
+++ b/container_files/grouperWebapp/WEB-INF/classes/log4j2.xml
@@ -0,0 +1,127 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Configuration status="info">
+ <Properties>
+ <Property name="layout">%d{ISO8601}: [%t] %-5p %C{1}.%M(%L) - %x - %m%n</Property>
+ <Property name="env">__ENV__</Property>
+ <Property name="usertoken">__USERTOKEN__</Property>
+ <Property name="grouplogprefix">__GROUPER_LOG_PREFIX__</Property>
+ </Properties>
+ <Appenders>
+ <Console name="stderr" target="SYSTEM_ERR">
+ <PatternLayout pattern="${grouplogprefix};${env}${usertoken}${layout}"/>
+ </Console>
+ __FILESTART__
+ <RollingFile name="file_catalina" fileName="/opt/grouper/logs/catalina.out" filePattern="/opt/grouper/logs/catalina.out.%d{yyyy-MM-dd}" >
+ <PatternLayout pattern="${grouplogprefix}catalina.out;${env}${usertoken}${layout}"/>
+ <Policies>
+ <TimeBasedTriggeringPolicy interval="1"/>
+ </Policies>
+ <DefaultRolloverStrategy max="30" />
+ </RollingFile>
+ <RollingFile name="file_grouper_error" fileName="/opt/grouper/logs/grouper.log" filePattern="/opt/grouper/logs/grouper.log.%d{yyyy-MM-dd}" >
+ <PatternLayout pattern="${grouplogprefix}grouper_error.log;${env}${usertoken}${layout}"/>
+ <Policies>
+ <TimeBasedTriggeringPolicy interval="1"/>
+ </Policies>
+ <DefaultRolloverStrategy max="30" />
+ </RollingFile>
+ <RollingFile name="file_grouper_daemon" fileName="/opt/grouper/logs/grouperDaemon.log" filePattern="/opt/grouper/logs/grouperDaemon.log.%d{yyyy-MM-dd}" >
+ <PatternLayout pattern="${grouplogprefix}grouperDaemon.log;${env}${usertoken}${layout}"/>
+ <Policies>
+ <TimeBasedTriggeringPolicy interval="1"/>
+ </Policies>
+ <DefaultRolloverStrategy max="30" />
+ </RollingFile>
+ <RollingFile name="file_grouper_provisioning" fileName="/opt/grouper/logs/provisioning.log" filePattern="/opt/grouper/logs/provisioning.log.%d{yyyy-MM-dd}" >
+ <PatternLayout pattern="${grouplogprefix}provisioning.log;${env}${usertoken}${layout}"/>
+ <Policies>
+ <TimeBasedTriggeringPolicy interval="1"/>
+ </Policies>
+ <DefaultRolloverStrategy max="30" />
+ </RollingFile>
+ <RollingFile name="file_grouper_ws" fileName="/opt/grouper/logs/grouper_ws.log" filePattern="/opt/grouper/logs/grouper_ws.log.%d{yyyy-MM-dd}" >
+ <PatternLayout pattern="${grouplogprefix}grouper_ws.log;${env}${usertoken}${layout}"/>
+ <Policies>
+ <TimeBasedTriggeringPolicy interval="1"/>
+ </Policies>
+ <DefaultRolloverStrategy max="30" />
+ </RollingFile>
+ <RollingFile name="file_grouper_ws_longRunning" fileName="/opt/grouper/logs/grouper_ws_longRunning.log" filePattern="/opt/grouper/logs/grouper_ws_longRunning.log.%d{yyyy-MM-dd}" >
+ <PatternLayout pattern="${grouplogprefix}grouper_ws_longRunning.log;${env}${usertoken}${layout}"/>
+ <Policies>
+ <TimeBasedTriggeringPolicy interval="1"/>
+ </Policies>
+ <DefaultRolloverStrategy max="30" />
+ </RollingFile>
+ __FILEEND__
+ <!--MOREAPPENDERS-->
+
+ </Appenders>
+ <Loggers>
+ <Root level="error">
+ __FILESTART__<AppenderRef ref="file_grouper_error"/>__FILEEND__
+ </Root>
+ <Logger name="org.apache.catalina" level="info" additivity="false">
+ __FILESTART__<AppenderRef ref="file_catalina"/>__FILEEND__
+ </Logger>
+ <Logger name="edu.internet2.middleware" level="warn" additivity="false">
+ __FILESTART__<AppenderRef ref="file_grouper_error"/>__FILEEND__
+ </Logger>
+ <Logger name="edu.internet2.middleware.grouper.app.loader.GrouperLoaderLog" level="debug" additivity="false">
+ __FILESTART__<AppenderRef ref="file_grouper_daemon"/>__FILEEND__
+ </Logger>
+ <Logger name="edu.internet2.middleware.grouper.pspng" level="warn" additivity="false">
+ __FILESTART__<AppenderRef ref="file_grouper_pspng"/>__FILEEND__
+ </Logger>
+ <Logger name="edu.internet2.middleware.grouper.app.provisioning.GrouperProvisioningObjectLog" level="debug" additivity="false">
+ __FILESTART__<AppenderRef ref="file_grouper_provisioning"/>__FILEEND__
+ </Logger>
+ <Logger name="edu.internet2.middleware.grouper.app.syncToGrouper.SyncToGrouperFromSqlDaemon" level="debug" additivity="false">
+ __FILESTART__<AppenderRef ref="file_grouper_error"/>__FILEEND__
+ </Logger>
+ <Logger name="edu.internet2.middleware.grouper.app.provisioning.GrouperProvisioningLogCommands" level="debug" additivity="false">
+ __FILESTART__<AppenderRef ref="file_grouper_error"/>__FILEEND__
+ </Logger>
+ <Logger name="edu.internet2.middleware.grouper.stem.StemViewPrivilegeEsbListener" level="debug" additivity="false">
+ __FILESTART__<AppenderRef ref="file_grouper_error"/>__FILEEND__
+ </Logger>
+ <Logger name="edu.internet2.middleware.grouper.stem.StemViewPrivilegeFullDaemonLogic" level="debug" additivity="false">
+ __FILESTART__<AppenderRef ref="file_grouper_error"/>__FILEEND__
+ </Logger>
+ <Logger name="org.apache.tools.ant" level="warn" additivity="false">
+ __FILESTART__<AppenderRef ref="file_grouper_error"/>__FILEEND__
+ </Logger>
+ <Logger name="edu.internet2.middleware.grouper.util.PerformanceLogger" level="info" additivity="false">
+ __FILESTART__<AppenderRef ref="file_grouper_error"/>__FILEEND__
+ </Logger>
+ <Logger name="edu.internet2.middleware.grouper.ws.util.GrouperWsLog" level="off" additivity="false">
+ __FILESTART__<AppenderRef ref="file_grouper_ws"/>__FILEEND__
+ </Logger>
+ <Logger name="edu.internet2.middleware.grouper.ws.util.GrouperWsLongRunningLog" level="off" additivity="false">
+ __FILESTART__<AppenderRef ref="file_grouper_ws_longRunning"/>__FILEEND__
+ </Logger>
+ <Logger name="edu.internet2.middleware.grouper.ui.customUi.CustomUiEngine" level="debug" additivity="false">
+ __FILESTART__<AppenderRef ref="file_grouper_error"/>__FILEEND__
+ </Logger>
+ <Logger name="edu.upenn.isc.pennGrouper.o365" level="debug" additivity="false">
+ __FILESTART__<AppenderRef ref="file_grouper_error"/>__FILEEND__
+ </Logger>
+ <Logger name="edu.internet2.middleware.grouper.app.remedy.GrouperRemedyLog" level="debug" additivity="false">
+ __FILESTART__<AppenderRef ref="file_grouper_provisioning"/>__FILEEND__
+ </Logger>
+ <Logger name="edu.internet2.middleware.grouper.app.remedy.digitalMarketplace.GrouperDigitalMarketplaceLog" level="debug" additivity="false">
+ __FILESTART__<AppenderRef ref="file_grouper_provisioning"/>__FILEEND__
+ </Logger>
+ <Logger name="edu.internet2.middleware.grouperBox.GrouperBoxLog" level="debug" additivity="false">
+ __FILESTART__<AppenderRef ref="file_grouper_provisioning"/>__FILEEND__
+ </Logger>
+ <Logger name="edu.internet2.middleware.grouperClient.jdbc.tableSync.GcTableSyncLog" level="debug" additivity="false">
+ __FILESTART__<AppenderRef ref="file_grouper_error"/>__FILEEND__
+ </Logger>
+ <Logger name="edu.internet2.middleware.grouper.app.zoom" level="debug" additivity="false">
+ __FILESTART__<AppenderRef ref="file_grouper_provisioning"/>__FILEEND__
+ </Logger>
+
+ <!--MORELOGGERS-->
+ </Loggers>
+</Configuration>
diff --git a/container_files/httpd/grouper-www.conf b/container_files/httpd/grouper-www.conf
deleted file mode 100644
index 562e47c6..00000000
--- a/container_files/httpd/grouper-www.conf
+++ /dev/null
@@ -1,20 +0,0 @@
-
-Timeout 2400
-ProxyTimeout 2400
-ProxyBadHeader Ignore
-
-ProxyPass /grouper ajp://localhost:8009/grouper timeout=2400
-ProxyPass /grouper-ws ajp://localhost:8009/grouper-ws timeout=2400
-ProxyPass /grouper-ws-scim ajp://localhost:8009/grouper-ws-scim timeout=2400
-
-RewriteEngine on
-RewriteCond %{REQUEST_URI} "^/$"
-RewriteRule . %{REQUEST_SCHEME}://%{HTTP_HOST}/grouper/ [R=301,L]
-
-<Location /grouper>
- AuthType shibboleth
- ShibRequestSetting requireSession 1
- ShibRequireSession on
- ShibUseHeaders On
- require shibboleth
-</Location>
diff --git a/container_files/httpd/ssl-enabled.conf b/container_files/httpd/ssl-enabled.conf
deleted file mode 100644
index 00d75a44..00000000
--- a/container_files/httpd/ssl-enabled.conf
+++ /dev/null
@@ -1,28 +0,0 @@
-# modern configuration, tweak to your needs
-SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
-SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
-SSLHonorCipherOrder on
-SSLCompression off
-
-# OCSP Stapling, only in httpd 2.3.3 and later
-SSLUseStapling on
-SSLStaplingResponderTimeout 5
-SSLStaplingReturnResponderErrors off
-SSLStaplingCache shmcb:/var/run/ocsp(128000)
-
-Listen 443 https
-<VirtualHost *:443>
- RewriteEngine on
- RewriteRule "^/$" "/grouper/" [R]
-
- SSLEngine on
- SSLCertificateChainFile /etc/pki/tls/certs/cachain.pem
-
- SSLCertificateFile /etc/pki/tls/certs/host-cert.pem
-
- SSLCertificateKeyFile /etc/pki/tls/private/host-key.pem
-
- # HSTS (mod_headers is required) (15768000 seconds = 6 months)
- Header always set Strict-Transport-Security "max-age=15768000"
-</VirtualHost>
-
diff --git a/container_files/java-corretto/corretto-signing-key.pub b/container_files/java-corretto/corretto-signing-key.pub
new file mode 100644
index 00000000..b0198ed7
--- /dev/null
+++ b/container_files/java-corretto/corretto-signing-key.pub
@@ -0,0 +1,30 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v2.0.22 (GNU/Linux)
+
+mQINBF3pShkBEADJzglehQDFlc1+9VFubVPzpq8ZYtzmJkNjf09scOUzaKZOm3Ar
+mPh9Rufk4mB7t1LP4JeHAKAS17ggCHGVxRGXAAQ9Laf8ibX4SiFO3Ehyyl3smuFf
+ZhexBnvc7vRc4EUlKqarCQRUlaraDOrmq7WbhXdvCgc4u2uBLwUjAd3PHQUByAZw
+lsEQzpQnehNomjrE0pO6ms9AhmpbXlf/yr14EXvlo4lTd8QUdvS+AOCYfrHb9WGO
+IEsyyDuzuf2grV/QFpoi0VBhTCyiNYXla2AfCreMGlOCYsjw1nU93OyAqF3SaTOC
+o52yrzcb2NpbBDwRXOHNwe1md+DbRwEfkaWr5I91FqRpgEeawqyxY1miJRHduhsz
+WTgTMBF/EQfmTspD2YBX/BjNJTrdDXYvACX8slVV/vBnpi+dEpVEK3hh21ij991S
+lv8YoFnoC7XP44C7WNpVQpGW9ZWpnjLCvm3DMKW0r3Vfb3XDYhnHI1Q14Pxn0cwf
+x1L2RA4doyWd1TRZBFBe2f0vSkZT0YFaibKaKi6AkDIMU/+u+/e3wWbYXqzsSITj
+ffMkpMMNSwxbm8JqnsudjuzdEsYAiBUcFMwWysQDcyu63un2OmLKLfKxy19vCpS1
+8mkNy95JuO4jZtu+IiinvSSjlbJmslu3uK3/cTRsWaB7BRtHewE7SugMOwARAQAB
+tEhBbWF6b24gU2VydmljZXMgTExDIChBbWF6b24gQ29ycmV0dG8gcmVsZWFzZSkg
+PGNvcnJldHRvLXRlYW1AYW1hem9uLmNvbT6JAjEEEwECABsFAl3pShkCGy8FCQlm
+AYAFFQgKCQsCHgECF4AACgkQoSJUKrBPJOOJDg/6AqmntaxDWX6qfR++0qwtD9Lp
+vgONFvA+9AYQeGt7OX79O/SSPy97Kvn6DYRBdelShTAH60DbXCUs42sIRFqRjmHY
+HfIgOkUJjWoJz9oQnY+mzAKbOohCrR+YIvyCegFb0dboDaqSQ4w68+d1is7L84pz
+ZB2j0nrQDbFihPmR+epfHkLUGGywuZHCdEFfD8nXMOJeVbgSzf7Vhl8ZrydIkZTI
+7aASG5MkDO/GuVpEGQYAnH9h/jzJlfUKndswC6UFcM5Ol07pDPdHVBAi9q1SyxDe
+uSS1NgDW7OW7zgpB+4/PrZKKiEP/fBAWa9nFSLwTaMdsoaAuQAmmgbqYfy3XXKK7
+IBaKSnJpQDvNb0vmXJEY3qX2Bfh0p1KCeaQhYwIJi8rPQWC24fiLY9bdCIlkbbPQ
+CSNOEq9nUWRg9KbUGmd/PWSkT6Jheyq3BZBF1YPYEt8o/l437HHd08lREqH0sana
+Hb72GZTi2RUrNBBp5C1e8MqllXE6RKmri2m0TSBHR5C4ZLII9duyA839dYIA4KGU
+nmetZckuRuwHFmd3/YWtMEfn47UedzhVT16z3OvBipHU1BKzLGcvUFXrUKvpJQlh
+dNPUQh+wb91EzItjkJ96m+N+81iQdN3yd8cE38NTA8b+Qc7tmTYxwNZxcv16FxLA
+y2VhKc09A8RwSI69vDs=
+=ZNRH
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/container_files/shibboleth/attribute-map.xml b/container_files/shibboleth/attribute-map.xml
deleted file mode 100644
index a6725f3e..00000000
--- a/container_files/shibboleth/attribute-map.xml
+++ /dev/null
@@ -1,153 +0,0 @@
-<Attributes xmlns="urn:mace:shibboleth:2.0:attribute-map" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
-
- <!--
- The mappings are a mix of SAML 1.1 and SAML 2.0 attribute names agreed to within the Shibboleth
- community. The non-OID URNs are SAML 1.1 names and most of the OIDs are SAML 2.0 names, with a
- few exceptions for newer attributes where the name is the same for both versions. You will
- usually want to uncomment or map the names for both SAML versions as a unit.
- -->
-
- <!-- First some useful eduPerson attributes that many sites might use. -->
-
- <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" id="eppn">
- <AttributeDecoder xsi:type="ScopedAttributeDecoder"/>
- </Attribute>
- <Attribute name="urn:mace:dir:attribute-def:eduPersonPrincipalName" id="eppn">
- <AttributeDecoder xsi:type="ScopedAttributeDecoder"/>
- </Attribute>
-
- <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.9" id="affiliation">
- <AttributeDecoder xsi:type="ScopedAttributeDecoder" caseSensitive="false"/>
- </Attribute>
- <Attribute name="urn:mace:dir:attribute-def:eduPersonScopedAffiliation" id="affiliation">
- <AttributeDecoder xsi:type="ScopedAttributeDecoder" caseSensitive="false"/>
- </Attribute>
-
- <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.1" id="unscoped-affiliation">
- <AttributeDecoder xsi:type="StringAttributeDecoder" caseSensitive="false"/>
- </Attribute>
- <Attribute name="urn:mace:dir:attribute-def:eduPersonAffiliation" id="unscoped-affiliation">
- <AttributeDecoder xsi:type="StringAttributeDecoder" caseSensitive="false"/>
- </Attribute>
-
- <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" id="entitlement"/>
- <Attribute name="urn:mace:dir:attribute-def:eduPersonEntitlement" id="entitlement"/>
-
- <!-- A persistent id attribute that supports personalized anonymous access. -->
-
- <!-- First, the deprecated/incorrect version, decoded as a scoped string: -->
- <Attribute name="urn:mace:dir:attribute-def:eduPersonTargetedID" id="targeted-id">
- <AttributeDecoder xsi:type="ScopedAttributeDecoder"/>
- <!-- <AttributeDecoder xsi:type="NameIDFromScopedAttributeDecoder" formatter="$NameQualifier!$SPNameQualifier!$Name" defaultQualifiers="true"/> -->
- </Attribute>
-
- <!-- Second, an alternate decoder that will decode the incorrect form into the newer form. -->
- <!--
- <Attribute name="urn:mace:dir:attribute-def:eduPersonTargetedID" id="persistent-id">
- <AttributeDecoder xsi:type="NameIDFromScopedAttributeDecoder" formatter="$NameQualifier!$SPNameQualifier!$Name" defaultQualifiers="true"/>
- </Attribute>
- -->
-
- <!-- Third, the new version (note the OID-style name): -->
- <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10" id="persistent-id">
- <AttributeDecoder xsi:type="NameIDAttributeDecoder" formatter="$NameQualifier!$SPNameQualifier!$Name" defaultQualifiers="true"/>
- </Attribute>
-
- <!-- Fourth, the SAML 2.0 NameID Format: -->
- <Attribute name="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" id="persistent-id">
- <AttributeDecoder xsi:type="NameIDAttributeDecoder" formatter="$NameQualifier!$SPNameQualifier!$Name" defaultQualifiers="true"/>
- </Attribute>
-
- <!-- Some more eduPerson attributes, uncomment these to use them... -->
- <!--
- <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.11" id="assurance"/>
-
- <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.5.1.1" id="member"/>
-
- <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.6.1.1" id="eduCourseOffering"/>
- <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.6.1.2" id="eduCourseMember"/>
-
- <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.5" id="primary-affiliation">
- <AttributeDecoder xsi:type="StringAttributeDecoder" caseSensitive="false"/>
- </Attribute>
- <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.2" id="nickname"/>
- <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.8" id="primary-orgunit-dn"/>
- <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.4" id="orgunit-dn"/>
- <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.3" id="org-dn"/>
-
- <Attribute name="urn:mace:dir:attribute-def:eduPersonPrimaryAffiliation" id="primary-affiliation">
- <AttributeDecoder xsi:type="StringAttributeDecoder" caseSensitive="false"/>
- </Attribute>
- <Attribute name="urn:mace:dir:attribute-def:eduPersonNickname" id="nickname"/>
- <Attribute name="urn:mace:dir:attribute-def:eduPersonPrimaryOrgUnitDN" id="primary-orgunit-dn"/>
- <Attribute name="urn:mace:dir:attribute-def:eduPersonOrgUnitDN" id="orgunit-dn"/>
- <Attribute name="urn:mace:dir:attribute-def:eduPersonOrgDN" id="org-dn"/>
- -->
-
- <!-- SCHAC attributes, uncomment to use... -->
- <!--
- <Attribute name="urn:oid:1.3.6.1.4.1.25178.1.2.9" id="schacHomeOrganization"/>
- -->
-
- <!-- Examples of LDAP-based attributes, uncomment to use these... -->
- <!--
- <Attribute name="urn:oid:2.5.4.3" id="cn"/>
- <Attribute name="urn:oid:2.5.4.4" id="sn"/>
- <Attribute name="urn:oid:2.5.4.42" id="givenName"/>
- <Attribute name="urn:oid:2.16.840.1.113730.3.1.241" id="displayName"/>
- -->
- <Attribute name="urn:oid:0.9.2342.19200300.100.1.1" id="uid"/>
- <Attribute name="urn:oid:0.9.2342.19200300.100.1.3" id="mail"/>
- <!--
- <Attribute name="urn:oid:2.5.4.20" id="telephoneNumber"/>
- <Attribute name="urn:oid:2.5.4.12" id="title"/>
- <Attribute name="urn:oid:2.5.4.43" id="initials"/>
- <Attribute name="urn:oid:2.5.4.13" id="description"/>
- <Attribute name="urn:oid:2.16.840.1.113730.3.1.1" id="carLicense"/>
- <Attribute name="urn:oid:2.16.840.1.113730.3.1.2" id="departmentNumber"/>
- <Attribute name="urn:oid:2.16.840.1.113730.3.1.3" id="employeeNumber"/>
- <Attribute name="urn:oid:2.16.840.1.113730.3.1.4" id="employeeType"/>
- <Attribute name="urn:oid:2.16.840.1.113730.3.1.39" id="preferredLanguage"/>
- <Attribute name="urn:oid:0.9.2342.19200300.100.1.10" id="manager"/>
- <Attribute name="urn:oid:2.5.4.34" id="seeAlso"/>
- <Attribute name="urn:oid:2.5.4.23" id="facsimileTelephoneNumber"/>
- <Attribute name="urn:oid:2.5.4.9" id="street"/>
- <Attribute name="urn:oid:2.5.4.18" id="postOfficeBox"/>
- <Attribute name="urn:oid:2.5.4.17" id="postalCode"/>
- <Attribute name="urn:oid:2.5.4.8" id="st"/>
- <Attribute name="urn:oid:2.5.4.7" id="l"/>
- <Attribute name="urn:oid:2.5.4.10" id="o"/>
- <Attribute name="urn:oid:2.5.4.11" id="ou"/>
- <Attribute name="urn:oid:2.5.4.15" id="businessCategory"/>
- <Attribute name="urn:oid:2.5.4.19" id="physicalDeliveryOfficeName"/>
-
- <Attribute name="urn:mace:dir:attribute-def:cn" id="cn"/>
- <Attribute name="urn:mace:dir:attribute-def:sn" id="sn"/>
- <Attribute name="urn:mace:dir:attribute-def:givenName" id="givenName"/>
- <Attribute name="urn:mace:dir:attribute-def:displayName" id="displayName"/>
- <Attribute name="urn:mace:dir:attribute-def:uid" id="uid"/>
- <Attribute name="urn:mace:dir:attribute-def:mail" id="mail"/>
- <Attribute name="urn:mace:dir:attribute-def:telephoneNumber" id="telephoneNumber"/>
- <Attribute name="urn:mace:dir:attribute-def:title" id="title"/>
- <Attribute name="urn:mace:dir:attribute-def:initials" id="initials"/>
- <Attribute name="urn:mace:dir:attribute-def:description" id="description"/>
- <Attribute name="urn:mace:dir:attribute-def:carLicense" id="carLicense"/>
- <Attribute name="urn:mace:dir:attribute-def:departmentNumber" id="departmentNumber"/>
- <Attribute name="urn:mace:dir:attribute-def:employeeNumber" id="employeeNumber"/>
- <Attribute name="urn:mace:dir:attribute-def:employeeType" id="employeeType"/>
- <Attribute name="urn:mace:dir:attribute-def:preferredLanguage" id="preferredLanguage"/>
- <Attribute name="urn:mace:dir:attribute-def:manager" id="manager"/>
- <Attribute name="urn:mace:dir:attribute-def:seeAlso" id="seeAlso"/>
- <Attribute name="urn:mace:dir:attribute-def:facsimileTelephoneNumber" id="facsimileTelephoneNumber"/>
- <Attribute name="urn:mace:dir:attribute-def:street" id="street"/>
- <Attribute name="urn:mace:dir:attribute-def:postOfficeBox" id="postOfficeBox"/>
- <Attribute name="urn:mace:dir:attribute-def:postalCode" id="postalCode"/>
- <Attribute name="urn:mace:dir:attribute-def:st" id="st"/>
- <Attribute name="urn:mace:dir:attribute-def:l" id="l"/>
- <Attribute name="urn:mace:dir:attribute-def:o" id="o"/>
- <Attribute name="urn:mace:dir:attribute-def:ou" id="ou"/>
- <Attribute name="urn:mace:dir:attribute-def:businessCategory" id="businessCategory"/>
- <Attribute name="urn:mace:dir:attribute-def:physicalDeliveryOfficeName" id="physicalDeliveryOfficeName"/>
- -->
-
-</Attributes>
diff --git a/container_files/shibboleth/native.logger b/container_files/shibboleth/native.logger
deleted file mode 100644
index 0b01f32f..00000000
--- a/container_files/shibboleth/native.logger
+++ /dev/null
@@ -1,39 +0,0 @@
-# set overall behavior
-log4j.rootCategory=INFO, native_log, warn_log
-
-# fairly verbose for DEBUG, so generally leave at INFO
-log4j.category.XMLTooling.XMLObject=INFO
-log4j.category.XMLTooling.KeyInfoResolver=INFO
-log4j.category.Shibboleth.IPRange=INFO
-log4j.category.Shibboleth.PropertySet=INFO
-
-# raise for low-level tracing of SOAP client HTTP/SSL behavior
-log4j.category.XMLTooling.libcurl=INFO
-
-# useful categories to tune independently:
-#
-# tracing of SAML messages and security policies
-#log4j.category.OpenSAML.MessageDecoder=DEBUG
-#log4j.category.OpenSAML.MessageEncoder=DEBUG
-#log4j.category.OpenSAML.SecurityPolicyRule=DEBUG
-# interprocess message remoting
-#log4j.category.Shibboleth.Listener=DEBUG
-# mapping of requests to applicationId
-#log4j.category.Shibboleth.RequestMapper=DEBUG
-# high level session cache operations
-#log4j.category.Shibboleth.SessionCache=DEBUG
-# persistent storage and caching
-#log4j.category.XMLTooling.StorageService=DEBUG
-
-# define the appender
-
-log4j.appender.native_log=org.apache.log4j.FileAppender
-log4j.appender.native_log.fileName=/tmp/logpipe
-log4j.appender.native_log.layout=org.apache.log4j.PatternLayout
-log4j.appender.native_log.layout.ConversionPattern=shibd;native.log;${ENV};${USERTOKEN};%d{%Y-%m-%d %H:%M:%S} %p %c %x: %m%n
-
-log4j.appender.warn_log=org.apache.log4j.FileAppender
-log4j.appender.warn_log.fileName=/tmp/logpipe
-log4j.appender.warn_log.layout=org.apache.log4j.PatternLayout
-log4j.appender.warn_log.layout.ConversionPattern=shibd;native_warn.log;${ENV};${USERTOKEN};%d{%Y-%m-%d %H:%M:%S} %p %c %x: %m%n
-log4j.appender.warn_log.threshold=WARN
diff --git a/container_files/shibboleth/shibd.logger b/container_files/shibboleth/shibd.logger
deleted file mode 100644
index c5685b29..00000000
--- a/container_files/shibboleth/shibd.logger
+++ /dev/null
@@ -1,59 +0,0 @@
-# set overall behavior
-log4j.rootCategory=INFO, shibd_log
-
-# fairly verbose for DEBUG, so generally leave at INFO
-log4j.category.XMLTooling.XMLObject=INFO
-log4j.category.XMLTooling.KeyInfoResolver=INFO
-log4j.category.Shibboleth.IPRange=INFO
-log4j.category.Shibboleth.PropertySet=INFO
-
-# raise for low-level tracing of SOAP client HTTP/SSL behavior
-log4j.category.XMLTooling.libcurl=INFO
-
-# useful categories to tune independently:
-#
-# tracing of SAML messages and security policies
-#log4j.category.OpenSAML.MessageDecoder=DEBUG
-#log4j.category.OpenSAML.MessageEncoder=DEBUG
-#log4j.category.OpenSAML.SecurityPolicyRule=DEBUG
-#log4j.category.XMLTooling.SOAPClient=DEBUG
-# interprocess message remoting
-#log4j.category.Shibboleth.Listener=DEBUG
-# mapping of requests to applicationId
-#log4j.category.Shibboleth.RequestMapper=DEBUG
-# high level session cache operations
-#log4j.category.Shibboleth.SessionCache=DEBUG
-# persistent storage and caching
-#log4j.category.XMLTooling.StorageService=DEBUG
-
-# logs XML being signed or verified if set to DEBUG
-log4j.category.XMLTooling.Signature.Debugger=INFO, sig_log
-log4j.additivity.XMLTooling.Signature.Debugger=false
-
-# the tran log blocks the "default" appender(s) at runtime
-# Level should be left at INFO for this category
-log4j.category.Shibboleth-TRANSACTION=INFO, tran_log
-log4j.additivity.Shibboleth-TRANSACTION=false
-# uncomment to suppress particular event types
-#log4j.category.Shibboleth-TRANSACTION.AuthnRequest=WARN
-#log4j.category.Shibboleth-TRANSACTION.Login=WARN
-#log4j.category.Shibboleth-TRANSACTION.Logout=WARN
-
-# define the appenders
-
-log4j.appender.shibd_log=org.apache.log4j.FileAppender
-log4j.appender.shibd_log.fileName=/tmp/logpipe
-log4j.appender.shibd_log.maxFileSize=0
-log4j.appender.shibd_log.layout=org.apache.log4j.PatternLayout
-log4j.appender.shibd_log.layout.ConversionPattern=shibd;shibd.log;${ENV};${USERTOKEN};%d{%Y-%m-%d %H:%M:%S} %p %c %x: %m%n
-
-log4j.appender.tran_log=org.apache.log4j.FileAppender
-log4j.appender.tran_log.fileName=/tmp/logpipe
-log4j.appender.tran_log.maxFileSize=0
-log4j.appender.tran_log.layout=org.apache.log4j.PatternLayout
-log4j.appender.tran_log.layout.ConversionPattern=shibd;transaction.log;${ENV};${USERTOKEN};%d{%Y-%m-%d %H:%M:%S} %p %c %x: %m%n
-
-log4j.appender.sig_log=org.apache.log4j.FileAppender
-log4j.appender.sig_log.fileName=/tmp/logpipe
-log4j.appender.sig_log.layout=org.apache.log4j.PatternLayout
-log4j.appender.sig_log.layout.ConversionPattern=shibd;signature.log;${ENV};${USERTOKEN};%m
diff --git a/container_files/tier-support/grouper-ws-scim.xml b/container_files/tier-support/grouper-ws-scim.xml
deleted file mode 100644
index bb15b17a..00000000
--- a/container_files/tier-support/grouper-ws-scim.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<Context docBase="/opt/grouper/grouper.scim/" path="/grouper-ws-scim" reloadable="false">
- <!-- Allow our symlinks to work-->
- <Resources allowLinking="true" />
-</Context>
-
-
diff --git a/container_files/tier-support/grouper-ws.xml b/container_files/tier-support/grouper-ws.xml
deleted file mode 100644
index b9aa6478..00000000
--- a/container_files/tier-support/grouper-ws.xml
+++ /dev/null
@@ -1,4 +0,0 @@
-<Context docBase="/opt/grouper/grouper.ws/" path="/grouper-ws" reloadable="false">
- <!-- Allow our symlinks to work-->
- <Resources allowLinking="true" />
-</Context>
diff --git a/container_files/tier-support/grouper.xml b/container_files/tier-support/grouper.xml
deleted file mode 100644
index 22cfbd8a..00000000
--- a/container_files/tier-support/grouper.xml
+++ /dev/null
@@ -1,4 +0,0 @@
-<Context docBase="/opt/grouper/grouper.ui/" path="/grouper" reloadable="false">
- <!-- Allow our symlinks to work-->
- <Resources allowLinking="true" />
-</Context>
diff --git a/container_files/tier-support/log4j_fix/tomcatBin/log4j-api-2.17.1.jar b/container_files/tier-support/log4j_fix/tomcatBin/log4j-api-2.17.1.jar
new file mode 100644
index 00000000..605c45d0
Binary files /dev/null and b/container_files/tier-support/log4j_fix/tomcatBin/log4j-api-2.17.1.jar differ
diff --git a/container_files/tier-support/log4j_fix/tomcatBin/log4j-core-2.17.1.jar b/container_files/tier-support/log4j_fix/tomcatBin/log4j-core-2.17.1.jar
new file mode 100644
index 00000000..bbead126
Binary files /dev/null and b/container_files/tier-support/log4j_fix/tomcatBin/log4j-core-2.17.1.jar differ
diff --git a/container_files/tier-support/log4j_fix/tomcatBin/log4j-jul-2.17.1.jar b/container_files/tier-support/log4j_fix/tomcatBin/log4j-jul-2.17.1.jar
new file mode 100644
index 00000000..bab94c2b
Binary files /dev/null and b/container_files/tier-support/log4j_fix/tomcatBin/log4j-jul-2.17.1.jar differ
diff --git a/container_files/tier-support/log4j_fix/tomcatLib/slf4j-api-1.7.32.jar b/container_files/tier-support/log4j_fix/tomcatLib/slf4j-api-1.7.32.jar
new file mode 100644
index 00000000..b16a0785
Binary files /dev/null and b/container_files/tier-support/log4j_fix/tomcatLib/slf4j-api-1.7.32.jar differ
diff --git a/container_files/tier-support/log4j_fix/tomcatLib/slf4j-jdk14-1.7.32.jar b/container_files/tier-support/log4j_fix/tomcatLib/slf4j-jdk14-1.7.32.jar
new file mode 100644
index 00000000..c38b303c
Binary files /dev/null and b/container_files/tier-support/log4j_fix/tomcatLib/slf4j-jdk14-1.7.32.jar differ
diff --git a/container_files/tier-support/log4j_fix/webinfLib/log4j-1.2-api-2.17.1.jar b/container_files/tier-support/log4j_fix/webinfLib/log4j-1.2-api-2.17.1.jar
new file mode 100644
index 00000000..25320a46
Binary files /dev/null and b/container_files/tier-support/log4j_fix/webinfLib/log4j-1.2-api-2.17.1.jar differ
diff --git a/container_files/tier-support/log4j_fix/webinfLib/slf4j-api-1.7.32.jar b/container_files/tier-support/log4j_fix/webinfLib/slf4j-api-1.7.32.jar
new file mode 100644
index 00000000..b16a0785
Binary files /dev/null and b/container_files/tier-support/log4j_fix/webinfLib/slf4j-api-1.7.32.jar differ
diff --git a/container_files/tier-support/supervisord-tomcat.conf b/container_files/tier-support/supervisord-tomcat.conf
deleted file mode 100644
index 30631e41..00000000
--- a/container_files/tier-support/supervisord-tomcat.conf
+++ /dev/null
@@ -1,39 +0,0 @@
-[supervisord]
-logfile=/tmp/logsuperd ; supervisord log file
-logfile_maxbytes=0 ; maximum size of logfile before rotation
-loglevel=error ; info, debug, warn, trace
-nodaemon=true ; run supervisord as a daemon
-user=root ; default user
-
-[rpcinterface:supervisor]
-supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
-
-[supervisorctl]
-serverurl=unix:///tmp/supervisor.sock ; use a unix:// URL for a unix socket
-
-; Our processes
-; writing output to stdout (1) and err (2) (for Docker logging) and disabling log rotation
-
-[program:httpd]
-command=httpd -DFOREGROUND
-stderr_logfile = /tmp/loghttpd
-stderr_logfile_maxbytes=0
-stdout_logfile = /tmp/loghttpd
-stdout_logfile_maxbytes=0
-
-[program:shibbolethsp]
-user=shibd
-command=/usr/sbin/shibd -f -F
-stderr_logfile = /tmp/logshidb
-stderr_logfile_maxbytes=0
-stdout_logfile = /tmp/logshidb
-stdout_logfile_maxbytes=0
-
-[program:tomcat]
-user=tomcat
-command=/opt/tomcat/bin/catalina.sh run
-stderr_logfile = /tmp/logtomcat
-stderr_logfile_maxbytes=0
-stdout_logfile = /tmp/logtomcat
-stdout_logfile_maxbytes=0
-
diff --git a/container_files/tier-support/supervisord-tomee.conf b/container_files/tier-support/supervisord-tomee.conf
deleted file mode 100644
index 35e19488..00000000
--- a/container_files/tier-support/supervisord-tomee.conf
+++ /dev/null
@@ -1,31 +0,0 @@
-[supervisord]
-logfile=/tmp/logsuperd ; supervisord log file
-logfile_maxbytes=0 ; maximum size of logfile before rotation
-loglevel=error ; info, debug, warn, trace
-nodaemon=true ; run supervisord as a daemon
-user=root ; default user
-
-[rpcinterface:supervisor]
-supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
-
-[supervisorctl]
-serverurl=unix:///tmp/supervisor.sock ; use a unix:// URL for a unix socket
-
-; Our processes
-; writing output to stdout (1) and err (2) (for Docker logging) and disabling log rotation
-
-[program:httpd]
-command=httpd -DFOREGROUND
-stderr_logfile = /tmp/loghttpd
-stderr_logfile_maxbytes=0
-stdout_logfile = /tmp/loghttpd
-stdout_logfile_maxbytes=0
-
-[program:tomee]
-user=tomcat
-command=/opt/tomee/bin/catalina.sh run
-stderr_logfile = /tmp/logtomcat
-stderr_logfile_maxbytes=0
-stdout_logfile = /tmp/logtomcat
-stdout_logfile_maxbytes=0
-
diff --git a/container_files/tier-support/test/docker-compose.yaml.txt b/container_files/tier-support/test/docker-compose.yaml.txt
new file mode 100644
index 00000000..7dcec8d0
--- /dev/null
+++ b/container_files/tier-support/test/docker-compose.yaml.txt
@@ -0,0 +1,26 @@
+version: '3'
+services:
+ postgres:
+ image: "postgres:14"
+ restart: always
+ ports:
+ - '5432:5432'
+ environment:
+ - POSTGRES_USER=postgres
+ - POSTGRES_PASSWORD=pass
+ grouper:
+ # i2incommon/grouper:2.6.4
+ image: "IMAGE_VERSION"
+ restart: always
+ ports:
+ - '443:443'
+ command:
+ - quickstart
+ environment:
+ - GROUPERSYSTEM_QUICKSTART_PASS=thisPassIsCopyrightedDontUse
+ - GROUPER_MORPHSTRING_ENCRYPT_KEY=abcdefg12345dontUseThis
+ - GROUPER_DATABASE_PASSWORD=pass
+ - GROUPER_DATABASE_USERNAME=postgres
+ - GROUPER_DATABASE_URL=jdbc:postgresql://postgres:5432/postgres
+ - GROUPER_AUTO_DDL_UPTOVERSION=v2.6.*
+ - GROUPER_RUN_HSQLDB=false
\ No newline at end of file
diff --git a/container_files/tier-support/test/grouperContainerUnitTest.sh b/container_files/tier-support/test/grouperContainerUnitTest.sh
new file mode 100644
index 00000000..7068abc0
--- /dev/null
+++ b/container_files/tier-support/test/grouperContainerUnitTest.sh
@@ -0,0 +1,87 @@
+#!/bin/bash
+
+if [ "$#" -ne 4 ]; then
+ echo "You must enter exactly 4 command line arguments: container-name, image-name, container version, and grouper version, e.g. grouper-test my-grouper-2.5.27:latest 2.5.27 2.5.27"
+ exit 1
+fi
+
+expectedSuccesses=716
+
+export containerName=$1
+export imageName=$2
+export containerVersion=$3
+export grouperVersion=$4
+export globalSleepSecondsAfterRun=10
+export globalExitOnError=false
+
+export successCount=0
+export failureCount=0
+
+. ./grouperContainerUnitTestLibrary.sh
+
+. ./grouperContainerUnitTestDaemon.sh
+. ./grouperContainerUnitTestUi.sh
+. ./grouperContainerUnitTestUi2.sh
+. ./grouperContainerUnitTestUiNoSsl.sh
+. ./grouperContainerUnitTestUiNoSslOrClient.sh
+. ./grouperContainerUnitTestUiDifferentPorts.sh
+. ./grouperContainerUnitTestSlashRoot.sh
+. ./grouperContainerUnitTestSelfSigned.sh
+. ./grouperContainerUnitTestWs.sh
+. ./grouperContainerUnitTestWsAuthn.sh
+. ./grouperContainerUnitTestQuickstart.sh
+. ./grouperContainerUnitTestUiSubimage.sh
+. ./grouperContainerUnitTestUiSubimageNonroot.sh
+
+testContainerUi
+testContainerUi2
+testContainerUiNoSsl
+testContainerUiNoSslOrClient
+testContainerSlashRoot
+testContainerSelfSigned
+testContainerUiDifferentPorts
+testContainerWs
+testContainerWsAuthn
+testContainerQuickstart
+testContainerDaemon
+testContainerUiSubimage
+testContainerUiSubimageNonroot
+
+dockerRemoveContainer
+dockerRemoveSubimage
+
+
+
+echo ""
+echo "$successCount successes, $failureCount failures"
+if [ "$successCount" = "$expectedSuccesses" ] && [ "$failureCount" = "0" ] ; then
+ success=true
+ echo "SUCCESS!"
+else
+ success=false
+ echo "ERROR, expected $expectedSuccesses successes and 0 failures"
+fi
+echo ""
+unset -f containerName
+unset -f imageName
+unset -f containerVersion
+unset -f globalSleepSecondsAfterRun
+unset -f testContainerQuickstart
+unset -f testContainerDaemon
+unset -f testContainerUi
+unset -f testContainerUiSubimage
+unset -f testContainerUiSubimageNonroot
+unset -f testContainerUiNoSsl
+unset -f testContainerUiDifferentPorts
+unset -f testContainerSlashRoot
+unset -f testContainerSelfSigned
+unset -f testContainerWs
+unset -f successCount
+unset -f failureCount
+grouperContainerUnitTestLibrary_unsetAll
+
+if [ "$success" = "true" ]; then
+ exit 0
+else
+ exit 1
+fi
diff --git a/container_files/tier-support/test/grouperContainerUnitTestDaemon.sh b/container_files/tier-support/test/grouperContainerUnitTestDaemon.sh
new file mode 100644
index 00000000..0b1df4d8
--- /dev/null
+++ b/container_files/tier-support/test/grouperContainerUnitTestDaemon.sh
@@ -0,0 +1,58 @@
+#!/bin/bash
+
+testContainerDaemon() {
+
+ if [ "$#" -ne 0 ]; then
+ echo "You must enter exactly 0 command line arguments"
+ exit 1
+ fi
+
+ dockerRemoveContainer
+
+ echo
+ echo '################'
+ echo Running container as daemon
+ echo "docker run --detach --name $containerName --publish 443:443 $imageName daemon"
+ echo '################'
+ echo
+
+ docker run --detach --name $containerName --publish 443:443 $imageName daemon
+ sleep $globalSleepSecondsAfterRun
+
+ assertFileExists /opt/grouper/grouperWebapp/WEB-INF/libWs/axis2-kernel-1.6.4.jar
+ assertFileNotExists /opt/grouper/grouperWebapp/WEB-INF/lib/axis2-kernel-1.6.4.jar
+ assertFileNotExists /opt/grouper/grouperWebapp/WEB-INF/lib/stax-api-1.0-2.jar
+ assertFileExists "/opt/grouper/grouperWebapp/WEB-INF/lib/grouper-messaging-activemq-$grouperVersion.jar"
+ assertFileExists "/opt/grouper/grouperWebapp/WEB-INF/libUiAndDaemon/grouper-messaging-activemq-$grouperVersion.jar"
+
+ assertEnvVar GROUPERWS_PROXY_PASS "#"
+ assertEnvVar GROUPERWS_URL_CONTEXT "grouper-ws"
+ assertEnvVar GROUPER_CHOWN_DIRS "true"
+ assertEnvVar GROUPER_CONTAINER_VERSION "$containerVersion"
+ assertEnvVar GROUPER_DAEMON "true"
+ assertEnvVar GROUPER_GSH_CHECK_USER "true"
+ assertEnvVar GROUPER_GSH_USER "tomcat"
+ assertEnvVar GROUPER_HOME "/opt/grouper/grouperWebapp/WEB-INF"
+ assertEnvVar GROUPER_LOG_PREFIX "grouper-daemon"
+ assertEnvVar GROUPER_MAX_MEMORY "1500m"
+ assertEnvVar GROUPER_PROXY_PASS "#"
+ assertEnvVar GROUPER_RUN_PROCESSES_AS_USERS "true"
+ assertEnvVar GROUPER_RUN_TOMCAT "true"
+ assertEnvVar GROUPER_TOMCAT_CONTEXT "grouper"
+ assertEnvVar GROUPER_UI "false"
+ assertEnvVar GROUPER_UI_CONFIGURATION_EDITOR_SOURCEIPADDRESSES "127.0.0.1/32"
+ assertEnvVar GROUPER_UI_GROUPER_AUTH "false"
+ assertEnvVar GROUPER_URL_CONTEXT "grouper"
+ assertEnvVar GROUPER_USE_SSL "true"
+ assertEnvVar GROUPER_WS "false"
+ assertEnvVar GROUPER_WS_GROUPER_AUTH "false"
+
+ assertNumberOfTomcatProcesses 1
+
+ assertNotListeningOnPort 443
+ assertNotListeningOnPort 80
+ assertListeningOnPort 8009
+ assertNotListeningOnPort 9001
+
+}
+export -f testContainerDaemon
diff --git a/container_files/tier-support/test/grouperContainerUnitTestLibrary.sh b/container_files/tier-support/test/grouperContainerUnitTestLibrary.sh
new file mode 100644
index 00000000..d5f1cac3
--- /dev/null
+++ b/container_files/tier-support/test/grouperContainerUnitTestLibrary.sh
@@ -0,0 +1,259 @@
+#!/bin/bash
+
+dockerRemoveContainer() {
+ if [ "$#" -ne 0 ]; then
+ echo "You must enter exactly 0 arguments"
+ exit 1
+ fi
+ if [ "$(docker ps -a | grep $containerName)" ]
+ then
+ docker rm -f $containerName
+ fi
+}
+
+dockerRemoveSubimage() {
+ if [ "$#" -ne 0 ]; then
+ echo "You must enter exactly 0 arguments"
+ exit 1
+ fi
+ subimageId="my_$containerName"
+ subimageName="$subimageId:latest"
+ if [ "$(docker images | grep $subimageId)" ]
+ then
+ docker rmi -f $subimageName
+ fi
+}
+
+# pass in string description, expected value, actual value
+assertEquals() {
+ if [ "$#" -ne 3 ]; then
+ echo "You must enter exactly 3 arguments: statement, expected value, actual value"
+ exit 1
+ fi
+
+ if [ "$2" != "$3" ]
+ then
+ echo "ERROR: $1: expected '$2' but received '$3'"
+ if [ "$globalExitOnError" = "true" ]; then
+ exit 1
+ fi
+ export failureCount=$((failureCount+1))
+ else
+ echo "SUCCESS: $1: $2"
+ export successCount=$((successCount+1))
+ fi
+}
+
+# pass in string description, expected value, actual value it should not be
+assertNotEquals() {
+ if [ "$#" -ne 3 ]; then
+ echo "You must enter exactly 3 arguments: statement, expected value, actual value it should not be"
+ exit 1
+ fi
+
+ if [ "$2" = "$3" ]
+ then
+ echo "ERROR: $1: expected '$2' to not equals '$3' but was equal"
+ if [ "$globalExitOnError" = "true" ]; then
+ exit 1
+ fi
+ export failureCount=$((failureCount+1))
+ else
+ echo "SUCCESS: $1: not equal to: '$2', is: '$3'"
+ export successCount=$((successCount+1))
+ fi
+}
+
+# pass in string description, first value, less than second valuee
+assertLessThan() {
+ if [ "$#" -ne 3 ]; then
+ echo "You must enter exactly 3 arguments: statement, first value, second value"
+ exit 1
+ fi
+
+ if [ "$2" -ge "$3" ]
+ then
+ echo "ERROR: $1: expecting '$2' < '$3'"
+ if [ "$globalExitOnError" = "true" ]; then
+ exit 1
+ fi
+ export failureCount=$((failureCount+1))
+ else
+ echo "SUCCESS: $1: '$2' < '$3'"
+ export successCount=$((successCount+1))
+ fi
+}
+
+# pass in file name, value
+assertFileContains() {
+ if [ "$#" -ne 2 ]; then
+ echo "You must enter exactly 2 arguments: file name, and value"
+ exit 1
+ fi
+
+ local command="docker exec -it $containerName grep '$2' $1 | wc -l | xargs"
+ local var="$(runCommand "$command")"
+ assertLessThan "file $1 should contain at least one '$2'" "0" "$var"
+}
+
+# pass in file name, value
+assertLocalFileContains() {
+ if [ "$#" -ne 2 ]; then
+ echo "You must enter exactly 2 arguments: file name, and value"
+ exit 1
+ fi
+
+ local command="grep '$2' $1 | wc -l | xargs"
+ local var="$(runCommand "$command")"
+ assertLessThan "file $1 should contain at least one '$2'" "0" "$var"
+}
+
+assertFileNotContains() {
+ if [ "$#" -ne 2 ]; then
+ echo "You must enter exactly 2 arguments: file name, and value"
+ exit 1
+ fi
+
+ local command="docker exec -it $containerName grep '$2' $1 | wc -l | xargs"
+ local var="$(runCommand "$command")"
+ assertEquals "file $1 should not contain '$2'" "0" "$var"
+}
+
+assertFileExists() {
+ if [ "$#" -ne 1 ]; then
+ # generally 0 or 5 processes
+ echo "You must enter exactly 1 arguments: file to check"
+ exit 1
+ fi
+ local command="docker exec -it $containerName grouperTestFileExist.sh $1 | wc -l | xargs"
+ local var="$(runCommand "$command")"
+ assertEquals "file $1 should exist" "1" "$var"
+}
+
+assertFileNotExists() {
+ if [ "$#" -ne 1 ]; then
+ # generally 0 or 5 processes
+ echo "You must enter exactly 1 arguments: file to check"
+ exit 1
+ fi
+ local command="docker exec -it $containerName grouperTestFileExist.sh $1 | wc -l | xargs"
+ local var="$(runCommand "$command")"
+ assertEquals "file $1 should not exist" "0" "$var"
+}
+
+assertListeningOnPort() {
+ if [ "$#" -ne 1 ]; then
+ echo "You must enter exactly 1 argument: port"
+ exit 1
+ fi
+
+ local command="docker exec -it $containerName netstat -pan | grep LISTEN | grep ':$1 ' | wc -l | xargs"
+ local var="$(runCommand "$command")"
+ assertEquals "listening on port $1" "1" "$var"
+}
+
+assertNotListeningOnPort() {
+ if [ "$#" -ne 1 ]; then
+ echo "You must enter exactly 1 argument: port"
+ exit 1
+ fi
+
+ local command="docker exec -it $containerName netstat -pan | grep LISTEN | grep ':$1 ' | wc -l | xargs"
+ local var="$(runCommand "$command")"
+ assertEquals "not listening on port $1" "0" "$var"
+}
+
+containerCommandResultEquals() {
+
+ if [ "$#" -ne 2 ]; then
+ echo "You must enter exactly 2 arguments: the command to run and the expected result"
+ exit 1
+ fi
+ local command="docker exec $containerName $1"
+ local var="$(runCommand "$command")"
+ assertEquals "$1" "$2" "$var"
+
+}
+
+runCommand() {
+ if [ "$#" -ne 1 ]; then
+ echo "Pass the command to run"
+ exit 1
+ fi
+ local command=$1
+ local var=$(eval "$command")
+ # for some reason sometimes whitespace is there
+ local var=$(echo -e "${var}" | tr -d '\r' | tr -d '\n')
+ echo $var
+}
+
+assertNumberOfTomcatProcesses() {
+ if [ "$#" -ne 1 ]; then
+ echo "You must enter exactly 1 arguments: the number of tomcat processes"
+ exit 1
+ fi
+ local command="docker exec -it $containerName ps -ef | grep "^tomcat" | wc -l | xargs"
+ local var="$(runCommand "$command")"
+ assertEquals "tomcat process count" "$1" "$var"
+}
+
+assertEnvVar() {
+ if [ "$#" -ne 2 ]; then
+ echo "You must enter exactly 2 arguments: the env var name and value"
+ exit 1
+ fi
+ local command="docker exec -it --user tomcat $containerName grouperTestPrintEnv.sh $1 | xargs"
+ local var="$(runCommand "$command")"
+ assertEquals "env var $1" "$2" "$var"
+}
+
+assertEnvVarNot() {
+ if [ "$#" -ne 2 ]; then
+ echo "You must enter exactly 2 arguments: the env var name and value"
+ exit 1
+ fi
+ local command="docker exec -it --user tomcat $containerName grouperTestPrintEnv.sh $1 | xargs"
+ local var="$(runCommand "$command")"
+ assertNotEquals "env var $1" "$2" "$var"
+}
+
+grouperContainerUnitTestLibrary_unsetAll() {
+ unset -f assertEnvVar
+ unset -f assertEnvVarNot
+ unset -f assertEquals
+ unset -f assertFileContains
+ unset -f assertFileExists
+ unset -f assertFileNotContains
+ unset -f assertFileNotExists
+ unset -f assertLessThan
+ unset -f assertListeningOnPort
+ unset -f assertNotEquals
+ unset -f assertNotListeningOnPort
+ unset -f assertNumberOfTomcatProcesses
+ unset -f dockerRemoveContainer
+ unset -f dockerRemoveSubimage
+ unset -f grouperContainerUnitTestLibrary_unsetAll
+ unset -f runCommand
+}
+
+grouperContainerUnitTestLibrary_exportAll() {
+ export -f assertEnvVar
+ export -f assertEnvVarNot
+ export -f assertEquals
+ export -f assertFileContains
+ export -f assertFileExists
+ export -f assertFileNotContains
+ export -f assertFileNotExists
+ export -f assertLessThan
+ export -f assertListeningOnPort
+ export -f assertNotEquals
+ export -f assertNotListeningOnPort
+ export -f assertNumberOfTomcatProcesses
+ export -f dockerRemoveContainer
+ export -f dockerRemoveSubimage
+ export -f grouperContainerUnitTestLibrary_unsetAll
+ export -f runCommand
+}
+
+# export everything
+grouperContainerUnitTestLibrary_exportAll
diff --git a/container_files/tier-support/test/grouperContainerUnitTestQuickstart.sh b/container_files/tier-support/test/grouperContainerUnitTestQuickstart.sh
new file mode 100644
index 00000000..fd4afdbc
--- /dev/null
+++ b/container_files/tier-support/test/grouperContainerUnitTestQuickstart.sh
@@ -0,0 +1,113 @@
+#!/bin/bash
+
+testContainerQuickstart() {
+
+ if [ "$#" -ne 0 ]; then
+ echo "You must enter exactly 0 command line arguments"
+ exit 1
+ fi
+
+ dockerRemoveContainer
+
+ echo
+ echo '################'
+ echo Running container as quickstart
+ echo "docker-compose up"
+ echo '################'
+ echo
+
+ cp docker-compose.yaml.txt docker-compose.yaml
+ sed -i "s|IMAGE_VERSION|$imageName|g" docker-compose.yaml
+
+ docker-compose up
+ sleep $globalSleepSecondsAfterRun
+
+ assertFileExists /opt/grouper/grouperWebapp/WEB-INF/libWs/axis2-kernel-1.6.4.jar
+ assertFileExists /opt/grouper/grouperWebapp/WEB-INF/lib/axis2-kernel-1.6.4.jar
+ assertFileExists /opt/grouper/grouperWebapp/WEB-INF/lib/stax-api-1.0-2.jar
+ assertFileExists "/opt/grouper/grouperWebapp/WEB-INF/lib/grouper-messaging-activemq-$grouperVersion.jar"
+ assertFileExists "/opt/grouper/grouperWebapp/WEB-INF/libUiAndDaemon/grouper-messaging-activemq-$grouperVersion.jar"
+
+ assertFileContains /opt/grouper/grouperWebapp/WEB-INF/classes/grouper.hibernate.properties grouperPasswordConfigOverride_UI_GrouperSystem_pass.elConfig
+
+ assertFileContains /opt/grouper/grouperWebapp/WEB-INF/classes/grouper.hibernate.properties GROUPERSYSTEM_QUICKSTART_PASS
+
+ assertFileContains /opt/grouper/grouperWebapp/WEB-INF/classes/log4j2.xml "grouper;"
+
+ assertEnvVar GROUPERWS_PROXY_PASS ""
+ assertEnvVar GROUPERWS_URL_CONTEXT "grouper-ws"
+ assertEnvVar GROUPER_CHOWN_DIRS "true"
+ assertEnvVar GROUPER_CONTAINER_VERSION "$containerVersion"
+ assertEnvVar GROUPER_DAEMON "true"
+ assertEnvVar GROUPER_GSH_CHECK_USER "true"
+ assertEnvVar GROUPER_GSH_USER "tomcat"
+ assertEnvVar GROUPER_HOME "/opt/grouper/grouperWebapp/WEB-INF"
+ assertEnvVar GROUPER_LOG_PREFIX "grouper"
+ assertEnvVar GROUPER_MAX_MEMORY "1500m"
+ assertEnvVar GROUPER_PROXY_PASS ""
+ assertEnvVar GROUPER_RUN_PROCESSES_AS_USERS "true"
+ assertEnvVar GROUPER_RUN_TOMCAT "true"
+ assertEnvVar GROUPER_TOMCAT_CONTEXT "grouper"
+ assertEnvVar GROUPER_UI "true"
+ assertEnvVar GROUPER_UI_CONFIGURATION_EDITOR_SOURCEIPADDRESSES "0.0.0.0/0"
+ assertEnvVar GROUPER_UI_GROUPER_AUTH "true"
+ assertEnvVarNot GROUPER_UI_ONLY "true"
+ assertEnvVar GROUPER_URL_CONTEXT "grouper"
+ assertEnvVar GROUPER_USE_SSL "true"
+ assertEnvVar GROUPER_WS "true"
+ assertEnvVar GROUPER_WS_GROUPER_AUTH "true"
+
+ assertNumberOfTomcatProcesses 1
+
+ assertListeningOnPort 443
+ assertListeningOnPort 80
+ assertListeningOnPort 8009
+ assertListeningOnPort 9001
+
+ curl -L -k -u GrouperSystem:thisPassIsCopyrightedDontUse https://localhost -o index.html
+ assertLocalFileContains index.html document.location.href
+
+ curl -L -k https://localhost/grouper/grouperUi/app/UiV2Main.index?operation=UiV2Main.indexMain -o index.html
+ assertLocalFileContains index.html 'HTTP Status 401'
+
+ curl -L -k -u GrouperSystem:XthisPassIsCopyrightedDontUse https://localhost/grouper/grouperUi/app/UiV2Main.index?operation=UiV2Main.indexMain -o index.html
+ assertLocalFileContains index.html 'HTTP Status 401'
+
+ curl -L -k -u GrouperSystem:thisPassIsCopyrightedDontUse https://localhost/grouper/grouperUi/app/UiV2Main.index?operation=UiV2Main.indexMain -o index.html
+ assertLocalFileContains index.html 'end index.jsp'
+
+ curl -L -k https://localhost/grouper-ws/servicesRest/v2_4_000/subjects/GrouperSystem -o index.html
+ assertLocalFileContains index.html 'HTTP Status 401'
+
+ curl -L -k -u GrouperSystem:XthisPassIsCopyrightedDontUse https://localhost/grouper-ws/servicesRest/v2_4_000/subjects/GrouperSystem -o index.html
+ assertLocalFileContains index.html 'HTTP Status 401'
+
+ curl -L -k -u GrouperSystem:thisPassIsCopyrightedDontUse https://localhost/grouper-ws/servicesRest/v2_4_000/subjects/GrouperSystem -o index.html
+ assertLocalFileContains index.html '"resultCode":"SUCCESS"'
+
+ docker stop $containerName
+ docker start $containerName
+
+ sleep $globalSleepSecondsAfterRun
+
+ assertNumberOfTomcatProcesses 1
+
+ assertListeningOnPort 443
+ assertListeningOnPort 80
+ assertListeningOnPort 8009
+ assertListeningOnPort 9001
+
+ curl -L -k -u GrouperSystem:thisPassIsCopyrightedDontUse https://localhost -o index.html
+ assertLocalFileContains index.html document.location.href
+
+ curl -L -k -u GrouperSystem:thisPassIsCopyrightedDontUse https://localhost/grouper/grouperUi/app/UiV2Main.index?operation=UiV2Main.indexMain -o index.html
+ assertLocalFileContains index.html 'end index.jsp'
+
+ containerCommandResultEquals "ps -ef | grep root | grep cat | grep -v grep | wc -l" 6
+ containerCommandResultEquals "ps -ef | grep root | grep awk | grep grouper | wc -l" 1
+ containerCommandResultEquals "ps -ef | grep root | grep awk | grep tomcat | wc -l" 1
+
+ docker-compose down
+ rm docker-compose.yaml
+}
+export -f testContainerQuickstart
diff --git a/container_files/tier-support/test/grouperContainerUnitTestSelfSigned.sh b/container_files/tier-support/test/grouperContainerUnitTestSelfSigned.sh
new file mode 100644
index 00000000..2a707c1d
--- /dev/null
+++ b/container_files/tier-support/test/grouperContainerUnitTestSelfSigned.sh
@@ -0,0 +1,54 @@
+#!/bin/bash
+
+testContainerSelfSigned() {
+
+ if [ "$#" -ne 0 ]; then
+ echo "You must enter exactly 0 command line arguments"
+ exit 1
+ fi
+
+ dockerRemoveContainer
+
+ echo
+ echo '################'
+ echo Running container as ui with self signed cert
+ echo "docker run --detach --name $containerName --publish 443:443 -e GROUPER_SELF_SIGNED_CERT=true -e GROUPER_LOG_TO_HOST=true -e -e =10.0.2.16/28 $imageName ui"
+ echo '################'
+ echo
+
+ docker run --detach --name $containerName --publish 443:443 -e GROUPER_SELF_SIGNED_CERT=true -e GROUPER_LOG_TO_HOST=true $imageName ui
+ sleep $globalSleepSecondsAfterRun
+
+ assertEnvVar GROUPER_SSL_USE_CHAIN_FILE "false"
+ assertEnvVar GROUPER_SSL_CERT_FILE "/etc/pki/tls/certs/localhost.crt"
+ assertEnvVar GROUPER_SSL_KEY_FILE "/etc/pki/tls/private/localhost.key"
+ assertEnvVar GROUPER_SSL_USE_STAPLING "true"
+
+ assertEnvVar GROUPERWS_PROXY_PASS "#"
+ assertEnvVar GROUPERWS_URL_CONTEXT "grouper-ws"
+ assertEnvVar GROUPER_CHOWN_DIRS "true"
+ assertEnvVar GROUPER_CONTAINER_VERSION "$containerVersion"
+ assertEnvVar GROUPER_DAEMON "false"
+ assertEnvVar GROUPER_GSH_CHECK_USER "true"
+ assertEnvVar GROUPER_GSH_USER "tomcat"
+ assertEnvVar GROUPER_HOME "/opt/grouper/grouperWebapp/WEB-INF"
+ assertEnvVar GROUPER_LOG_PREFIX "grouper-ui"
+ assertEnvVar GROUPER_MAX_MEMORY "1500m"
+ assertEnvVar GROUPER_PROXY_PASS ""
+ assertEnvVar GROUPER_RUN_PROCESSES_AS_USERS "true"
+ assertEnvVar GROUPER_RUN_TOMCAT "true"
+ assertEnvVar GROUPER_SELF_SIGNED_CERT "true"
+ assertEnvVar GROUPER_TOMCAT_CONTEXT "grouper"
+ assertEnvVar GROUPER_UI "true"
+ assertEnvVar GROUPER_UI_CONFIGURATION_EDITOR_SOURCEIPADDRESSES "127.0.0.1/32"
+ assertEnvVar GROUPER_UI_GROUPER_AUTH "false"
+ assertEnvVar GROUPER_UI_ONLY "true"
+ assertEnvVar GROUPER_URL_CONTEXT "grouper"
+ assertEnvVar GROUPER_USE_SSL "true"
+ assertEnvVar GROUPER_WS "false"
+ assertEnvVar GROUPER_WS_GROUPER_AUTH "false"
+
+ assertNumberOfTomcatProcesses 1
+
+
+}
diff --git a/container_files/tier-support/test/grouperContainerUnitTestSlashRoot.sh b/container_files/tier-support/test/grouperContainerUnitTestSlashRoot.sh
new file mode 100644
index 00000000..42e012c9
--- /dev/null
+++ b/container_files/tier-support/test/grouperContainerUnitTestSlashRoot.sh
@@ -0,0 +1,39 @@
+#!/bin/bash
+
+testContainerSlashRoot() {
+
+ if [ "$#" -ne 0 ]; then
+ echo "You must enter exactly 0 command line arguments"
+ exit 1
+ fi
+
+ dockerRemoveContainer
+
+ echo
+ echo '################'
+ echo Running container as ui with slashRoot mounted
+ echo "docker run --detach --name $containerName --mount type=bind,src=$someDir,dst=/opt/grouper/slashRoot --publish 443:443 $imageName ui"
+ echo '################'
+ echo
+
+ local someDir=$(pwd)/someDir
+ rm -rf someDir
+ mkdir -p someDir/tmp
+ echo 'whatever' > someDir/tmp/temp.txt
+ mkdir -p someDir/opt/grouper/grouperWebapp/WEB-INF/classes
+ echo 'someSettings' > someDir/opt/grouper/grouperWebapp/WEB-INF/classes/log4j2.additionalLoggers.xml.txt
+ echo 'otherSettings' > someDir/opt/grouper/grouperWebapp/WEB-INF/classes/log4j2.additionalAppenders.xml.txt
+
+ docker run --detach --name $containerName --mount type=bind,src=$someDir,dst=/opt/grouper/slashRoot --publish 443:443 $imageName ui
+ sleep $globalSleepSecondsAfterRun
+
+ assertFileExists /tmp/temp.txt
+
+ assertFileContains /opt/grouper/grouperWebapp/WEB-INF/classes/log4j2.xml "someSettings"
+ assertFileContains /opt/grouper/grouperWebapp/WEB-INF/classes/log4j2.xml "otherSettings"
+
+
+ #rm -rf someDir
+
+}
+export -f testContainerSlashRoot
diff --git a/container_files/tier-support/test/grouperContainerUnitTestUi.sh b/container_files/tier-support/test/grouperContainerUnitTestUi.sh
new file mode 100644
index 00000000..bc75c24c
--- /dev/null
+++ b/container_files/tier-support/test/grouperContainerUnitTestUi.sh
@@ -0,0 +1,89 @@
+#!/bin/bash
+
+testContainerUi() {
+
+ if [ "$#" -ne 0 ]; then
+ echo "You must enter exactly 0 command line arguments"
+ exit 1
+ fi
+
+ dockerRemoveContainer
+
+ echo
+ echo '################'
+ echo Running container as ui
+ echo "docker run --detach --name $containerName --publish 443:443 -e GROUPER_SSL_CERT_FILE=/etc/pki/tls/certs/host-cert.pem $imageName ui"
+ echo '################'
+ echo
+
+ docker run --detach --name $containerName --publish 443:443 -e GROUPER_SSL_CERT_FILE=/etc/pki/tls/certs/host-cert.pem $imageName ui
+ sleep $globalSleepSecondsAfterRun
+
+
+ assertFileContains /opt/tomcat/conf/server.xml 'address="0.0.0.0"'
+ assertFileContains /opt/tomcat/conf/server.xml 'allowedRequestAttributesPattern=".*"'
+
+ assertFileExists /opt/grouper/grouperWebapp/WEB-INF/libWs/axis2-kernel-1.6.4.jar
+ assertFileNotExists /opt/grouper/grouperWebapp/WEB-INF/lib/axis2-kernel-1.6.4.jar
+ assertFileNotExists /opt/grouper/grouperWebapp/WEB-INF/lib/stax-api-1.0-2.jar
+ assertFileExists "/opt/grouper/grouperWebapp/WEB-INF/lib/grouper-messaging-activemq-$grouperVersion.jar"
+ assertFileExists "/opt/grouper/grouperWebapp/WEB-INF/libUiAndDaemon/grouper-messaging-activemq-$grouperVersion.jar"
+
+ assertEnvVar GROUPER_SSL_USE_CHAIN_FILE "false"
+ assertEnvVar GROUPER_SSL_CERT_FILE "/etc/pki/tls/certs/host-cert.pem"
+ assertEnvVar GROUPER_SSL_KEY_FILE "/etc/pki/tls/private/host-key.pem"
+ assertEnvVarNot GROUPER_SSL_CHAIN_FILE "/etc/pki/tls/certs/cachain.pem"
+ assertEnvVar GROUPER_SSL_USE_STAPLING "true"
+
+ assertFileContains /opt/tomcat/conf/Catalina/localhost/grouper.xml 'cookies="true"'
+
+ assertFileContains /opt/tomcat/conf/web.xml "<session-timeout>600</session-timeout>"
+ assertFileContains /opt/grouper/grouperWebapp/WEB-INF/classes/log4j.properties "grouper-ui;"
+
+ assertFileNotContains /opt/grouper/grouperWebapp/WEB-INF/classes/grouper.hibernate.properties grouperPasswordConfigOverride_UI_GrouperSystem_pass.elConfig
+ assertFileNotContains /opt/grouper/grouperWebapp/WEB-INF/classes/grouper.hibernate.properties thisPassIsCopyrightedDontUse
+
+ assertFileNotContains /opt/tomcat/conf/server.xml "AccessLogValve"
+
+ assertFileContains /opt/tomcat/conf/server.xml "maxHeaderCount"
+ assertFileContains /opt/tomcat/conf/server.xml "200"
+ assertFileNotContains /opt/tomcat/conf/server.xml "1235"
+
+ assertFileContains /opt/tomcat/conf/server.xml "tomcatAuthentication"
+
+ assertEnvVar GROUPER_TOMCAT_LOG_ACCESS "false"
+ assertEnvVar GROUPERWS_PROXY_PASS "#"
+ assertEnvVar GROUPERWS_URL_CONTEXT "grouper-ws"
+ assertEnvVar GROUPER_CHOWN_DIRS "true"
+ assertEnvVar GROUPER_CONTAINER_VERSION "$containerVersion"
+ assertEnvVar GROUPER_DAEMON "false"
+ assertEnvVar GROUPER_GSH_CHECK_USER "true"
+ assertEnvVar GROUPER_GSH_USER "tomcat"
+ assertEnvVar GROUPER_HOME "/opt/grouper/grouperWebapp/WEB-INF"
+ assertEnvVar GROUPER_LOG_PREFIX "grouper-ui"
+ assertEnvVar GROUPER_MAX_MEMORY "1500m"
+ assertEnvVar GROUPER_PROXY_PASS ""
+ assertEnvVar GROUPER_RUN_PROCESSES_AS_USERS "true"
+ assertEnvVar GROUPER_RUN_TOMCAT "true"
+ assertEnvVar GROUPER_TOMCAT_CONTEXT "grouper"
+ assertEnvVar GROUPER_UI "true"
+ assertEnvVar GROUPER_UI_CONFIGURATION_EDITOR_SOURCEIPADDRESSES "127.0.0.1/32"
+ assertEnvVar GROUPER_UI_GROUPER_AUTH "false"
+ assertEnvVar GROUPER_UI_ONLY "true"
+ assertEnvVar GROUPER_URL_CONTEXT "grouper"
+ assertEnvVar GROUPER_USE_SSL "true"
+ assertEnvVar GROUPER_WS "false"
+ assertEnvVar GROUPER_WS_GROUPER_AUTH "false"
+
+ assertNumberOfTomcatProcesses 1
+
+ assertNotListeningOnPort 443
+ assertNotListeningOnPort 80
+ assertListeningOnPort 8009
+ assertNotListeningOnPort 9001
+ assertListeningOnPort 8080
+ #assertListeningOnPort 8005
+
+
+}
+export -f testContainerUi
diff --git a/container_files/tier-support/test/grouperContainerUnitTestUi2.sh b/container_files/tier-support/test/grouperContainerUnitTestUi2.sh
new file mode 100644
index 00000000..cffe921b
--- /dev/null
+++ b/container_files/tier-support/test/grouperContainerUnitTestUi2.sh
@@ -0,0 +1,52 @@
+#!/bin/bash
+
+testContainerUi2() {
+
+ if [ "$#" -ne 0 ]; then
+ echo "You must enter exactly 0 command line arguments"
+ exit 1
+ fi
+
+ dockerRemoveContainer
+
+ echo
+ echo '################'
+ echo Running container as ui
+ echo "docker run --detach --name $containerName --publish 443:443 -e GROUPER_TOMCAT_MAX_HEADER_COUNT=1235 -e GROUPER_SSL_USE_STAPLING=false -e GROUPER_SSL_CERT_FILE=/a/b/cert -e GROUPER_SSL_KEY_FILE=/a/b/key -e GROUPER_SSL_CHAIN_FILE=/a/b/chain -e GROUPER_REDIRECT_FROM_SLASH_TO_GROUPER=false $imageName ui"
+ echo '################'
+ echo
+
+ docker run --detach --name $containerName --publish 443:443 -e GROUPER_TOMCAT_MAX_HEADER_COUNT=1235 -e GROUPER_SSL_USE_STAPLING=false -e GROUPER_SSL_CERT_FILE=/a/b/cert -e GROUPER_SSL_KEY_FILE=/a/b/key -e GROUPER_SSL_CHAIN_FILE=/a/b/chain -e GROUPER_REDIRECT_FROM_SLASH_TO_GROUPER=false $imageName ui
+ sleep $globalSleepSecondsAfterRun
+
+
+ assertFileContains /opt/tomcat/conf/server.xml 'address="0.0.0.0"'
+ assertFileContains /opt/tomcat/conf/server.xml 'allowedRequestAttributesPattern=".*"'
+
+ assertFileExists /opt/grouper/grouperWebapp/WEB-INF/libWs/axis2-kernel-1.6.4.jar
+ assertFileNotExists /opt/grouper/grouperWebapp/WEB-INF/lib/axis2-kernel-1.6.4.jar
+ assertFileNotExists /opt/grouper/grouperWebapp/WEB-INF/lib/stax-api-1.0-2.jar
+ assertFileExists "/opt/grouper/grouperWebapp/WEB-INF/lib/grouper-messaging-activemq-$grouperVersion.jar"
+ assertFileExists "/opt/grouper/grouperWebapp/WEB-INF/libUiAndDaemon/grouper-messaging-activemq-$grouperVersion.jar"
+
+ assertFileContains /opt/tomcat/conf/server.xml "maxHeaderCount"
+ assertFileContains /opt/tomcat/conf/server.xml "1235"
+
+ assertEnvVar GROUPER_SSL_USE_CHAIN_FILE "true"
+ assertEnvVar GROUPER_SSL_CERT_FILE "/a/b/cert"
+ assertEnvVar GROUPER_SSL_KEY_FILE "/a/b/key"
+ assertEnvVar GROUPER_SSL_CHAIN_FILE "/a/b/chain"
+ assertEnvVar GROUPER_SSL_USE_STAPLING "false"
+
+ assertNumberOfTomcatProcesses 1
+
+ assertNotListeningOnPort 443
+ assertNotListeningOnPort 80
+ assertListeningOnPort 8009
+ assertNotListeningOnPort 9001
+ assertListeningOnPort 8080
+ #assertListeningOnPort 8005
+
+
+}
+export -f testContainerUi2
diff --git a/container_files/tier-support/test/grouperContainerUnitTestUiDifferentPorts.sh b/container_files/tier-support/test/grouperContainerUnitTestUiDifferentPorts.sh
new file mode 100644
index 00000000..fc0249d0
--- /dev/null
+++ b/container_files/tier-support/test/grouperContainerUnitTestUiDifferentPorts.sh
@@ -0,0 +1,39 @@
+#!/bin/bash
+
+testContainerUiDifferentPorts() {
+
+ if [ "$#" -ne 0 ]; then
+ echo "You must enter exactly 0 command line arguments"
+ exit 1
+ fi
+
+ dockerRemoveContainer
+
+ echo
+ echo '################'
+ echo Running container as ui with self signed cert with different ports
+ echo "docker run --detach --name $containerName --publish 443:443 -e GROUPER_SELF_SIGNED_CERT=true -e GROUPER_TOMCAT_HTTP_PORT=8600 -e GROUPER_TOMCAT_AJP_PORT=8601 -e GROUPER_TOMCAT_SHUTDOWN_PORT=8602 $imageName ui"
+ echo '################'
+ echo
+
+ docker run --detach --name $containerName --publish 443:443 -e GROUPER_SELF_SIGNED_CERT=true -e GROUPER_TOMCAT_HTTP_PORT=8600 -e GROUPER_TOMCAT_AJP_PORT=8601 -e GROUPER_TOMCAT_SHUTDOWN_PORT=8602 $imageName ui
+ sleep $globalSleepSecondsAfterRun
+
+ assertEnvVar GROUPER_TOMCAT_HTTP_PORT "8600"
+ assertEnvVar GROUPER_TOMCAT_AJP_PORT "8601"
+ assertEnvVar GROUPER_TOMCAT_SHUTDOWN_PORT "8602"
+
+ assertNumberOfTomcatProcesses 1
+
+ assertListeningOnPort 444
+ assertListeningOnPort 81
+ assertNotListeningOnPort 443
+ assertNotListeningOnPort 80
+ assertListeningOnPort 8600
+ assertListeningOnPort 8601
+ #assertListeningOnPort 8602
+ assertNotListeningOnPort 9001
+
+
+}
+export -f testContainerUiDifferentPorts
diff --git a/container_files/tier-support/test/grouperContainerUnitTestUiNoSsl.sh b/container_files/tier-support/test/grouperContainerUnitTestUiNoSsl.sh
new file mode 100644
index 00000000..6ebffefa
--- /dev/null
+++ b/container_files/tier-support/test/grouperContainerUnitTestUiNoSsl.sh
@@ -0,0 +1,60 @@
+#!/bin/bash
+
+testContainerUiNoSsl() {
+
+ if [ "$#" -ne 0 ]; then
+ echo "You must enter exactly 0 command line arguments"
+ exit 1
+ fi
+
+ dockerRemoveContainer
+
+ echo
+ echo '################'
+ echo Running container as ui without SSL with SSL client
+ echo "docker run --detach --name $containerName --publish 443:443 -e GROUPER_TOMCAT_MAX_HEADER_COUNT=-1 -e GROUPER_USE_SSL=false -e GROUPER_TOMCAT_LOG_ACCESS=true -e GROUPER_TOMCAT_SESSION_TIMEOUT_MINUTES=30 $imageName ui"
+ echo '################'
+ echo
+
+ docker run --detach --name $containerName --publish 443:443 -e GROUPER_TOMCAT_MAX_HEADER_COUNT=-1 -e GROUPER_USE_SSL=false -e GROUPER_TOMCAT_LOG_ACCESS=true -e GROUPER_TOMCAT_SESSION_TIMEOUT_MINUTES=30 $imageName ui
+ sleep $globalSleepSecondsAfterRun
+
+ assertFileContains /opt/tomcat/conf/web.xml "<session-timeout>30</session-timeout>"
+
+ assertFileNotContains /opt/tomcat/conf/server.xml "maxHeaderCount"
+
+ assertEnvVar GROUPER_TOMCAT_LOG_ACCESS "true"
+ assertEnvVar GROUPERWS_PROXY_PASS "#"
+ assertEnvVar GROUPERWS_URL_CONTEXT "grouper-ws"
+ assertEnvVar GROUPER_CHOWN_DIRS "true"
+ assertEnvVar GROUPER_CONTAINER_VERSION "$containerVersion"
+ assertEnvVar GROUPER_DAEMON "false"
+ assertEnvVar GROUPER_GSH_CHECK_USER "true"
+ assertEnvVar GROUPER_GSH_USER "tomcat"
+ assertEnvVar GROUPER_HOME "/opt/grouper/grouperWebapp/WEB-INF"
+ assertEnvVar GROUPER_LOG_PREFIX "grouper-ui"
+ assertEnvVar GROUPER_MAX_MEMORY "1500m"
+ assertEnvVar GROUPER_PROXY_PASS ""
+ assertEnvVar GROUPER_RUN_PROCESSES_AS_USERS "true"
+ assertEnvVar GROUPER_RUN_TOMCAT "true"
+ assertEnvVar GROUPER_TOMCAT_CONTEXT "grouper"
+ assertEnvVar GROUPER_UI "true"
+ assertEnvVar GROUPER_UI_CONFIGURATION_EDITOR_SOURCEIPADDRESSES "127.0.0.1/32"
+ assertEnvVar GROUPER_UI_GROUPER_AUTH "false"
+ assertEnvVar GROUPER_UI_ONLY "true"
+ assertEnvVar GROUPER_URL_CONTEXT "grouper"
+ assertEnvVar GROUPER_USE_SSL "false"
+ assertEnvVar GROUPER_WS "false"
+ assertEnvVar GROUPER_WS_GROUPER_AUTH "false"
+ assertEnvVar GROUPER_WEBCLIENT_IS_SSL "true"
+
+ assertNumberOfTomcatProcesses 1
+
+ assertNotListeningOnPort 443
+ assertListeningOnPort 80
+ assertListeningOnPort 8009
+ assertNotListeningOnPort 9001
+
+
+}
+export -f testContainerUiNoSsl
diff --git a/container_files/tier-support/test/grouperContainerUnitTestUiNoSslOrClient.sh b/container_files/tier-support/test/grouperContainerUnitTestUiNoSslOrClient.sh
new file mode 100644
index 00000000..9ab005c1
--- /dev/null
+++ b/container_files/tier-support/test/grouperContainerUnitTestUiNoSslOrClient.sh
@@ -0,0 +1,37 @@
+#!/bin/bash
+
+testContainerUiNoSslOrClient() {
+
+ if [ "$#" -ne 0 ]; then
+ echo "You must enter exactly 0 command line arguments"
+ exit 1
+ fi
+
+ dockerRemoveContainer
+
+ echo
+ echo '################'
+ echo Running container as ui without SSL with non-SSL client
+ echo "docker run --detach --name $containerName --publish 443:443 -e GROUPER_USE_SSL=false -e GROUPER_WEBCLIENT_IS_SSL=false $imageName ui"
+ echo '################'
+ echo
+
+ docker run --detach --name $containerName --publish 443:443 -e GROUPER_USE_SSL=false -e GROUPER_WEBCLIENT_IS_SSL=false $imageName ui
+ sleep $globalSleepSecondsAfterRun
+
+ assertFileNotContains /opt/tomcat/conf/server.xml 'secure="true"'
+ assertFileNotContains /opt/tomcat/conf/server.xml 'scheme="https"'
+ assertFileContains /opt/tomcat/conf/server.xml 'scheme="http"'
+
+ assertEnvVar GROUPER_USE_SSL "false"
+ assertEnvVar GROUPER_WEBCLIENT_IS_SSL "false"
+
+
+ assertNotListeningOnPort 443
+ assertListeningOnPort 80
+ assertListeningOnPort 8009
+ assertNotListeningOnPort 9001
+
+
+}
+export -f testContainerUiNoSsl
diff --git a/container_files/tier-support/test/grouperContainerUnitTestUiSubimage.sh b/container_files/tier-support/test/grouperContainerUnitTestUiSubimage.sh
new file mode 100644
index 00000000..7c4355d4
--- /dev/null
+++ b/container_files/tier-support/test/grouperContainerUnitTestUiSubimage.sh
@@ -0,0 +1,79 @@
+#!/bin/bash
+
+testContainerUiSubimage() {
+
+ if [ "$#" -ne 0 ]; then
+ echo "You must enter exactly 0 command line arguments"
+ exit 1
+ fi
+
+ dockerRemoveContainer
+ dockerRemoveSubimage
+
+ subimageId="my_$containerName"
+ subimageName="$subimageId:latest"
+
+ echo "" > Dockerfile
+ echo "FROM $imageName" >> Dockerfile
+ echo "ENV GROUPER_UI_CONFIGURATION_EDITOR_SOURCEIPADDRESSES 1.1.1.1/32" >> Dockerfile
+ echo "" >> Dockerfile
+
+ echo
+ echo '################'
+ echo Running container with subimage as ui
+ echo cat DockerFile
+ cat Dockerfile
+ echo "docker build -t $subimageId ."
+ echo "docker run --detach --name $containerName --publish 443:443 -e GROUPER_SSL_CERT_FILE=/etc/pki/tls/certs/host-cert.pem $subimageId ui"
+ echo '################'
+ echo
+
+ docker build -t "$subimageId" .
+
+ docker run --detach --name $containerName --publish 443:443 -e GROUPER_SSL_CERT_FILE=/etc/pki/tls/certs/host-cert.pem $subimageId ui
+ sleep $globalSleepSecondsAfterRun
+
+ assertFileExists /opt/grouper/grouperWebapp/WEB-INF/libWs/axis2-kernel-1.6.4.jar
+ assertFileNotExists /opt/grouper/grouperWebapp/WEB-INF/lib/axis2-kernel-1.6.4.jar
+ assertFileNotExists /opt/grouper/grouperWebapp/WEB-INF/lib/stax-api-1.0-2.jar
+ assertFileExists "/opt/grouper/grouperWebapp/WEB-INF/lib/grouper-messaging-activemq-$grouperVersion.jar"
+ assertFileExists "/opt/grouper/grouperWebapp/WEB-INF/libUiAndDaemon/grouper-messaging-activemq-$grouperVersion.jar"
+
+ assertFileContains /opt/grouper/grouperWebapp/WEB-INF/classes/log4j.properties "grouper-ui;"
+
+ assertFileNotContains /opt/grouper/grouperWebapp/WEB-INF/classes/grouper.hibernate.properties grouperPasswordConfigOverride_UI_GrouperSystem_pass.elConfig
+ assertFileNotContains /opt/grouper/grouperWebapp/WEB-INF/classes/grouper.hibernate.properties thisPassIsCopyrightedDontUse
+
+ assertEnvVar GROUPERWS_PROXY_PASS "#"
+ assertEnvVar GROUPERWS_URL_CONTEXT "grouper-ws"
+ assertEnvVar GROUPER_CHOWN_DIRS "true"
+ assertEnvVar GROUPER_CONTAINER_VERSION "$containerVersion"
+ assertEnvVar GROUPER_DAEMON "false"
+ assertEnvVar GROUPER_GSH_CHECK_USER "true"
+ assertEnvVar GROUPER_GSH_USER "tomcat"
+ assertEnvVar GROUPER_HOME "/opt/grouper/grouperWebapp/WEB-INF"
+ assertEnvVar GROUPER_LOG_PREFIX "grouper-ui"
+ assertEnvVar GROUPER_MAX_MEMORY "1500m"
+ assertEnvVar GROUPER_PROXY_PASS ""
+ assertEnvVar GROUPER_RUN_PROCESSES_AS_USERS "true"
+ assertEnvVar GROUPER_RUN_TOMCAT "true"
+ assertEnvVar GROUPER_TOMCAT_CONTEXT "grouper"
+ assertEnvVar GROUPER_UI "true"
+ assertEnvVar GROUPER_UI_CONFIGURATION_EDITOR_SOURCEIPADDRESSES "1.1.1.1/32"
+ assertEnvVar GROUPER_UI_GROUPER_AUTH "false"
+ assertEnvVar GROUPER_UI_ONLY "true"
+ assertEnvVar GROUPER_URL_CONTEXT "grouper"
+ assertEnvVar GROUPER_USE_SSL "true"
+ assertEnvVar GROUPER_WS "false"
+ assertEnvVar GROUPER_WS_GROUPER_AUTH "false"
+
+ assertNumberOfTomcatProcesses 1
+
+ assertNotListeningOnPort 443
+ assertNotListeningOnPort 80
+ assertListeningOnPort 8009
+ assertNotListeningOnPort 9001
+
+
+}
+export -f testContainerUiSubimage
diff --git a/container_files/tier-support/test/grouperContainerUnitTestUiSubimageNonroot.sh b/container_files/tier-support/test/grouperContainerUnitTestUiSubimageNonroot.sh
new file mode 100644
index 00000000..88925c26
--- /dev/null
+++ b/container_files/tier-support/test/grouperContainerUnitTestUiSubimageNonroot.sh
@@ -0,0 +1,80 @@
+#!/bin/bash
+
+testContainerUiSubimageNonroot() {
+
+ if [ "$#" -ne 0 ]; then
+ echo "You must enter exactly 0 command line arguments"
+ exit 1
+ fi
+
+ dockerRemoveContainer
+ dockerRemoveSubimage
+
+ subimageId="my_$containerName"
+ subimageName="$subimageId:latest"
+ myId="$(id -u)"
+
+ echo "" > Dockerfile
+ echo "FROM $imageName" >> Dockerfile
+ echo "RUN /usr/local/bin/changeUid.sh tomcat $myId" >> Dockerfile
+ echo "" >> Dockerfile
+
+ echo
+ echo '################'
+ echo Running container with subimage as ui without root
+ echo cat DockerFile
+ cat Dockerfile
+ echo "docker build -t $subimageId ."
+ echo "docker run --detach --name $containerName -u $myId --publish 8080:8080 $subimageId ui"
+ echo '################'
+ echo
+
+ docker build -t "$subimageId" .
+
+ docker run --detach --name $containerName -u $myId --publish 8080:8080 $subimageId ui
+ sleep $globalSleepSecondsAfterRun
+
+ assertFileExists /opt/grouper/grouperWebapp/WEB-INF/libWs/axis2-kernel-1.6.4.jar
+ assertFileNotExists /opt/grouper/grouperWebapp/WEB-INF/lib/axis2-kernel-1.6.4.jar
+ assertFileNotExists /opt/grouper/grouperWebapp/WEB-INF/lib/stax-api-1.0-2.jar
+ assertFileExists "/opt/grouper/grouperWebapp/WEB-INF/lib/grouper-messaging-activemq-$grouperVersion.jar"
+ assertFileExists "/opt/grouper/grouperWebapp/WEB-INF/libUiAndDaemon/grouper-messaging-activemq-$grouperVersion.jar"
+
+ assertFileContains /opt/grouper/grouperWebapp/WEB-INF/classes/log4j2.xml "grouper-ui;"
+
+ assertFileNotContains /opt/grouper/grouperWebapp/WEB-INF/classes/grouper.hibernate.properties grouperPasswordConfigOverride_UI_GrouperSystem_pass.elConfig
+ assertFileNotContains /opt/grouper/grouperWebapp/WEB-INF/classes/grouper.hibernate.properties thisPassIsCopyrightedDontUse
+
+ assertEnvVar GROUPERWS_PROXY_PASS "#"
+ assertEnvVar GROUPERWS_URL_CONTEXT "grouper-ws"
+ assertEnvVarNot GROUPER_CHOWN_DIRS "true"
+ assertEnvVar GROUPER_CONTAINER_VERSION "$containerVersion"
+ assertEnvVar GROUPER_DAEMON "false"
+ assertEnvVar GROUPER_GSH_CHECK_USER "true"
+ assertEnvVar GROUPER_GSH_USER "tomcat"
+ assertEnvVar GROUPER_HOME "/opt/grouper/grouperWebapp/WEB-INF"
+ assertEnvVar GROUPER_LOG_PREFIX "grouper-ui"
+ assertEnvVar GROUPER_MAX_MEMORY "1500m"
+ assertEnvVar GROUPER_PROXY_PASS ""
+ assertEnvVar GROUPER_RUN_PROCESSES_AS_USERS "true"
+ assertEnvVar GROUPER_RUN_TOMCAT "true"
+ assertEnvVar GROUPER_TOMCAT_CONTEXT "grouper"
+ assertEnvVar GROUPER_UI "true"
+ assertEnvVar GROUPER_UI_CONFIGURATION_EDITOR_SOURCEIPADDRESSES "127.0.0.1/32"
+ assertEnvVar GROUPER_UI_GROUPER_AUTH "false"
+ assertEnvVar GROUPER_UI_ONLY "true"
+ assertEnvVar GROUPER_URL_CONTEXT "grouper"
+ assertEnvVar GROUPER_USE_SSL "true"
+ assertEnvVar GROUPER_WS "false"
+ assertEnvVar GROUPER_WS_GROUPER_AUTH "false"
+
+ #tomcat doesnt like no database there
+ #assertNumberOfTomcatProcesses 13
+
+ assertNotListeningOnPort 443
+ assertNotListeningOnPort 80
+ assertListeningOnPort 8009
+ assertNotListeningOnPort 9001
+
+}
+export -f testContainerUiSubimageNonroot
diff --git a/container_files/tier-support/test/grouperContainerUnitTestWs.sh b/container_files/tier-support/test/grouperContainerUnitTestWs.sh
new file mode 100644
index 00000000..3afd3eac
--- /dev/null
+++ b/container_files/tier-support/test/grouperContainerUnitTestWs.sh
@@ -0,0 +1,69 @@
+#!/bin/bash
+
+testContainerWs() {
+
+ if [ "$#" -ne 0 ]; then
+ echo "You must enter exactly 0 command line arguments"
+ exit 1
+ fi
+
+ dockerRemoveContainer
+
+ echo
+ echo '################'
+ echo Running container as ws
+ echo "docker run --detach --name $containerName --publish 443:443 -e GROUPER_SELF_SIGNED_CERT=true $imageName ws"
+ echo '################'
+ echo
+
+ docker run --detach --name $containerName --publish 443:443 -e GROUPER_SELF_SIGNED_CERT=true $imageName ws
+ sleep $globalSleepSecondsAfterRun
+
+ assertFileExists /opt/grouper/grouperWebapp/WEB-INF/libWs/axis2-kernel-1.6.4.jar
+ assertFileExists /opt/grouper/grouperWebapp/WEB-INF/lib/axis2-kernel-1.6.4.jar
+ assertFileNotExists /opt/grouper/grouperWebapp/WEB-INF/lib/stax-api-1.0-2.jar
+ assertFileNotExists "/opt/grouper/grouperWebapp/WEB-INF/lib/grouper-messaging-activemq-$grouperVersion.jar"
+ assertFileExists "/opt/grouper/grouperWebapp/WEB-INF/libUiAndDaemon/grouper-messaging-activemq-$grouperVersion.jar"
+
+ assertFileNotContains /opt/grouper/grouperWebapp/WEB-INF/web.xml "<auth-method>BASIC</auth-method>"
+ assertFileNotContains /opt/tomcat/conf/server.xml 'tomcatAuthentication="true"'
+ assertFileContains /opt/tomcat/conf/server.xml 'tomcatAuthentication="false"'
+
+ assertFileContains /opt/tomcat/conf/Catalina/localhost/grouper-ws.xml 'cookies="false"'
+ assertFileContains /opt/tomcat/conf/web.xml "<session-timeout>1</session-timeout>"
+
+ assertFileContains /opt/grouper/grouperWebapp/WEB-INF/classes/log4j2.xml "grouper-ws;"
+
+ assertEnvVar GROUPERWS_PROXY_PASS ""
+ assertEnvVar GROUPERWS_URL_CONTEXT "grouper-ws"
+ assertEnvVar GROUPER_CHOWN_DIRS "true"
+ assertEnvVar GROUPER_CONTAINER_VERSION "$containerVersion"
+ assertEnvVar GROUPER_DAEMON "false"
+ assertEnvVar GROUPER_GSH_CHECK_USER "true"
+ assertEnvVar GROUPER_GSH_USER "tomcat"
+ assertEnvVar GROUPER_HOME "/opt/grouper/grouperWebapp/WEB-INF"
+ assertEnvVar GROUPER_LOG_PREFIX "grouper-ws"
+ assertEnvVar GROUPER_MAX_MEMORY "1500m"
+ assertEnvVar GROUPER_PROXY_PASS "#"
+ assertEnvVar GROUPER_RUN_PROCESSES_AS_USERS "true"
+ assertEnvVar GROUPER_RUN_TOMCAT "true"
+ assertEnvVar GROUPER_TOMCAT_CONTEXT "grouper-ws"
+ assertEnvVar GROUPER_UI "false"
+ assertEnvVar GROUPER_UI_CONFIGURATION_EDITOR_SOURCEIPADDRESSES "127.0.0.1/32"
+ assertEnvVar GROUPER_UI_GROUPER_AUTH "false"
+ assertEnvVarNot GROUPER_UI_ONLY "true"
+ assertEnvVar GROUPER_URL_CONTEXT "grouper"
+ assertEnvVar GROUPER_USE_SSL "true"
+ assertEnvVar GROUPER_WS "true"
+ assertEnvVar GROUPER_WS_GROUPER_AUTH "false"
+ assertEnvVar GROUPER_WS_ONLY "true"
+
+ assertNumberOfTomcatProcesses 1
+
+ assertListeningOnPort 443
+ assertListeningOnPort 80
+ assertListeningOnPort 8009
+ assertNotListeningOnPort 9001
+
+}
+export -f testContainerWs
diff --git a/container_files/tier-support/test/grouperContainerUnitTestWsAuthn.sh b/container_files/tier-support/test/grouperContainerUnitTestWsAuthn.sh
new file mode 100644
index 00000000..5d820422
--- /dev/null
+++ b/container_files/tier-support/test/grouperContainerUnitTestWsAuthn.sh
@@ -0,0 +1,69 @@
+#!/bin/bash
+
+testContainerWsAuthn() {
+
+ if [ "$#" -ne 0 ]; then
+ echo "You must enter exactly 0 command line arguments"
+ exit 1
+ fi
+
+ dockerRemoveContainer
+
+ echo
+ echo '################'
+ echo Running container as ws with tomcat authn
+ echo "docker run --detach --name $containerName --publish 443:443 -e GROUPER_SELF_SIGNED_CERT=true -e GROUPER_WS_TOMCAT_AUTHN=true $imageName ws"
+ echo '################'
+ echo
+
+ docker run --detach --name $containerName --publish 443:443 -e GROUPER_SELF_SIGNED_CERT=true -e GROUPER_WS_TOMCAT_AUTHN=true $imageName ws
+ sleep $globalSleepSecondsAfterRun
+
+ assertFileExists /opt/grouper/grouperWebapp/WEB-INF/libWs/axis2-kernel-1.6.4.jar
+ assertFileExists /opt/grouper/grouperWebapp/WEB-INF/lib/axis2-kernel-1.6.4.jar
+ assertFileNotExists /opt/grouper/grouperWebapp/WEB-INF/lib/stax-api-1.0-2.jar
+ assertFileNotExists "/opt/grouper/grouperWebapp/WEB-INF/lib/grouper-messaging-activemq-$grouperVersion.jar"
+ assertFileExists "/opt/grouper/grouperWebapp/WEB-INF/libUiAndDaemon/grouper-messaging-activemq-$grouperVersion.jar"
+
+ assertFileContains /opt/grouper/grouperWebapp/WEB-INF/web.xml "<auth-method>BASIC</auth-method>"
+ assertFileContains /opt/tomcat/conf/server.xml 'tomcatAuthentication="true"'
+ assertFileNotContains /opt/tomcat/conf/server.xml 'tomcatAuthentication="false"'
+
+ assertFileContains /opt/tomcat/conf/Catalina/localhost/grouper-ws.xml 'cookies="false"'
+ assertFileContains /opt/tomcat/conf/web.xml "<session-timeout>1</session-timeout>"
+
+ assertFileContains /opt/grouper/grouperWebapp/WEB-INF/classes/log4j2.xml "grouper-ws;"
+
+ assertEnvVar GROUPERWS_PROXY_PASS ""
+ assertEnvVar GROUPERWS_URL_CONTEXT "grouper-ws"
+ assertEnvVar GROUPER_CHOWN_DIRS "true"
+ assertEnvVar GROUPER_CONTAINER_VERSION "$containerVersion"
+ assertEnvVar GROUPER_DAEMON "false"
+ assertEnvVar GROUPER_GSH_CHECK_USER "true"
+ assertEnvVar GROUPER_GSH_USER "tomcat"
+ assertEnvVar GROUPER_HOME "/opt/grouper/grouperWebapp/WEB-INF"
+ assertEnvVar GROUPER_LOG_PREFIX "grouper-ws"
+ assertEnvVar GROUPER_MAX_MEMORY "1500m"
+ assertEnvVar GROUPER_PROXY_PASS "#"
+ assertEnvVar GROUPER_RUN_PROCESSES_AS_USERS "true"
+ assertEnvVar GROUPER_RUN_TOMCAT "true"
+ assertEnvVar GROUPER_TOMCAT_CONTEXT "grouper-ws"
+ assertEnvVar GROUPER_UI "false"
+ assertEnvVar GROUPER_UI_CONFIGURATION_EDITOR_SOURCEIPADDRESSES "127.0.0.1/32"
+ assertEnvVar GROUPER_UI_GROUPER_AUTH "false"
+ assertEnvVarNot GROUPER_UI_ONLY "true"
+ assertEnvVar GROUPER_URL_CONTEXT "grouper"
+ assertEnvVar GROUPER_USE_SSL "true"
+ assertEnvVar GROUPER_WS "true"
+ assertEnvVar GROUPER_WS_GROUPER_AUTH "false"
+ assertEnvVar GROUPER_WS_ONLY "true"
+
+ assertNumberOfTomcatProcesses 1
+
+ assertListeningOnPort 443
+ assertListeningOnPort 80
+ assertListeningOnPort 8009
+ assertNotListeningOnPort 9001
+
+}
+export -f testContainerWsAuthn
diff --git a/container_files/tier-support/test/rebuildTestContainer.sh b/container_files/tier-support/test/rebuildTestContainer.sh
new file mode 100644
index 00000000..89d6e33d
--- /dev/null
+++ b/container_files/tier-support/test/rebuildTestContainer.sh
@@ -0,0 +1,30 @@
+#/bin/bash
+
+if [ "$#" -ne 3 ]; then
+ echo "You must enter exactly 3 command line arguments: grouper base image name, grouper base container version, grouper_container_git_base_dir"
+ echo "rebuildTestContainer.sh i2incommon/grouper:2.5.35 2.5.35 /mnt/c/git/grouper_container"
+ exit 1
+fi
+
+export grouperBaseImageName=$1
+export grouperBaseContainerVersion=$2
+export grouperContainerGitPath=$3
+export subimageName=my-grouper-$2
+
+export reldir=`dirname $0`
+cd $reldir
+
+# /mnt/c/mchyzer/git/grouper_container
+mkdir -p slashRoot/usr/local/bin
+rsync -avzpl $grouperContainerGitPath/container_files/usr-local-bin/* slashRoot/usr/local/bin
+
+rsync -avzpl $grouperContainerGitPath/container_files/tier-support/test/grouper*.sh $reldir
+
+#mkdir -p slashRoot/opt/tomcat/conf
+#rsync -avzpl $grouperContainerGitPath/container_files/tomcat/conf/* slashRoot/opt/tomcat/conf/
+
+sed -i "s|__BASE_CONTAINER__|$grouperBaseImageName|g" "testContainer.Dockerfile"
+
+docker build -f testContainer.Dockerfile -t $subimageName --build-arg GROUPER_VERSION=$grouperBaseContainerVersion $reldir
+
+echo "Run tests with: ./grouperContainerUnitTest.sh grouper-test $subimageName:latest $grouperBaseContainerVersion $grouperBaseContainerVersion"
diff --git a/container_files/tier-support/test/testContainer.Dockerfile b/container_files/tier-support/test/testContainer.Dockerfile
new file mode 100644
index 00000000..2e67420b
--- /dev/null
+++ b/container_files/tier-support/test/testContainer.Dockerfile
@@ -0,0 +1,10 @@
+# this matches the version you decided on from release notes
+ARG GROUPER_VERSION=__BASE_CONTAINER__
+
+# --build-arg GROUPER_VERSION=${VARIABLE_NAME} i2incommon/grouper:${GROUPER_VERSION}
+FROM i2incommon/grouper:__BASE_CONTAINER__
+
+# this will overlay all the files from /opt/grouperContainer/slashRoot on to /
+COPY slashRoot /
+
+RUN /opt/container_files/docker-build-bin/containerDockerfileInstallPermissions.sh tomcat root
\ No newline at end of file
diff --git a/container_files/tier-support/web.wsTomcatAuthn.xml b/container_files/tier-support/web.wsTomcatAuthn.xml
new file mode 100644
index 00000000..0062ba9e
--- /dev/null
+++ b/container_files/tier-support/web.wsTomcatAuthn.xml
@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<web-app xmlns:j2ee="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
+ version="2.4">
+
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Web services</web-resource-name>
+ <url-pattern>/services/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>grouper_user</role-name>
+ </auth-constraint>
+ </security-constraint>
+
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Web services</web-resource-name>
+ <url-pattern>/servicesRest/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <!-- NOTE: This role is not present in the default users file -->
+ <role-name>grouper_user</role-name>
+ </auth-constraint>
+ </security-constraint>
+
+ <!-- Define the Login Configuration for this Application -->
+ <login-config>
+ <auth-method>BASIC</auth-method>
+ <realm-name>Grouper Application</realm-name>
+ </login-config>
+
+ <!-- Security roles referenced by this web application -->
+ <security-role>
+ <description>
+ The role that is required to log in to web service
+ </description>
+ <role-name>grouper_user</role-name>
+ </security-role>
+
+</web-app>
\ No newline at end of file
diff --git a/container_files/tomcat/bin/setenv.sh b/container_files/tomcat/bin/setenv.sh
index c6130b5c..cc7c73a2 100755
--- a/container_files/tomcat/bin/setenv.sh
+++ b/container_files/tomcat/bin/setenv.sh
@@ -1,3 +1,7 @@
CLASSPATH=/opt/tomcat/bin/*
-JAVA_OPTS="-Dlog4j.configurationFile=/opt/tomcat/conf/log4j2.xml -DENV=$ENV -DUSERTOKEN=$USERTOKEN"
-LOGGING_MANAGER=-Djava.util.logging.manager=org.apache.logging.log4j.jul.LogManager
\ No newline at end of file
+GROUPER_ADD_OPENS="--add-opens java.base/java.lang=ALL-UNNAMED \
+ --add-opens java.base/java.util=ALL-UNNAMED \
+ --add-opens java.sql/java.sql=ALL-UNNAMED"
+#JAVA_OPTS="-Dlog4j.configurationFile=/opt/tomcat/conf/log4j2.xml -DENV=$ENV -DUSERTOKEN=$USERTOKEN"
+CATALINA_OPTS="-Xmx$GROUPER_MAX_MEMORY -XX:+UseG1GC -XX:+UseStringDeduplication -Dlog4j.configurationFile=/opt/tomcat/conf/log4j2.xml -DENV='$ENV' -DUSERTOKEN='$USERTOKEN' -Dfile.encoding=UTF-8 -Djavax.net.ssl.trustStore=/etc/pki/java/cacerts $GROUPER_ADD_OPENS $GROUPER_EXTRA_CATALINA_OPTS"
+LOGGING_MANAGER=-Djava.util.logging.manager=org.apache.logging.log4j.jul.LogManager
diff --git a/container_files/tomcat/conf/Catalina/localhost/grouper.xml b/container_files/tomcat/conf/Catalina/localhost/grouper.xml
new file mode 100644
index 00000000..66652991
--- /dev/null
+++ b/container_files/tomcat/conf/Catalina/localhost/grouper.xml
@@ -0,0 +1,3 @@
+<Context docBase="/opt/grouper/grouperWebapp/" path="/__GROUPER_TOMCAT_CONTEXT__" reloadable="false" cookies="__GROUPER_CONTEXT_COOKIES__" >
+ <Resources allowLinking="true" />
+</Context>
diff --git a/container_files/tomcat/conf/log4j2.xml b/container_files/tomcat/conf/log4j2.xml
deleted file mode 100644
index 673de68c..00000000
--- a/container_files/tomcat/conf/log4j2.xml
+++ /dev/null
@@ -1,26 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Configuration status="info">
- <Properties>
- <Property name="layout">%d [%t] %-5p %c- %m%n</Property>
- </Properties>
- <Appenders>
- <File name="CATALINA"
- fileName="/tmp/logpipe">
- <PatternLayout pattern="tomcat;catalina.out;${env:ENV};${env:USERTOKEN};${layout}"/>
- </File>
- <File name="LOCALHOST"
- fileName="/tmp/logpipe">
- <PatternLayout pattern="tomcat;localhost.log;${env:ENV};${env:USERTOKEN};${layout}"/>
- </File>
-
- </Appenders>
- <Loggers>
- <Root level="info">
- <AppenderRef ref="CATALINA"/>
- </Root>
- <Logger name="org.apache.catalina.core.ContainerBase.[Catalina].[localhost]"
- level="info" additivity="false">
- <AppenderRef ref="LOCALHOST"/>
- </Logger>
- </Loggers>
-</Configuration>
\ No newline at end of file
diff --git a/container_files/tomcat/conf/server.xml.nologging b/container_files/tomcat/conf/server.xml.nologging
new file mode 100644
index 00000000..dee41a15
--- /dev/null
+++ b/container_files/tomcat/conf/server.xml.nologging
@@ -0,0 +1,165 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<!-- Note: A "Server" is not itself a "Container", so you may not
+ define subcomponents such as "Valves" at this level.
+ Documentation at /docs/config/server.html
+ -->
+<Server port="8005" shutdown="SHUTDOWN">
+ <Listener className="org.apache.catalina.startup.VersionLoggerListener" />
+ <!-- Security listener. Documentation at /docs/config/listeners.html
+ <Listener className="org.apache.catalina.security.SecurityListener" />
+ -->
+ <!-- APR library loader. Documentation at /docs/apr.html -->
+ <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
+ <!-- Prevent memory leaks due to use of particular java/javax APIs-->
+ <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
+ <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
+ <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
+
+ <!-- Global JNDI resources
+ Documentation at /docs/jndi-resources-howto.html
+ -->
+ <GlobalNamingResources>
+ <!-- Editable user database that can also be used by
+ UserDatabaseRealm to authenticate users
+ -->
+ <Resource name="UserDatabase" auth="Container"
+ type="org.apache.catalina.UserDatabase"
+ description="User database that can be updated and saved"
+ factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
+ pathname="conf/tomcat-users.xml" />
+ </GlobalNamingResources>
+
+ <!-- A "Service" is a collection of one or more "Connectors" that share
+ a single "Container" Note: A "Service" is not itself a "Container",
+ so you may not define subcomponents such as "Valves" at this level.
+ Documentation at /docs/config/service.html
+ -->
+ <Service name="Catalina">
+
+ <!--The connectors can use a shared executor, you can define one or more named thread pools-->
+ <!--
+ <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
+ maxThreads="150" minSpareThreads="4"/>
+ -->
+
+
+ <!-- A "Connector" represents an endpoint by which requests are received
+ and responses are returned. Documentation at :
+ Java HTTP Connector: /docs/config/http.html
+ Java AJP Connector: /docs/config/ajp.html
+ APR (HTTP/AJP) Connector: /docs/apr.html
+ Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
+ -->
+ <Connector port="8080" protocol="HTTP/1.1"
+ connectionTimeout="20000"
+ redirectPort="8443" />
+ <!-- A "Connector" using the shared thread pool-->
+ <!--
+ <Connector executor="tomcatThreadPool"
+ port="8080" protocol="HTTP/1.1"
+ connectionTimeout="20000"
+ redirectPort="8443" />
+ -->
+ <!-- Define an SSL/TLS HTTP/1.1 Connector on port 8443
+ This connector uses the NIO implementation. The default
+ SSLImplementation will depend on the presence of the APR/native
+ library and the useOpenSSL attribute of the AprLifecycleListener.
+ Either JSSE or OpenSSL style configuration may be used regardless of
+ the SSLImplementation selected. JSSE style configuration is used below.
+ -->
+ <!--
+ <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
+ maxThreads="150" SSLEnabled="true">
+ <SSLHostConfig>
+ <Certificate certificateKeystoreFile="conf/localhost-rsa.jks"
+ type="RSA" />
+ </SSLHostConfig>
+ </Connector>
+ -->
+ <!-- Define an SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2
+ This connector uses the APR/native implementation which always uses
+ OpenSSL for TLS.
+ Either JSSE or OpenSSL style configuration may be used. OpenSSL style
+ configuration is used below.
+ -->
+ <!--
+ <Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol"
+ maxThreads="150" SSLEnabled="true" >
+ <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
+ <SSLHostConfig>
+ <Certificate certificateKeyFile="conf/localhost-rsa-key.pem"
+ certificateFile="conf/localhost-rsa-cert.pem"
+ certificateChainFile="conf/localhost-rsa-chain.pem"
+ type="RSA" />
+ </SSLHostConfig>
+ </Connector>
+ -->
+
+ <!-- Define an AJP 1.3 Connector on port 8009 -->
+ <Connector secretRequired="false" secure="true" scheme="https" URIEncoding="UTF-8" tomcatAuthentication="false" port="8009" protocol="AJP/1.3" redirectPort="8443" />
+
+ <!-- An Engine represents the entry point (within Catalina) that processes
+ every request. The Engine implementation for Tomcat stand alone
+ analyzes the HTTP headers included with the request, and passes them
+ on to the appropriate Host (virtual host).
+ Documentation at /docs/config/engine.html -->
+
+ <!-- You should set jvmRoute to support load-balancing via AJP ie :
+ <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
+ -->
+ <Engine name="Catalina" defaultHost="localhost">
+
+ <!--For clustering, please take a look at documentation at:
+ /docs/cluster-howto.html (simple how to)
+ /docs/config/cluster.html (reference documentation) -->
+ <!--
+ <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
+ -->
+
+ <!-- Use the LockOutRealm to prevent attempts to guess user passwords
+ via a brute-force attack -->
+ <Realm className="org.apache.catalina.realm.LockOutRealm">
+ <!-- This Realm uses the UserDatabase configured in the global JNDI
+ resources under the key "UserDatabase". Any edits
+ that are performed against this UserDatabase are immediately
+ available for use by the Realm. -->
+ <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
+ resourceName="UserDatabase"/>
+ </Realm>
+
+ <Host name="localhost" appBase="webapps"
+ unpackWARs="true" autoDeploy="true">
+
+ <!-- SingleSignOn valve, share authentication between web applications
+ Documentation at: /docs/config/valve.html -->
+ <!--
+ <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
+ -->
+
+ <!-- Access log processes all example.
+ Documentation at: /docs/config/valve.html
+ Note: The pattern used is equivalent to using pattern="common" -->
+
+
+
+
+ </Host>
+ </Engine>
+ </Service>
+</Server>
diff --git a/container_files/tomcat/conf/server.xml.nologging.patch b/container_files/tomcat/conf/server.xml.nologging.patch
new file mode 100644
index 00000000..bcd7aa61
--- /dev/null
+++ b/container_files/tomcat/conf/server.xml.nologging.patch
@@ -0,0 +1,15 @@
+--- server.xml.turnOnAjp 2023-01-17 12:53:45.160869124 -0500
++++ server.xml.nologging 2023-01-17 12:57:49.045158802 -0500
+@@ -155,9 +155,9 @@
+ <!-- Access log processes all example.
+ Documentation at: /docs/config/valve.html
+ Note: The pattern used is equivalent to using pattern="common" -->
+- <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
+- prefix="localhost_access_log" suffix=".txt"
+- pattern="%h %l %u %t "%r" %s %b" />
++
++
++
+
+ </Host>
+ </Engine>
diff --git a/container_files/tomcat/conf/server.xml b/container_files/tomcat/conf/server.xml.original
similarity index 92%
rename from container_files/tomcat/conf/server.xml
rename to container_files/tomcat/conf/server.xml.original
index 9610fc7d..1e8139dd 100644
--- a/container_files/tomcat/conf/server.xml
+++ b/container_files/tomcat/conf/server.xml.original
@@ -24,7 +24,7 @@
<!-- Security listener. Documentation at /docs/config/listeners.html
<Listener className="org.apache.catalina.security.SecurityListener" />
-->
- <!--APR library loader. Documentation at /docs/apr.html -->
+ <!-- APR library loader. Documentation at /docs/apr.html -->
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
<!-- Prevent memory leaks due to use of particular java/javax APIs-->
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
@@ -38,13 +38,11 @@
<!-- Editable user database that can also be used by
UserDatabaseRealm to authenticate users
-->
-<!--
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
--->
</GlobalNamingResources>
<!-- A "Service" is a collection of one or more "Connectors" that share
@@ -68,7 +66,7 @@
APR (HTTP/AJP) Connector: /docs/apr.html
Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
-->
- <Connector port="8080" protocol="HTTP/1.1" URIEncoding="UTF-8"
+ <Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
<!-- A "Connector" using the shared thread pool-->
@@ -78,11 +76,10 @@
connectionTimeout="20000"
redirectPort="8443" />
-->
- <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443
+ <!-- Define an SSL/TLS HTTP/1.1 Connector on port 8443
This connector uses the NIO implementation. The default
SSLImplementation will depend on the presence of the APR/native
- library and the useOpenSSL attribute of the
- AprLifecycleListener.
+ library and the useOpenSSL attribute of the AprLifecycleListener.
Either JSSE or OpenSSL style configuration may be used regardless of
the SSLImplementation selected. JSSE style configuration is used below.
-->
@@ -95,7 +92,7 @@
</SSLHostConfig>
</Connector>
-->
- <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2
+ <!-- Define an SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2
This connector uses the APR/native implementation which always uses
OpenSSL for TLS.
Either JSSE or OpenSSL style configuration may be used. OpenSSL style
@@ -115,8 +112,12 @@
-->
<!-- Define an AJP 1.3 Connector on port 8009 -->
- <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" tomcatAuthentication="false" URIEncoding="UTF-8" />
-
+ <!--
+ <Connector protocol="AJP/1.3"
+ address="::1"
+ port="8009"
+ redirectPort="8443" />
+ -->
<!-- An Engine represents the entry point (within Catalina) that processes
every request. The Engine implementation for Tomcat stand alone
@@ -143,10 +144,8 @@
resources under the key "UserDatabase". Any edits
that are performed against this UserDatabase are immediately
available for use by the Realm. -->
-<!--
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
--->
</Realm>
<Host name="localhost" appBase="webapps"
@@ -161,11 +160,9 @@
<!-- Access log processes all example.
Documentation at: /docs/config/valve.html
Note: The pattern used is equivalent to using pattern="common" -->
- <!-- Managing through Apache HTTPD Server config
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log" suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
- -->
</Host>
</Engine>
diff --git a/container_files/tomcat/conf/server.xml.turnOnAjp b/container_files/tomcat/conf/server.xml.turnOnAjp
new file mode 100644
index 00000000..66ba7e96
--- /dev/null
+++ b/container_files/tomcat/conf/server.xml.turnOnAjp
@@ -0,0 +1,165 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<!-- Note: A "Server" is not itself a "Container", so you may not
+ define subcomponents such as "Valves" at this level.
+ Documentation at /docs/config/server.html
+ -->
+<Server port="8005" shutdown="SHUTDOWN">
+ <Listener className="org.apache.catalina.startup.VersionLoggerListener" />
+ <!-- Security listener. Documentation at /docs/config/listeners.html
+ <Listener className="org.apache.catalina.security.SecurityListener" />
+ -->
+ <!-- APR library loader. Documentation at /docs/apr.html -->
+ <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
+ <!-- Prevent memory leaks due to use of particular java/javax APIs-->
+ <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
+ <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
+ <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
+
+ <!-- Global JNDI resources
+ Documentation at /docs/jndi-resources-howto.html
+ -->
+ <GlobalNamingResources>
+ <!-- Editable user database that can also be used by
+ UserDatabaseRealm to authenticate users
+ -->
+ <Resource name="UserDatabase" auth="Container"
+ type="org.apache.catalina.UserDatabase"
+ description="User database that can be updated and saved"
+ factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
+ pathname="conf/tomcat-users.xml" />
+ </GlobalNamingResources>
+
+ <!-- A "Service" is a collection of one or more "Connectors" that share
+ a single "Container" Note: A "Service" is not itself a "Container",
+ so you may not define subcomponents such as "Valves" at this level.
+ Documentation at /docs/config/service.html
+ -->
+ <Service name="Catalina">
+
+ <!--The connectors can use a shared executor, you can define one or more named thread pools-->
+ <!--
+ <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
+ maxThreads="150" minSpareThreads="4"/>
+ -->
+
+
+ <!-- A "Connector" represents an endpoint by which requests are received
+ and responses are returned. Documentation at :
+ Java HTTP Connector: /docs/config/http.html
+ Java AJP Connector: /docs/config/ajp.html
+ APR (HTTP/AJP) Connector: /docs/apr.html
+ Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
+ -->
+ <Connector port="8080" protocol="HTTP/1.1"
+ connectionTimeout="20000"
+ redirectPort="8443" />
+ <!-- A "Connector" using the shared thread pool-->
+ <!--
+ <Connector executor="tomcatThreadPool"
+ port="8080" protocol="HTTP/1.1"
+ connectionTimeout="20000"
+ redirectPort="8443" />
+ -->
+ <!-- Define an SSL/TLS HTTP/1.1 Connector on port 8443
+ This connector uses the NIO implementation. The default
+ SSLImplementation will depend on the presence of the APR/native
+ library and the useOpenSSL attribute of the AprLifecycleListener.
+ Either JSSE or OpenSSL style configuration may be used regardless of
+ the SSLImplementation selected. JSSE style configuration is used below.
+ -->
+ <!--
+ <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
+ maxThreads="150" SSLEnabled="true">
+ <SSLHostConfig>
+ <Certificate certificateKeystoreFile="conf/localhost-rsa.jks"
+ type="RSA" />
+ </SSLHostConfig>
+ </Connector>
+ -->
+ <!-- Define an SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2
+ This connector uses the APR/native implementation which always uses
+ OpenSSL for TLS.
+ Either JSSE or OpenSSL style configuration may be used. OpenSSL style
+ configuration is used below.
+ -->
+ <!--
+ <Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol"
+ maxThreads="150" SSLEnabled="true" >
+ <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
+ <SSLHostConfig>
+ <Certificate certificateKeyFile="conf/localhost-rsa-key.pem"
+ certificateFile="conf/localhost-rsa-cert.pem"
+ certificateChainFile="conf/localhost-rsa-chain.pem"
+ type="RSA" />
+ </SSLHostConfig>
+ </Connector>
+ -->
+
+ <!-- Define an AJP 1.3 Connector on port 8009 -->
+ <Connector secretRequired="false" secure="true" scheme="https" URIEncoding="UTF-8" tomcatAuthentication="false" port="8009" protocol="AJP/1.3" redirectPort="8443" />
+
+ <!-- An Engine represents the entry point (within Catalina) that processes
+ every request. The Engine implementation for Tomcat stand alone
+ analyzes the HTTP headers included with the request, and passes them
+ on to the appropriate Host (virtual host).
+ Documentation at /docs/config/engine.html -->
+
+ <!-- You should set jvmRoute to support load-balancing via AJP ie :
+ <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
+ -->
+ <Engine name="Catalina" defaultHost="localhost">
+
+ <!--For clustering, please take a look at documentation at:
+ /docs/cluster-howto.html (simple how to)
+ /docs/config/cluster.html (reference documentation) -->
+ <!--
+ <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
+ -->
+
+ <!-- Use the LockOutRealm to prevent attempts to guess user passwords
+ via a brute-force attack -->
+ <Realm className="org.apache.catalina.realm.LockOutRealm">
+ <!-- This Realm uses the UserDatabase configured in the global JNDI
+ resources under the key "UserDatabase". Any edits
+ that are performed against this UserDatabase are immediately
+ available for use by the Realm. -->
+ <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
+ resourceName="UserDatabase"/>
+ </Realm>
+
+ <Host name="localhost" appBase="webapps"
+ unpackWARs="true" autoDeploy="true">
+
+ <!-- SingleSignOn valve, share authentication between web applications
+ Documentation at: /docs/config/valve.html -->
+ <!--
+ <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
+ -->
+
+ <!-- Access log processes all example.
+ Documentation at: /docs/config/valve.html
+ Note: The pattern used is equivalent to using pattern="common" -->
+ <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
+ prefix="localhost_access_log" suffix=".txt"
+ pattern="%h %l %u %t "%r" %s %b" />
+
+ </Host>
+ </Engine>
+ </Service>
+</Server>
diff --git a/container_files/tomcat/conf/server.xml.turnOnAjp.patch b/container_files/tomcat/conf/server.xml.turnOnAjp.patch
new file mode 100644
index 00000000..5b83d7d8
--- /dev/null
+++ b/container_files/tomcat/conf/server.xml.turnOnAjp.patch
@@ -0,0 +1,16 @@
+--- server.xml.original 2023-01-17 12:49:38.405305157 -0500
++++ server.xml.turnOnAjp 2023-01-17 12:53:45.160869124 -0500
+@@ -112,12 +112,7 @@
+ -->
+
+ <!-- Define an AJP 1.3 Connector on port 8009 -->
+- <!--
+- <Connector protocol="AJP/1.3"
+- address="::1"
+- port="8009"
+- redirectPort="8443" />
+- -->
++ <Connector secretRequired="false" secure="true" scheme="https" URIEncoding="UTF-8" tomcatAuthentication="false" port="8009" protocol="AJP/1.3" redirectPort="8443" address="0.0.0.0" allowedRequestAttributesPattern=".*" />
+
+ <!-- An Engine represents the entry point (within Catalina) that processes
+ every request. The Engine implementation for Tomcat stand alone
diff --git a/container_files/tomee/conf/server.xml b/container_files/tomcat/conf/server.xml.v2_5_29
similarity index 85%
rename from container_files/tomee/conf/server.xml
rename to container_files/tomcat/conf/server.xml.v2_5_29
index e5c89967..4c803d8c 100644
--- a/container_files/tomee/conf/server.xml
+++ b/container_files/tomcat/conf/server.xml.v2_5_29
@@ -1,164 +1,169 @@
-<?xml version='1.0' encoding='utf-8'?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
--->
-<!-- Note: A "Server" is not itself a "Container", so you may not
- define subcomponents such as "Valves" at this level.
- Documentation at /docs/config/server.html
- -->
-<Server port="8005" shutdown="SHUTDOWN">
- <!-- TomEE plugin for Tomcat -->
- <Listener className="org.apache.tomee.catalina.ServerListener" />
- <Listener className="org.apache.catalina.startup.VersionLoggerListener" />
- <!-- Security listener. Documentation at /docs/config/listeners.html
- <Listener className="org.apache.catalina.security.SecurityListener" />
- -->
- <!--APR library loader. Documentation at /docs/apr.html -->
- <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
- <!-- Prevent memory leaks due to use of particular java/javax APIs-->
- <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
- <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
- <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
-
- <!-- Global JNDI resources
- Documentation at /docs/jndi-resources-howto.html
- -->
- <GlobalNamingResources>
- <!-- Editable user database that can also be used by
- UserDatabaseRealm to authenticate users
- -->
- <Resource name="UserDatabase" auth="Container"
- type="org.apache.catalina.UserDatabase"
- description="User database that can be updated and saved"
- factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
- pathname="conf/tomcat-users.xml" />
- </GlobalNamingResources>
-
- <!-- A "Service" is a collection of one or more "Connectors" that share
- a single "Container" Note: A "Service" is not itself a "Container",
- so you may not define subcomponents such as "Valves" at this level.
- Documentation at /docs/config/service.html
- -->
- <Service name="Catalina">
-
- <!--The connectors can use a shared executor, you can define one or more named thread pools-->
- <!--
- <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
- maxThreads="150" minSpareThreads="4"/>
- -->
-
-
- <!-- A "Connector" represents an endpoint by which requests are received
- and responses are returned. Documentation at :
- Java HTTP Connector: /docs/config/http.html
- Java AJP Connector: /docs/config/ajp.html
- APR (HTTP/AJP) Connector: /docs/apr.html
- Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
- -->
- <Connector port="8080" protocol="HTTP/1.1" URIEncoding="UTF-8"
- connectionTimeout="20000"
- redirectPort="8443" xpoweredBy="false" server="Apache TomEE" />
- <!-- A "Connector" using the shared thread pool-->
- <!--
- <Connector executor="tomcatThreadPool"
- port="8080" protocol="HTTP/1.1"
- connectionTimeout="20000"
- redirectPort="8443" />
- -->
- <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443
- This connector uses the NIO implementation with the JSSE engine. When
- using the JSSE engine, the JSSE configuration attributes must be used.
- -->
- <!--
- <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
- maxThreads="150" SSLEnabled="true">
- <SSLHostConfig>
- <Certificate certificateKeystoreFile="conf/localhost-rsa.jks"
- type="RSA" xpoweredBy="false" server="Apache TomEE" />
- </SSLHostConfig>
- </Connector>
- -->
- <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2
- This connector uses the APR/native implementation. When using the
- APR/native implementation or the OpenSSL engine with NIO or NIO2 then
- the OpenSSL configuration attributes must be used.
- -->
- <!--
- <Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol"
- maxThreads="150" SSLEnabled="true" >
- <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" xpoweredBy="false" server="Apache TomEE" />
- <SSLHostConfig>
- <Certificate certificateKeyFile="conf/localhost-rsa-key.pem"
- certificateFile="conf/localhost-rsa-cert.pem"
- certificateChainFile="conf/localhost-rsa-chain.pem"
- type="RSA" />
- </SSLHostConfig>
- </Connector>
- -->
-
- <!-- Define an AJP 1.3 Connector on port 8009 -->
- <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" URIEncoding="UTF-8" />
-
-
- <!-- An Engine represents the entry point (within Catalina) that processes
- every request. The Engine implementation for Tomcat stand alone
- analyzes the HTTP headers included with the request, and passes them
- on to the appropriate Host (virtual host).
- Documentation at /docs/config/engine.html -->
-
- <!-- You should set jvmRoute to support load-balancing via AJP ie :
- <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
- -->
- <Engine name="Catalina" defaultHost="localhost">
-
- <!--For clustering, please take a look at documentation at:
- /docs/cluster-howto.html (simple how to)
- /docs/config/cluster.html (reference documentation) -->
- <!--
- <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
- -->
-
- <!-- Use the LockOutRealm to prevent attempts to guess user passwords
- via a brute-force attack -->
- <Realm className="org.apache.catalina.realm.LockOutRealm">
- <!-- This Realm uses the UserDatabase configured in the global JNDI
- resources under the key "UserDatabase". Any edits
- that are performed against this UserDatabase are immediately
- available for use by the Realm. -->
- <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
- resourceName="UserDatabase"/>
- </Realm>
-
- <Host name="localhost" appBase="webapps"
- unpackWARs="true" autoDeploy="true">
-
- <!-- SingleSignOn valve, share authentication between web applications
- Documentation at: /docs/config/valve.html -->
- <!--
- <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
- -->
-
- <!-- Access log processes all example.
- Documentation at: /docs/config/valve.html
- Note: The pattern used is equivalent to using pattern="common" -->
- <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
- prefix="localhost_access_log" suffix=".txt"
- pattern="%h %l %u %t "%r" %s %b" />
-
- </Host>
- </Engine>
- </Service>
-</Server>
\ No newline at end of file
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<!-- Note: A "Server" is not itself a "Container", so you may not
+ define subcomponents such as "Valves" at this level.
+ Documentation at /docs/config/server.html
+ -->
+<Server port="8005" shutdown="SHUTDOWN">
+ <!-- TomEE plugin for Tomcat -->
+ <Listener className="org.apache.tomee.catalina.ServerListener" />
+ <Listener className="org.apache.catalina.startup.VersionLoggerListener" />
+ <!-- Security listener. Documentation at /docs/config/listeners.html
+ <Listener className="org.apache.catalina.security.SecurityListener" />
+ -->
+ <!--APR library loader. Documentation at /docs/apr.html -->
+ <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
+ <!-- Prevent memory leaks due to use of particular java/javax APIs-->
+ <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
+ <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
+ <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
+
+ <!-- Global JNDI resources
+ Documentation at /docs/jndi-resources-howto.html
+ -->
+ <GlobalNamingResources>
+ <!-- Editable user database that can also be used by
+ UserDatabaseRealm to authenticate users
+ -->
+ <Resource name="UserDatabase" auth="Container"
+ type="org.apache.catalina.UserDatabase"
+ description="User database that can be updated and saved"
+ factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
+ pathname="conf/tomcat-users.xml" />
+ </GlobalNamingResources>
+
+ <!-- A "Service" is a collection of one or more "Connectors" that share
+ a single "Container" Note: A "Service" is not itself a "Container",
+ so you may not define subcomponents such as "Valves" at this level.
+ Documentation at /docs/config/service.html
+ -->
+ <Service name="Catalina">
+
+ <!--The connectors can use a shared executor, you can define one or more named thread pools-->
+ <!--
+ <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
+ maxThreads="150" minSpareThreads="4"/>
+ -->
+
+
+ <!-- A "Connector" represents an endpoint by which requests are received
+ and responses are returned. Documentation at :
+ Java HTTP Connector: /docs/config/http.html
+ Java AJP Connector: /docs/config/ajp.html
+ APR (HTTP/AJP) Connector: /docs/apr.html
+ Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
+ -->
+ <Connector port="8080" protocol="HTTP/1.1"
+ connectionTimeout="20000"
+ redirectPort="8443" xpoweredBy="false" server="Apache TomEE" />
+ <!-- A "Connector" using the shared thread pool-->
+ <!--
+ <Connector executor="tomcatThreadPool"
+ port="8080" protocol="HTTP/1.1"
+ connectionTimeout="20000"
+ redirectPort="8443" />
+ -->
+ <!-- Define an SSL/TLS HTTP/1.1 Connector on port 8443
+ This connector uses the NIO implementation. The default
+ SSLImplementation will depend on the presence of the APR/native
+ library and the useOpenSSL attribute of the
+ AprLifecycleListener.
+ Either JSSE or OpenSSL style configuration may be used regardless of
+ the SSLImplementation selected. JSSE style configuration is used below.
+ -->
+ <!--
+ <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
+ maxThreads="150" SSLEnabled="true">
+ <SSLHostConfig>
+ <Certificate certificateKeystoreFile="conf/localhost-rsa.jks"
+ type="RSA" xpoweredBy="false" server="Apache TomEE" />
+ </SSLHostConfig>
+ </Connector>
+ -->
+ <!-- Define an SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2
+ This connector uses the APR/native implementation which always uses
+ OpenSSL for TLS.
+ Either JSSE or OpenSSL style configuration may be used. OpenSSL style
+ configuration is used below.
+ -->
+ <!--
+ <Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol"
+ maxThreads="150" SSLEnabled="true" >
+ <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" xpoweredBy="false" server="Apache TomEE" />
+ <SSLHostConfig>
+ <Certificate certificateKeyFile="conf/localhost-rsa-key.pem"
+ certificateFile="conf/localhost-rsa-cert.pem"
+ certificateChainFile="conf/localhost-rsa-chain.pem"
+ type="RSA" />
+ </SSLHostConfig>
+ </Connector>
+ -->
+
+ <!-- Define an AJP 1.3 Connector on port 8009 -->
+ <Connector secure="true" scheme="https" URIEncoding="UTF-8" tomcatAuthentication="false" port="8009" protocol="AJP/1.3" redirectPort="8443" />
+
+
+ <!-- An Engine represents the entry point (within Catalina) that processes
+ every request. The Engine implementation for Tomcat stand alone
+ analyzes the HTTP headers included with the request, and passes them
+ on to the appropriate Host (virtual host).
+ Documentation at /docs/config/engine.html -->
+
+ <!-- You should set jvmRoute to support load-balancing via AJP ie :
+ <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
+ -->
+ <Engine name="Catalina" defaultHost="localhost">
+
+ <!--For clustering, please take a look at documentation at:
+ /docs/cluster-howto.html (simple how to)
+ /docs/config/cluster.html (reference documentation) -->
+ <!--
+ <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
+ -->
+
+ <!-- Use the LockOutRealm to prevent attempts to guess user passwords
+ via a brute-force attack -->
+ <Realm className="org.apache.catalina.realm.LockOutRealm">
+ <!-- This Realm uses the UserDatabase configured in the global JNDI
+ resources under the key "UserDatabase". Any edits
+ that are performed against this UserDatabase are immediately
+ available for use by the Realm. -->
+ <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
+ resourceName="UserDatabase"/>
+ </Realm>
+
+ <Host name="localhost" appBase="webapps"
+ unpackWARs="true" autoDeploy="true">
+
+ <!-- SingleSignOn valve, share authentication between web applications
+ Documentation at: /docs/config/valve.html -->
+ <!--
+ <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
+ -->
+
+ <!-- Access log processes all example.
+ Documentation at: /docs/config/valve.html
+ Note: The pattern used is equivalent to using pattern="common" -->
+ <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
+ prefix="localhost_access_log" suffix=".txt"
+ pattern="%h %l %u %t "%r" %s %b" />
+
+ </Host>
+ </Engine>
+ </Service>
+</Server>
diff --git a/container_files/tomcat/conf/tomcat-users.xml b/container_files/tomcat/conf/tomcat-users.xml
index cef36cd4..8ee7d63c 100644
--- a/container_files/tomcat/conf/tomcat-users.xml
+++ b/container_files/tomcat/conf/tomcat-users.xml
@@ -1,4 +1,4 @@
-<?xml version="1.0" encoding="UTF-8"?>
+<?xml version='1.0' encoding='utf-8'?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
@@ -20,7 +20,7 @@
xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd"
version="1.0">
<role rolename="grouper_user"/>
-<!--<user username="GrouperSystem" password="XXXXXXXXXX" roles="grouper_user"/> -->
+<!--<user username="GrouperSystem" password="XXXXXXXXXX" roles="grouper_user"/>-->
<!--
NOTE: By default, no user is included in the "manager-gui" role required
to operate the "/manager/html" web application. If you wish to use this app,
@@ -43,4 +43,4 @@
<user username="both" password="<must-be-changed>" roles="tomcat,role1"/>
<user username="role1" password="<must-be-changed>" roles="role1"/>
-->
-</tomcat-users>
\ No newline at end of file
+</tomcat-users>
diff --git a/container_files/tomee/bin/setenv.sh b/container_files/tomee/bin/setenv.sh
deleted file mode 100755
index 2387d613..00000000
--- a/container_files/tomee/bin/setenv.sh
+++ /dev/null
@@ -1,3 +0,0 @@
-CLASSPATH=/opt/tomee/bin/*
-JAVA_OPTS="-Dlog4j.configurationFile=/opt/tomee/conf/log4j2.xml -DENV=$ENV -DUSERTOKEN=$USERTOKEN"
-LOGGING_MANAGER=-Djava.util.logging.manager=org.apache.logging.log4j.jul.LogManager
\ No newline at end of file
diff --git a/container_files/tomee/conf/log4j2.xml b/container_files/tomee/conf/log4j2.xml
deleted file mode 100644
index a4bbc1b5..00000000
--- a/container_files/tomee/conf/log4j2.xml
+++ /dev/null
@@ -1,26 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Configuration status="info">
- <Properties>
- <Property name="layout">%d [%t] %-5p %c- %m%n</Property>
- </Properties>
- <Appenders>
- <File name="CATALINA"
- fileName="/tmp/logpipe">
- <PatternLayout pattern="tomee;catalina.out;${env:ENV};${env:USERTOKEN};${layout}"/>
- </File>
- <File name="LOCALHOST"
- fileName="/tmp/logpipe">
- <PatternLayout pattern="tomee;localhost.log;${env:ENV};${env:USERTOKEN};${layout}"/>
- </File>
-
- </Appenders>
- <Loggers>
- <Root level="info">
- <AppenderRef ref="CATALINA"/>
- </Root>
- <Logger name="org.apache.catalina.core.ContainerBase.[Catalina].[localhost]"
- level="info" additivity="false">
- <AppenderRef ref="LOCALHOST"/>
- </Logger>
- </Loggers>
-</Configuration>
\ No newline at end of file
diff --git a/container_files/tomee/conf/tomcat-users.xml b/container_files/tomee/conf/tomcat-users.xml
deleted file mode 100644
index f1484fc2..00000000
--- a/container_files/tomee/conf/tomcat-users.xml
+++ /dev/null
@@ -1,51 +0,0 @@
-<?xml version='1.0' encoding='utf-8'?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
--->
-<tomcat-users xmlns="http://tomcat.apache.org/xml"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd"
- version="1.0">
-<role rolename="grouper_user"/>
-<!--<user username="GrouperSystem" password="XXXXXXXXXX" roles="grouper_user"/>-->
-<!--
- NOTE: By default, no user is included in the "manager-gui" role required
- to operate the "/manager/html" web application. If you wish to use this app,
- you must define such a user - the username and password are arbitrary. It is
- strongly recommended that you do NOT use one of the users in the commented out
- section below since they are intended for use with the examples web
- application.
--->
-<!--
- NOTE: The sample user and role entries below are intended for use with the
- examples web application. They are wrapped in a comment and thus are ignored
- when reading this file. If you wish to configure these users for use with the
- examples web application, do not forget to remove the <!.. ..> that surrounds
- them. You will also need to set the passwords to something appropriate.
--->
-<!--
- <role rolename="tomcat"/>
- <role rolename="role1"/>
- <user username="tomcat" password="<must-be-changed>" roles="tomcat"/>
- <user username="both" password="<must-be-changed>" roles="tomcat,role1"/>
- <user username="role1" password="<must-be-changed>" roles="role1"/>
--->
- <!-- Activate those lines to get access to TomEE GUI -->
- <!--
- <role rolename="tomee-admin" />
- <user username="tomee" password="tomee" roles="tomee-admin,manager-gui" />
- -->
-</tomcat-users>
\ No newline at end of file
diff --git a/container_files/ui/classes/grouper-ui.properties b/container_files/ui/classes/grouper-ui.properties
deleted file mode 100644
index 80fbee1e..00000000
--- a/container_files/ui/classes/grouper-ui.properties
+++ /dev/null
@@ -1,12 +0,0 @@
-#
-# Grouper UI configuration
-# $Id: grouper.client.example.properties,v 1.24 2009-12-30 04:23:02 mchyzer Exp $
-#
-
-# The grouper-ui.properties uses Grouper Configuration Overlays (documented on wiki)
-# By default the configuration is read from grouper-ui.base.properties
-# (which should not be edited), and the grouper-ui.properties overlays
-# the base settings. See the grouper-ui.base.properties for the possible
-# settings that can be applied to the grouper-ui.properties
-
-grouperUi.logout.redirectToUrl=/Shibboleth.sso/Logout
\ No newline at end of file
diff --git a/container_files/ui/classes/log4j.properties b/container_files/ui/classes/log4j.properties
deleted file mode 100644
index 12e5eff8..00000000
--- a/container_files/ui/classes/log4j.properties
+++ /dev/null
@@ -1,144 +0,0 @@
-
-#
-# Copyright 2014 Internet2
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-#/opt/grouper/2.3.0/grouper.apiBinary-2.3.0/ will be substituted with the System property "grouper.home", which must have a trailing \ or /
-# depending on your OS. Of course you can use absolute paths if you prefer
-
-
-#
-# log4j Configuration
-# $Id: log4j.example.properties,v 1.13 2009-12-18 13:56:51 tzeller Exp $
-#
-
-# Appenders
-
-## Grouper API event logging
-log4j.appender.grouper_event = org.apache.log4j.FileAppender
-log4j.appender.grouper_event.file = /tmp/logpipe
-log4j.appender.grouper_event.append = true
-log4j.appender.grouper_event.layout = org.apache.log4j.PatternLayout
-log4j.appender.grouper_event.layout.ConversionPattern = grouper-ui;grouper_event.log;${ENV};${USERTOKEN};%d{ISO8601}: [%t] %-5p %C{1}.%M(%L) - %x - %m%n
-
-## Grouper API error logging
-log4j.appender.grouper_error = org.apache.log4j.FileAppender
-log4j.appender.grouper_error.file = /tmp/logpipe
-log4j.appender.grouper_errot.append = true
-log4j.appender.grouper_error.layout = org.apache.log4j.PatternLayout
-log4j.appender.grouper_error.layout.ConversionPattern = grouper-ui;grouper_error.log;${ENV};${USERTOKEN};%d{ISO8601}: [%t] %-5p %C{1}.%M(%L) - %x - %m%n
-#log4j.appender.grouper_error.layout.ConversionPattern = %d{ISO8601}: %m%n
-
-# Debug logging (Or: logging that I haven't cleaned up yet to send elsewhere)
-log4j.appender.grouper_debug = org.apache.log4j.FileAppender
-log4j.appender.grouper_debug.file = /tmp/logpipe
-log4j.appender.grouper_debug.append = true
-log4j.appender.grouper_debug.layout = org.apache.log4j.PatternLayout
-#log4j.appender.grouper_debug.layout.ConversionPattern = %d{ISO8601} %5p %c{2}: %m%n
-log4j.appender.grouper_debug.layout.ConversionPattern = grouper-ui;grouper_debug.log;${ENV};${USERTOKEN};%d{ISO8601}: [%t] %-5p %C{1}.%M(%L) - %x - %m%n
-
-## Benchmark logging
-log4j.appender.grouper_gb = org.apache.log4j.FileAppender
-log4j.appender.grouper_gb.file = /tmp/logpipe
-log4j.appender.grouper_gb.append = true
-log4j.appender.grouper_gb.layout = org.apache.log4j.PatternLayout
-#log4j.appender.grouper_gb.layout.ConversionPattern = %d{ISO8601} %5p %c{2}: %m%n
-log4j.appender.grouper_gb.layout.ConversionPattern = grouper-ui;grouper_bench.log;${ENV};${USERTOKEN};%d{ISO8601}: [%t] %-5p %C{1}.%M(%L) - %x - %m%n
-
-# Loggers
-
-## Default logger; will log *everything*
-log4j.rootLogger = ERROR, grouper_error
-
-## All Internet2 (warn to grouper_error per default logger)
-log4j.logger.edu.internet2.middleware = WARN
-
-
-# Provisioning : PSP (version 2.1+)
-log4j.logger.edu.internet2.middleware.psp = INFO
-
-# Provisioning : vt-ldap
-# log4j.logger.edu.vt.middleware.ldap = INFO
-
-# Provisioning : Grouper plugin to Shibboleth attribute resolver
-# log4j.logger.edu.internet2.middleware.grouper.shibboleth = INFO
-
-
-# For more precise (or verbose) logging, enable one or more of the
-# following logging directives. To remove duplicate entries, just change the
-# level, and not where to send the logs
-# http://robertmarkbramprogrammer.blogspot.com/2007/06/log4j-duplicate-lines-in-output.html
-
-## Grouper Event Logging
-## * Logs at _info_ only
-log4j.logger.edu.internet2.middleware.grouper.log.EventLog = INFO, grouper_event
-log4j.logger.edu.internet2.middleware.grouper.RegistryInstall = INFO, grouper_event
-
-## Grouper Error Logging
-## * Logs at _warn_, _fatal_ and _error_ only (by default this is WARN due to internet2 below)
-#log4j.logger.edu.internet2.middleware.grouper = WARN, grouper_error
-
-## Grouper Debug Logging
-## * NOTE: There is currently VERY LITTLE (useful) information sent to this.
-## * Logs at _info_ only currently
-#log4j.logger.edu.internet2.middleware.grouper = INFO, grouper_debug
-
-## Grouper XML Export + Import Logging
-## TODO Integrate with normal logging
-log4j.logger.edu.internet2.middleware.grouper.xml.XmlExporter = INFO, grouper_event
-log4j.logger.edu.internet2.middleware.grouper.xml.XmlImporter = INFO, grouper_event
-
-## Grouper Benchmark Logging
-log4j.logger.edu.internet2.middleware.grouper.bench = INFO, grouper_gb
-
-## Grouper script to add missing group sets
-log4j.logger.edu.internet2.middleware.grouper.misc.AddMissingGroupSets = INFO, grouper_event
-
-## Grouper Sync Point in Time Tables
-log4j.logger.edu.internet2.middleware.grouper.misc.SyncPITTables = INFO, grouper_event
-
-## Grouper Sync Stem Set Table
-log4j.logger.edu.internet2.middleware.grouper.misc.SyncStemSets = INFO, grouper_event
-
-## Grouper Migrate Legacy Attributes
-log4j.logger.edu.internet2.middleware.grouper.misc.MigrateLegacyAttributes = INFO, grouper_event
-
-### Subject API
-#log4j.logger.edu.internet2.middleware.subject = ERROR, grouper_error
-#log4j.logger.edu.internet2.middleware.subject.provider = ERROR, grouper_error
-### Hibernate
-#log4j.logger.org.hibernate = ERROR, grouper_error
-### ehcache
-#log4j.logger.net.sf.ehcache = ERROR, grouper_error
-### Spring
-#log4j.logger.org.springframework = ERROR, grouper_error
-
-## Grouper Stress Testing
-log4j.logger.edu.internet2.middleware.grouper.stress = INFO, grouper_debug
-
-
-#######################################################
-##Optional settings for debug logs
-#######################################################
-
-## Hooks debug info
-#log4j.logger.edu.internet2.middleware.grouper.hooks.examples.GroupTypeTupleIncludeExcludeHook = DEBUG
-#log4j.logger.edu.internet2.middleware.grouper.Group = DEBUG
-
-#log4j.logger.edu.internet2.middleware.grouper.hooks.examples.GroupTypeSecurityHook = DEBUG
-
-
-# added by grouper-installer
-log4j.logger.org.apache.tools.ant = WARN
diff --git a/container_files/ui/web.xml b/container_files/ui/web.xml
deleted file mode 100644
index f3aa302f..00000000
--- a/container_files/ui/web.xml
+++ /dev/null
@@ -1,89 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<web-app xmlns:j2ee="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
- version="2.4">
- <filter>
- <filter-name>GrouperUi</filter-name>
- <filter-class>edu.internet2.middleware.grouper.ui.GrouperUiFilter</filter-class>
- </filter>
- <filter>
- <filter-name>CSRFGuard</filter-name>
- <filter-class>org.owasp.csrfguard.CsrfGuardFilter</filter-class>
- </filter>
- <filter-mapping>
- <filter-name>GrouperUi</filter-name>
- <url-pattern>*.jsp</url-pattern>
- </filter-mapping>
- <filter-mapping>
- <filter-name>GrouperUi</filter-name>
- <url-pattern>/grouperUi/app/*</url-pattern>
- </filter-mapping>
- <filter-mapping>
- <filter-name>GrouperUi</filter-name>
- <url-pattern>/grouperUi/appHtml/*</url-pattern>
- </filter-mapping>
- <filter-mapping>
- <filter-name>GrouperUi</filter-name>
- <url-pattern>/grouperExternal/app/*</url-pattern>
- </filter-mapping>
- <filter-mapping>
- <filter-name>GrouperUi</filter-name>
- <url-pattern>/grouperExternal/public/UiV2Public.index</url-pattern>
- </filter-mapping>
- <filter-mapping>
- <filter-name>GrouperUi</filter-name>
- <url-pattern>/grouperExternal/public/UiV2Public.postIndex</url-pattern>
- </filter-mapping>
- <filter-mapping>
- <filter-name>CSRFGuard</filter-name>
- <url-pattern>/*</url-pattern>
- </filter-mapping>
- <listener>
- <listener-class>edu.internet2.middleware.grouper.ui.GrouperSessionAttributeListener</listener-class>
- </listener>
- <listener>
- <listener-class>org.owasp.csrfguard.CsrfGuardServletContextListener</listener-class>
- </listener>
- <listener>
- <listener-class>org.owasp.csrfguard.CsrfGuardHttpSessionListener</listener-class>
- </listener>
- <servlet>
- <servlet-name>StatusServlet</servlet-name>
- <display-name>Status Servlet</display-name>
- <servlet-class>edu.internet2.middleware.grouper.j2ee.status.GrouperStatusServlet</servlet-class>
- <load-on-startup>1</load-on-startup>
- </servlet>
- <servlet>
- <servlet-name>UiServlet</servlet-name>
- <servlet-class>edu.internet2.middleware.grouper.j2ee.GrouperUiRestServlet</servlet-class>
- <load-on-startup>1</load-on-startup>
- </servlet>
- <servlet>
- <servlet-name>OwaspJavaScriptServlet</servlet-name>
- <servlet-class>org.owasp.csrfguard.servlet.JavaScriptServlet</servlet-class>
- </servlet>
- <servlet-mapping>
- <servlet-name>StatusServlet</servlet-name>
- <url-pattern>/status</url-pattern>
- </servlet-mapping>
- <servlet-mapping>
- <servlet-name>UiServlet</servlet-name>
- <url-pattern>/grouperUi/app/*</url-pattern>
- </servlet-mapping>
- <servlet-mapping>
- <servlet-name>UiServlet</servlet-name>
- <url-pattern>/grouperExternal/app/*</url-pattern>
- </servlet-mapping>
- <servlet-mapping>
- <servlet-name>UiServlet</servlet-name>
- <url-pattern>/grouperExternal/public/UiV2Public.index</url-pattern>
- </servlet-mapping>
- <servlet-mapping>
- <servlet-name>UiServlet</servlet-name>
- <url-pattern>/grouperExternal/public/UiV2Public.postIndex</url-pattern>
- </servlet-mapping>
- <servlet-mapping>
- <servlet-name>OwaspJavaScriptServlet</servlet-name>
- <url-pattern>/grouperExternal/public/OwaspJavaScriptServlet</url-pattern>
- </servlet-mapping>
-</web-app>
diff --git a/container_files/usr-local-bin/changeGid.sh b/container_files/usr-local-bin/changeGid.sh
new file mode 100755
index 00000000..6d55d94d
--- /dev/null
+++ b/container_files/usr-local-bin/changeGid.sh
@@ -0,0 +1,18 @@
+#!/bin/bash
+
+if [[ $EUID -ne 0 ]]; then
+ echo "grouperContainer; ERROR: (changeGid.sh) This script must be run as root"
+ exit 1
+fi
+if [ "$#" -ne 2 ]; then
+ echo "grouperContainer; ERROR: (changeGid.sh) You must enter exactly 2 command line arguments: groupname, and gid to change to"
+ exit 1
+fi
+groupname=$1
+newGid=$2
+getentOutput="$(getent group "$groupname")"
+oldGid="$( echo "$getentOutput" |cut -d\: -f3 )"
+groupmod -g "$newGid" "$groupname"
+echo "grouperContainer; INFO: (changeGid.sh) groupmod -g \"$newGid\" \"$groupname\" , result: $?"
+find / -xdev -group "$oldGid" -exec chgrp -h "$groupname" {} \;
+echo "grouperContainer; INFO: (changeGid.sh) find / -xdev -group \"$oldGid\" -exec chgrp -h \"$groupname\" {} \; , result: $?"
diff --git a/container_files/usr-local-bin/changeUid.sh b/container_files/usr-local-bin/changeUid.sh
new file mode 100755
index 00000000..2dcf8a83
--- /dev/null
+++ b/container_files/usr-local-bin/changeUid.sh
@@ -0,0 +1,17 @@
+#!/bin/bash
+
+if [[ $EUID -ne 0 ]]; then
+ echo "grouperContainer; ERROR: (changeUid.sh) This script must be run as root"
+ exit 1
+fi
+if [ "$#" -ne 2 ]; then
+ echo "grouperContainer; ERROR: (changeUid.sh) You must enter exactly 2 command line arguments: username, and uid to change to"
+ exit 1
+fi
+username=$1
+newUid=$2
+oldUid="$(id -u "$username")"
+usermod -u "$newUid" "$username"
+echo "grouperContainer; INFO: (changeUid.sh) usermod -u \"$newUid\" \"$username\" , result: $?"
+find / -xdev -user "$oldUid" -exec chown -h "$username" {} \;
+echo "grouperContainer; INFO: (changeUid.sh) find / -xdev -user \"$oldUid\" -exec chown -h \"$username\" {} \; , result: $?"
diff --git a/container_files/usr-local-bin/daemon b/container_files/usr-local-bin/daemon
index da40d1e6..aef7603f 100755
--- a/container_files/usr-local-bin/daemon
+++ b/container_files/usr-local-bin/daemon
@@ -1,9 +1,7 @@
#!/bin/bash
-. /usr/local/bin/library.sh
+prep_daemon
+prep_finish
+setupFiles
-prepDaemon
-
-export GSH_JVMARGS="$GSH_JVMARGS -DENV=$ENV -DUSERTOKEN=$USERTOKEN"
-
-exec bin/gsh -loader > /tmp/loggrouper
+runCommand
\ No newline at end of file
diff --git a/container_files/usr-local-bin/entrypoint.sh b/container_files/usr-local-bin/entrypoint.sh
index 83e985d6..ba8842cb 100755
--- a/container_files/usr-local-bin/entrypoint.sh
+++ b/container_files/usr-local-bin/entrypoint.sh
@@ -1,6 +1,37 @@
-#!/bin/sh
+#!/bin/bash
. /usr/local/bin/library.sh
-prepConf
+prep_conf
+
+if [ "$#" -eq 0 ];
+ then
+ echo "grouperContainer; INFO: (entrypoint.sh) No component set to run"
+ prep_finish
+ setupFiles
+ runCommand
+else
+
+# echo "$@"
+
+# argc=$#
+# argv=("$@")
+
+ GROUPER_ENTRYPOINT_COMMAND=$1
+ shift
+
+# for (( j=1; j<argc; j++ )); do
+# if [ -n "$ARGUMENTS" ]; then
+# ARGUMENTS="$ARGUMENTS "
+# fi
+# ARGUMENTS="$ARGUMENTS${argv[j]}"
+# done
+
+ if [ "$GROUPER_ENTRYPOINT_COMMAND" = "/opt/grouper/grouperWebapp/WEB-INF/bin/gsh.sh" ]
+ then
+ GROUPER_ENTRYPOINT_COMMAND=gsh
+ fi
+
+ echo "grouperContainer; INFO: (entrypoint.sh) Executing $GROUPER_ENTRYPOINT_COMMAND $@"
+ exec "$GROUPER_ENTRYPOINT_COMMAND" "$@"
+fi
-exec "$@"
\ No newline at end of file
diff --git a/container_files/usr-local-bin/grouperScriptHooks.sh b/container_files/usr-local-bin/grouperScriptHooks.sh
new file mode 100644
index 00000000..3b0508b7
--- /dev/null
+++ b/container_files/usr-local-bin/grouperScriptHooks.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+
+# Overlay this file with implementations of functions from grouperScriptHooksBase.sh
+# dont forget to export -f your functions after implementing them like in the base file
+
+
diff --git a/container_files/usr-local-bin/grouperScriptHooksBase.sh b/container_files/usr-local-bin/grouperScriptHooksBase.sh
new file mode 100644
index 00000000..1a088143
--- /dev/null
+++ b/container_files/usr-local-bin/grouperScriptHooksBase.sh
@@ -0,0 +1,57 @@
+#!/bin/bash
+
+### DO NOT EDIT OR OVERLAY THIS FILE
+# These definitions are here to define the functions.
+# You can overlay the grouperScriptHooks.sh file with any definitions of these functions
+
+# called at the beginning of the container startup
+# after logging is setup
+grouperScriptHooks_prepConfPost() {
+ return
+}
+
+# called after the component command has been prepped
+grouperScriptHooks_prepComponentPost() {
+ return
+}
+
+# called after the finishPrep is called before the setupFiles
+grouperScriptHooks_finishPrepPost() {
+ return
+}
+
+# called after the setupFiles functions is called, almost before the process starts
+grouperScriptHooks_setupFilesPost() {
+ return
+}
+
+# called after the chown at end of setupFiles, right before the process starts
+grouperScriptHooks_setupFilesPostChown() {
+ return
+}
+
+grouperScriptHooks_unsetAll() {
+
+ unset -f grouperScriptHooks_finishPrepPost
+ unset -f grouperScriptHooks_prepComponentPost
+ unset -f grouperScriptHooks_prepConfPost
+ unset -f grouperScriptHooks_setupFilesPost
+ unset -f grouperScriptHooks_setupFilesPostChown
+ unset -f grouperScriptHooks_unsetAll
+ unset -f grouperScriptHooks_exportAll
+}
+
+grouperScriptHooks_exportAll() {
+
+ export -f grouperScriptHooks_finishPrepPost
+ export -f grouperScriptHooks_prepComponentPost
+ export -f grouperScriptHooks_prepConfPost
+ export -f grouperScriptHooks_setupFilesPost
+ export -f grouperScriptHooks_setupFilesPostChown
+ export -f grouperScriptHooks_unsetAll
+ export -f grouperScriptHooks_exportAll
+}
+
+# export everything
+grouperScriptHooks_exportAll
+
diff --git a/container_files/usr-local-bin/grouperTestFileExist.sh b/container_files/usr-local-bin/grouperTestFileExist.sh
new file mode 100755
index 00000000..68757a56
--- /dev/null
+++ b/container_files/usr-local-bin/grouperTestFileExist.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+
+if [ "$#" -ne 1 ]; then
+ echo "You must enter exactly 1 argument: the file name"
+ exit 1
+fi
+
+if [ -f "$1" ]; then
+ echo "exists"
+fi
\ No newline at end of file
diff --git a/container_files/usr-local-bin/grouperTestPrintEnv.sh b/container_files/usr-local-bin/grouperTestPrintEnv.sh
new file mode 100755
index 00000000..90460495
--- /dev/null
+++ b/container_files/usr-local-bin/grouperTestPrintEnv.sh
@@ -0,0 +1,11 @@
+#!/bin/bash
+
+if [ "$#" -ne 1 ]; then
+ echo "You must enter exactly 1 argument: the env var name"
+ exit 1
+fi
+
+. /etc/bashrc
+. ~/.bashrc
+
+printenv $1
\ No newline at end of file
diff --git a/container_files/usr-local-bin/gsh b/container_files/usr-local-bin/gsh
index e65979ab..a9826835 100755
--- a/container_files/usr-local-bin/gsh
+++ b/container_files/usr-local-bin/gsh
@@ -1,9 +1,22 @@
#!/bin/bash
-. /usr/local/bin/library.sh
-
-prepDaemon
+prep_daemon
+prep_finish
+setupFiles
+runCommand_unsetAll
export GSH_JVMARGS="$GSH_JVMARGS -DENV=$ENV -DUSERTOKEN=$USERTOKEN"
-exec bin/gsh "$@" | tee /tmp/loggrouper
+# capture result of gsh, not tee
+set -o pipefail
+
+# openshift cannot do whoami
+if [ "$GROUPER_GSH_CHECK_USER" = "true" ] && [ "$GROUPER_GSH_USER" != "$(whoami)" ]
+ then
+ echo "grouperContainer; INFO: (gsh file) sudo --preserve-env -u tomcat bin/gsh.sh \"$@\" | tee /tmp/loggrouper"
+ sudo --preserve-env -u tomcat bin/gsh.sh "$@" | tee /tmp/loggrouper
+ else
+ echo "grouperContainer; INFO: (gsh file) bin/gsh.sh \"$@\" | tee /tmp/loggrouper"
+ exec bin/gsh.sh "$@" | tee /tmp/loggrouper
+fi
+
diff --git a/container_files/usr-local-bin/library.sh b/container_files/usr-local-bin/library.sh
index 5d3790af..37413651 100755
--- a/container_files/usr-local-bin/library.sh
+++ b/container_files/usr-local-bin/library.sh
@@ -1,149 +1,35 @@
-#!/bin/sh
+#!/bin/bash
+
+echo "grouperContainer; INFO: (library.sh) Start loading library.sh"
+#dos2unix /usr/local/bin/library*.sh
+#echo "grouperContainer; INFO: (library.sh) dos2unix /usr/local/bin/library*.sh , result=$?"
+#dos2unix /usr/local/bin/grouper*.sh
+#echo "grouperContainer; INFO: (library.sh) dos2unix /usr/local/bin/grouper*.sh , result=$?"
+#for f in /usr/local/bin/library*.sh /usr/local/bin/grouper*.sh; do
+# TFILE=$(mktemp) && dos2unix -q -n $f $TFILE && cat $TFILE > $f
+# echo "grouperContainer; INFO: (library.sh) dos2unix $f, result=$?"
+# rm $TFILE
+#done
+
+. /usr/local/bin/libraryPrep.sh
+. /usr/local/bin/libraryPrepOnly.sh
+. /usr/local/bin/libraryRunCommand.sh
+. /usr/local/bin/librarySetupFiles.sh
+. /usr/local/bin/librarySetupFilesForComponent.sh
+. /usr/local/bin/librarySetupFilesTomcat.sh
+
+# base definitions of hooks
+. /usr/local/bin/grouperScriptHooksBase.sh
+
+# need this before the copy happens
+if [ -f /opt/grouper/slashRoot/usr/local/bin/grouperScriptHooks.sh ] ; then
+ cp /opt/grouper/slashRoot/usr/local/bin/grouperScriptHooks.sh /usr/local/bin/grouperScriptHooks.sh
+ returnCode=$?
+ echo "grouperContainer; INFO: (library.sh) cp /opt/grouper/slashRoot/usr/local/bin/grouperScriptHooks.sh /usr/local/bin/grouperScriptHooks.sh, result=$returnCode"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+fi
+# implementations of custom hooks
+. /usr/local/bin/grouperScriptHooks.sh
+
+echo "grouperContainer; INFO: (library.sh) End loading library.sh"
-setupPipe() {
- if [ -e $1 ]; then
- rm $1
- fi
- mkfifo -m 666 $1
-}
-
-setupLoggingPipe() {
- # Make a "console" logging pipe that anyone can write too regardless of who owns the process.
- setupPipe /tmp/logpipe
- cat <> /tmp/logpipe &
-}
-
-# Make loggers pipes for the supervisord connected apps' console, so that we can prepend the streams.
-setupGrouperLogPipe() {
- setupPipe /tmp/loggrouper
- (cat <> /tmp/loggrouper | awk -v ENV="$ENV" -v UT="$USERTOKEN" '{printf "grouper;console;%s;%s;%s\n", ENV, UT, $0; fflush()}' &>/tmp/logpipe) &
-}
-
-setupHttpdLogPipe() {
- setupPipe /tmp/loghttpd
- (cat <> /tmp/loghttpd | awk -v ENV="$ENV" -v UT="$USERTOKEN" '{printf "httpd;console;%s;%s;%s\n", ENV, UT, $0; fflush()}' &>/tmp/logpipe) &
-}
-
-setupShibdLogPipe() {
- setupPipe /tmp/logshibd
- (cat <> /tmp/logshibd | awk -v ENV="$ENV" -v UT="$USERTOKEN" '{printf "shibd;console;%s;%s;%s", ENV, UT, $0; fflush()}' &>/tmp/logpipe) &
-}
-
-setupTomcatLogPipe() {
- setupPipe /tmp/logtomcat
- (cat <> /tmp/logtomcat | awk -v ENV="$ENV" -v UT="$USERTOKEN" '{printf "tomcat;console;%s;%s;%s\n", ENV, UT, $0; fflush()}' &>/tmp/logpipe) &
-}
-
-setupSupervisordLogPipe() {
- setupPipe /tmp/logsuperd
- (cat <> /tmp/logsuperd | awk -v ENV="$ENV" -v UT="$USERTOKEN" '{printf "supervisord;console;%s;%s;%s\n", ENV, UT, $0; fflush()}' &>/tmp/logpipe) &
-}
-
-linkGrouperSecrets() {
- for filepath in /run/secrets/*; do
- local label_file=`basename $filepath`
- local file=$(echo $label_file| cut -d'_' -f 2)
-
- if [[ $label_file == grouper_* ]]; then
- ln -sf /run/secrets/$label_file $1/$file
- elif [[ $label_file == shib_* ]]; then
- ln -sf /run/secrets/$label_file /etc/shibboleth/$file
- elif [[ $label_file == httpd_* ]]; then
- ln -sf /run/secrets/$label_file /etc/httpd/conf.d/$file
- elif [ "$label_file" == "host-key.pem" ]; then
- ln -sf /run/secrets/host-key.pem /etc/pki/tls/private/host-key.pem
- fi
- done
-}
-
-prepDaemon() {
- setupLoggingPipe
- setupGrouperLogPipe
-}
-
-prepDaemonConf() {
- local dest=/opt/grouper/grouper.apiBinary
- linkGrouperSecrets $dest/conf
-
- if [ -d "/opt/grouper/conf" ]; then
- cp -r /opt/grouper/conf/* $dest/conf/
- fi
- if [ -d "/opt/grouper/lib" ]; then
- cp -r /opt/grouper/lib/* $dest/lib/custom/
- fi
-}
-
-prepSCIM() {
- setupLoggingPipe
- setupGrouperLogPipe
- setupHttpdLogPipe
- setupTomcatLogPipe
-
-
- cp /opt/tier-support/grouper-ws-scim.xml /opt/tomee/conf/Catalina/localhost/
-}
-
-prepSCIMConf() {
- local dest=/opt/grouper/grouper.scim/WEB-INF
- linkGrouperSecrets $dest/classes
-
- if [ -d "/opt/grouper/conf" ]; then
- cp -r /opt/grouper/conf/* $dest/classes/
- fi
- if [ -d "/opt/grouper/lib" ]; then
- cp -r /opt/grouper/lib/* $dest/lib/
- fi
-}
-
-prepUI() {
- setupLoggingPipe
- setupGrouperLogPipe
- setupHttpdLogPipe
- setupShibdLogPipe
- setupTomcatLogPipe
- setupSupervisordLogPipe
-
- cp /opt/tier-support/grouper.xml /opt/tomcat/conf/Catalina/localhost/
-}
-
-prepUIConf() {
- local dest=/opt/grouper/grouper.ui/WEB-INF
- linkGrouperSecrets $dest/classes
-
- if [ -d "/opt/grouper/conf" ]; then
- cp -r /opt/grouper/conf/* $dest/classes/
- fi
- if [ -d "/opt/grouper/lib" ]; then
- cp -r /opt/grouper/lib/* $dest/lib/
- fi
-}
-
-prepWS() {
- setupLoggingPipe
- setupGrouperLogPipe
- setupHttpdLogPipe
- setupTomcatLogPipe
- setupSupervisordLogPipe
-
- cp /opt/tier-support/grouper-ws.xml /opt/tomcat/conf/Catalina/localhost/
-}
-
-prepWSConf() {
- local dest=/opt/grouper/grouper.ws/WEB-INF
- linkGrouperSecrets $dest/classes
-
- if [ -d "/opt/grouper/conf" ]; then
- cp -r /opt/grouper/conf/* $dest/classes/
- fi
- if [ -d "/opt/grouper/lib" ]; then
- cp -r /opt/grouper/lib/* $dest/lib/
- fi
-}
-
-
-prepConf() {
- prepDaemonConf
- prepSCIMConf
- prepUIConf
- prepWSConf
-}
\ No newline at end of file
diff --git a/container_files/usr-local-bin/libraryPrep.sh b/container_files/usr-local-bin/libraryPrep.sh
new file mode 100644
index 00000000..d57b1e70
--- /dev/null
+++ b/container_files/usr-local-bin/libraryPrep.sh
@@ -0,0 +1,452 @@
+#!/bin/bash
+
+prep_openshift() {
+ if [ "$GROUPER_OPENSHIFT" == 'true' ]; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_openshift) GROUPER_OPENSHIFT is true"
+ if [ -z "$GROUPER_CHOWN_DIRS" ]; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_openshift) export GROUPER_CHOWN_DIRS=false"
+ export GROUPER_CHOWN_DIRS=false
+ fi
+ if [ -z "$GROUPER_GSH_CHECK_USER" ]; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_openshift) export GROUPER_GSH_CHECK_USER=false"
+ export GROUPER_GSH_CHECK_USER=false
+ fi
+ if [ -z "$GROUPER_RUN_PROCESSES_AS_USERS" ]; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_openshift) export GROUPER_RUN_PROCESSES_AS_USERS=false"
+ export GROUPER_RUN_PROCESSES_AS_USERS=false
+ fi
+ fi
+}
+
+prep_quickstart() {
+
+ if [ -z "$GROUPER_SELF_SIGNED_CERT" ] && [ "$GROUPER_OPENSHIFT" != "true" ]; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_quickstart) export GROUPER_SELF_SIGNED_CERT=true"
+ export GROUPER_SELF_SIGNED_CERT=true
+ fi
+ if [ -z "$GROUPER_START_DELAY_SECONDS" ]; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_quickstart) export GROUPER_START_DELAY_SECONDS='10'"
+ export GROUPER_START_DELAY_SECONDS='10'
+ fi
+ if [ -z "$GROUPER_AUTO_DDL_UPTOVERSION" ]; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_quickstart) export GROUPER_AUTO_DDL_UPTOVERSION='v5.*.*'"
+ export GROUPER_AUTO_DDL_UPTOVERSION='v5.*.*'
+ fi
+ if [ -z "$GROUPER_UI_CONFIGURATION_EDITOR_SOURCEIPADDRESSES" ]; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_quickstart) export GROUPER_UI_CONFIGURATION_EDITOR_SOURCEIPADDRESSES='0.0.0.0/0'"
+ export GROUPER_UI_CONFIGURATION_EDITOR_SOURCEIPADDRESSES='0.0.0.0/0'
+ fi
+ # wait for database to start
+ if [ -z "$GROUPER_UI_GROUPER_AUTH" ]; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_quickstart) export GROUPER_UI_GROUPER_AUTH='true'"
+ export GROUPER_UI_GROUPER_AUTH='true'
+ fi
+ if [ -z "$GROUPER_WS_GROUPER_AUTH" ]; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_quickstart) export GROUPER_WS_GROUPER_AUTH='true'"
+ export GROUPER_WS_GROUPER_AUTH='true'
+ fi
+ if [ -z "$GROUPER_QUICKSTART" ]; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_quickstart) export GROUPER_QUICKSTART=true"
+ export GROUPER_QUICKSTART=true
+ fi
+
+}
+
+prep_daemon() {
+
+ if [ -z "$GROUPER_DAEMON" ]; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_daemon) export GROUPER_DAEMON=true"
+ export GROUPER_DAEMON=true
+ fi
+ if [ -z "$GROUPER_RUN_TOMCAT" ]; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_daemon) export GROUPER_RUN_TOMCAT=true"
+ export GROUPER_RUN_TOMCAT=true
+ fi
+}
+
+prep_ui() {
+
+ if [ -z "$GROUPER_UI" ]; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_ui) export GROUPER_UI=true"
+ export GROUPER_UI=true
+ fi
+ if [ -z "$GROUPER_RUN_TOMCAT" ]; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_ui) export GROUPER_RUN_TOMCAT=true"
+ export GROUPER_RUN_TOMCAT=true
+ fi
+}
+
+prep_runUi() {
+ if [ -z "$GROUPER_PROXY_PASS" ]
+ then
+ if [ "$GROUPER_UI" == 'true' ]
+ then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_runUi) export GROUPER_PROXY_PASS="
+ export GROUPER_PROXY_PASS=
+ else
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_runUi) export GROUPER_PROXY_PASS=#"
+ export GROUPER_PROXY_PASS=#
+ fi
+
+ fi
+}
+prep_runWs() {
+ if [ -z "$GROUPERWS_PROXY_PASS" ]
+ then
+ if [ "$GROUPER_WS" == 'true' ]
+ then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_runWs) export GROUPER_PROXY_PASS="
+ export GROUPERWS_PROXY_PASS=
+ else
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_runWs) export GROUPER_PROXY_PASS=#"
+ export GROUPERWS_PROXY_PASS=#
+ fi
+
+ fi
+}
+
+prep_ws() {
+
+ if [ -z "$GROUPER_WS" ]; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_ws) export GROUPER_WS=true"
+ export GROUPER_WS=true
+ fi
+ if [ -z "$GROUPER_RUN_TOMCAT" ]; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_ws) export GROUPER_RUN_TOMCAT=true"
+ export GROUPER_RUN_TOMCAT=true
+ fi
+}
+
+prep_conf() {
+
+ # if we are stopping and starting, we just read the env vars and we done
+ if [ -f /opt/grouper/grouperEnv.sh ]
+ then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_conf) Loading env vars from /opt/grouper/grouperEnv.sh"
+ . /opt/grouper/grouperEnv.sh
+ return
+ fi
+
+ prep_initDeprecatedEnvVars
+ grouperScriptHooks_prepConfPost
+
+}
+
+prep_initDeprecatedEnvVars() {
+
+ if [ ! -z "$RUN_TOMCAT" ] && [ -z "$GROUPER_RUN_TOMCAT" ]
+ then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_initDeprecatedEnvVars) export GROUPER_RUN_TOMCAT=$RUN_TOMCAT"
+ export GROUPER_RUN_TOMCAT="$RUN_TOMCAT"
+ fi
+
+ if [ ! -z "$SELF_SIGNED_CERT" ] && [ -z "$GROUPER_SELF_SIGNED_CERT" ]
+ then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_initDeprecatedEnvVars) export GROUPER_SELF_SIGNED_CERT=$SELF_SIGNED_CERT"
+ export GROUPER_SELF_SIGNED_CERT="$SELF_SIGNED_CERT"
+ fi
+
+}
+
+
+prep_finishBegin() {
+ # default a lot of env variables
+ # morph defaults to null
+ # database password defaults to null
+ prep_openshift
+ if [ -z "$GROUPER_UI_GROUPER_AUTH" ] ; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_UI_GROUPER_AUTH=false"
+ export GROUPER_UI_GROUPER_AUTH=false
+ fi
+ if [ -z "$GROUPER_WS_GROUPER_AUTH" ] ; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_WS_GROUPER_AUTH=false"
+ export GROUPER_WS_GROUPER_AUTH=false
+ fi
+ if [ -z "$GROUPER_UI_CONFIGURATION_EDITOR_SOURCEIPADDRESSES" ]; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_UI_CONFIGURATION_EDITOR_SOURCEIPADDRESSES='127.0.0.1/32'"
+ export GROUPER_UI_CONFIGURATION_EDITOR_SOURCEIPADDRESSES='127.0.0.1/32'
+ fi
+ # GROUPER_AUTO_DDL_UPTOVERSION defaults to null
+ # GROUPER_START_DELAY_SECONDS defaults to null
+ if [ -z "$GROUPER_UI" ] ; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) GROUPER_UI=false"
+ export GROUPER_UI=false
+ fi
+ if [ -z "$GROUPER_WS" ] ; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_WS=false"
+ export GROUPER_WS=false
+ fi
+ if [ -z "$GROUPER_DAEMON" ] ; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_DAEMON=false"
+ export GROUPER_DAEMON=false
+ fi
+ if [ -z "$GROUPER_USE_SSL" ]; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_USE_SSL=true"
+ export GROUPER_USE_SSL=true
+ fi
+ if [ "$GROUPER_USE_SSL" = "true" ]; then
+ if [ -z "$GROUPER_SELF_SIGNED_CERT" ] && [ -z "$GROUPER_SSL_CERT_FILE" ] && [ ! -f /etc/pki/tls/certs/host-cert.pem ] ; then
+
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) GROUPER_SELF_SIGNED_CERT and GROUPER_SSL_CERT_FILE are not specified and /etc/pki/tls/certs/host-cert.pem does not exist, so: export GROUPER_SELF_SIGNED_CERT=true"
+ export GROUPER_SELF_SIGNED_CERT=true
+
+ fi
+ if [ "$GROUPER_SELF_SIGNED_CERT" = "true" ]; then
+
+ # default the cert path to self signed and no chain file
+ if [ -z "$GROUPER_SSL_CERT_FILE" ] ; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_SSL_CERT_FILE=/etc/pki/tls/certs/localhost.crt"
+ export GROUPER_SSL_CERT_FILE=/etc/pki/tls/certs/localhost.crt
+ fi
+ if [ -z "$GROUPER_SSL_KEY_FILE" ] ; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_SSL_KEY_FILE=/etc/pki/tls/private/localhost.key"
+ export GROUPER_SSL_KEY_FILE=/etc/pki/tls/private/localhost.key
+ fi
+ if [ -z "$GROUPER_SSL_CHAIN_FILE" ] && [ -z "$GROUPER_SSL_USE_CHAIN_FILE" ] ; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_SSL_USE_CHAIN_FILE=false"
+ export GROUPER_SSL_USE_CHAIN_FILE=false
+ fi
+
+ fi
+ # default the cert path
+ if [ -z "$GROUPER_SSL_CERT_FILE" ] ; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_SSL_CERT_FILE=/etc/pki/tls/certs/host-cert.pem"
+ export GROUPER_SSL_CERT_FILE=/etc/pki/tls/certs/host-cert.pem
+ fi
+ if [ -z "$GROUPER_SSL_KEY_FILE" ] ; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_SSL_KEY_FILE=/etc/pki/tls/private/host-key.pem"
+ export GROUPER_SSL_KEY_FILE=/etc/pki/tls/private/host-key.pem
+ fi
+ if [ -z "$GROUPER_SSL_CHAIN_FILE" ] ; then
+
+ if [ -f /etc/pki/tls/certs/cachain.pem ]; then
+
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_SSL_USE_CHAIN_FILE=true"
+ export GROUPER_SSL_USE_CHAIN_FILE=true
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_SSL_CHAIN_FILE=/etc/pki/tls/certs/cachain.pem"
+ export GROUPER_SSL_CHAIN_FILE=/etc/pki/tls/certs/cachain.pem
+ else
+
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_SSL_USE_CHAIN_FILE=false"
+ export GROUPER_SSL_USE_CHAIN_FILE=false
+
+ fi
+ fi
+ if [ -z "$GROUPER_SSL_USE_CHAIN_FILE" ] ; then
+
+ if [ -z "$GROUPER_SSL_CHAIN_FILE" ]; then
+
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_SSL_USE_CHAIN_FILE=false"
+ export GROUPER_SSL_USE_CHAIN_FILE=false
+
+ else
+
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_SSL_USE_CHAIN_FILE=true"
+ export GROUPER_SSL_USE_CHAIN_FILE=true
+
+ fi
+
+ fi
+ if [ -z "$GROUPER_SSL_USE_STAPLING" ] ; then
+
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_SSL_USE_STAPLING=true"
+ export GROUPER_SSL_USE_STAPLING=true
+
+ fi
+
+ fi
+ if [ -z "$GROUPER_WEBCLIENT_IS_SSL" ] ; then
+
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_WEBCLIENT_IS_SSL=true (browser or WS client is SSL)"
+ export GROUPER_WEBCLIENT_IS_SSL=true
+
+ fi
+
+ if [ -z "$GROUPER_RUN_PROCESSES_AS_USERS" ]; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_RUN_PROCESSES_AS_USERS=true"
+ export GROUPER_RUN_PROCESSES_AS_USERS=true
+ fi
+
+ # do these before the "only" component
+ if [ -z "$GROUPER_URL_CONTEXT" ] ; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_URL_CONTEXT=grouper"
+ export GROUPER_URL_CONTEXT=grouper
+ fi
+ if [ -z "$GROUPERWS_URL_CONTEXT" ] ; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPERWS_URL_CONTEXT=grouper-ws"
+ export GROUPERWS_URL_CONTEXT=grouper-ws
+ fi
+ if [ -z "$GROUPER_GSH_CHECK_USER" ] ; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_GSH_CHECK_USER=true"
+ export GROUPER_GSH_CHECK_USER=true
+ fi
+ if [ -z "$GROUPER_GSH_USER" ] ; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_GSH_USER=tomcat"
+ export GROUPER_GSH_USER=tomcat
+ fi
+
+ if [ -z "$GROUPER_RUN_TOMCAT_NOT_SUPERVISOR" ]; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_RUN_TOMCAT_NOT_SUPERVISOR=false"
+ export GROUPER_RUN_TOMCAT_NOT_SUPERVISOR=false
+ fi
+ if [ -z "$GROUPER_CHOWN_DIRS" ] ; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_CHOWN_DIRS=true"
+ export GROUPER_CHOWN_DIRS=true
+ fi
+ if [ -z "$GROUPER_TOMCAT_HTTP_PORT" ]; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_TOMCAT_HTTP_PORT=8080"
+ export GROUPER_TOMCAT_HTTP_PORT=8080
+ fi
+ if [ -z "$GROUPER_TOMCAT_MAX_HEADER_COUNT" ]; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_TOMCAT_MAX_HEADER_COUNT=200"
+ export GROUPER_TOMCAT_MAX_HEADER_COUNT=200
+ fi
+ if [ -z "$GROUPER_TOMCAT_AJP_PORT" ]; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_TOMCAT_AJP_PORT=8009"
+ export GROUPER_TOMCAT_AJP_PORT=8009
+ fi
+ if [ -z "$GROUPER_TOMCAT_SHUTDOWN_PORT" ]; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_TOMCAT_SHUTDOWN_PORT=8005"
+ export GROUPER_TOMCAT_SHUTDOWN_PORT=8005
+ fi
+
+ if [ -z "$GROUPER_GSH_JVMARGS" ] ; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_GSH_JVMARGS=\"-Djavax.net.ssl.trustStore=/etc/pki/java/cacerts\""
+ export GROUPER_GSH_JVMARGS="-Djavax.net.ssl.trustStore=/etc/pki/java/cacerts"
+ fi
+
+ #Replace web.xml session timeout with env variable
+ if [[ -z "$GROUPER_TOMCAT_SESSION_TIMEOUT_MINUTES" ]]; then
+ if [[ "$GROUPER_UI" != 'true' ]] && [[ "$GROUPER_WS" = 'true' ]]; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) $ GROUPER_TOMCAT_SESSION_TIMEOUT_MINUTES is not set, export GROUPER_TOMCAT_SESSION_TIMEOUT_MINUTES=1"
+ export GROUPER_TOMCAT_SESSION_TIMEOUT_MINUTES=1
+ else
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) $ GROUPER_TOMCAT_SESSION_TIMEOUT_MINUTES is not set, export GROUPER_TOMCAT_SESSION_TIMEOUT_MINUTES=600 (10 hours)"
+ export GROUPER_TOMCAT_SESSION_TIMEOUT_MINUTES=600
+
+ fi
+ fi
+
+ if [ -z "$GROUPER_LOG_TO_HOST" ] ; then
+ echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_analyzeOriginalFiles) export GROUPER_LOG_TO_HOST=false"
+ export GROUPER_LOG_TO_HOST=false
+ fi
+
+}
+
+prep_finishEnd() {
+
+ # defaults after the "only" part
+ if [ -z "$GROUPER_TOMCAT_CONTEXT" ] ; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishEnd) export GROUPER_TOMCAT_CONTEXT=grouper"
+ export GROUPER_TOMCAT_CONTEXT=grouper
+ fi
+ if [ -z "$GROUPER_LOG_PREFIX" ]; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishEnd) export GROUPER_LOG_PREFIX=grouper"
+ export GROUPER_LOG_PREFIX=grouper
+ fi
+ if [ -z "$GROUPER_MAX_MEMORY" ]; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishEnd) export GROUPER_MAX_MEMORY=1500m"
+ export GROUPER_MAX_MEMORY=1500m
+ fi
+ if [ -z "$GROUPER_CONTEXT_COOKIES" ]; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishEnd) export GROUPER_CONTEXT_COOKIES=true"
+ export GROUPER_CONTEXT_COOKIES=true
+ fi
+ if [ -z "$GROUPER_PUT_JAVA_HOME_IN_BASHRC" ]; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishEnd) export GROUPER_PUT_JAVA_HOME_IN_BASHRC=true"
+ export GROUPER_PUT_JAVA_HOME_IN_BASHRC=true
+ fi
+ if [ -z "$GROUPER_JAVA_HOME" ]; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishEnd) export GROUPER_JAVA_HOME=/usr/lib/jvm/java-17-amazon-corretto"
+ export GROUPER_JAVA_HOME=/usr/lib/jvm/java-17-amazon-corretto
+ fi
+ if [ -z "$GROUPER_TOMCAT_LOG_ACCESS" ]; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishEnd) export GROUPER_TOMCAT_LOG_ACCESS=false"
+ export GROUPER_TOMCAT_LOG_ACCESS=false
+ fi
+ if [ -z "$GROUPER_REDIRECT_FROM_SLASH_TO_GROUPER" ]; then
+ if [ "$GROUPER_PROXY_PASS" = "#" ]; then
+
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishEnd) export GROUPER_REDIRECT_FROM_SLASH_TO_GROUPER=false"
+ export GROUPER_REDIRECT_FROM_SLASH_TO_GROUPER=false
+ else
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishEnd) export GROUPER_REDIRECT_FROM_SLASH_TO_GROUPER=true"
+ export GROUPER_REDIRECT_FROM_SLASH_TO_GROUPER=true
+
+ fi
+
+ fi
+
+}
+
+prep_finish() {
+
+ if [ "$GROUPER_SETUP_FILES_COMPLETE" = "true" ]
+ then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finish) GROUPER_SETUP_FILES_COMPLETE=true, skipping startup prep"
+ prep_unsetAllAndFromFiles
+
+ return
+ fi
+
+ grouperScriptHooks_prepComponentPost
+
+ prep_finishBegin
+
+ prepOnly
+
+ prep_runUi
+ prep_runWs
+
+ prep_finishEnd
+
+ grouperScriptHooks_finishPrepPost
+
+ prep_unsetAllAndFromFiles
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finish) End prep"
+}
+
+prep_unsetAllAndFromFiles() {
+ prep_unsetAll
+ prepOnly_unsetAll
+}
+
+prep_unsetAll() {
+ unset -f prep_conf
+ unset -f prep_daemon
+ unset -f prep_finish
+ unset -f prep_finishBegin
+ unset -f prep_finishEnd
+ unset -f prep_initDeprecatedEnvVars
+ unset -f prep_openshift
+ unset -f prep_quickstart
+ unset -f prep_runUi
+ unset -f prep_runWs
+ unset -f prep_unsetAll
+ unset -f prep_unsetAllAndFromFiles
+ unset -f prep_ui
+ unset -f prep_ws
+
+}
+
+prep_exportAll() {
+ export -f prep_conf
+ export -f prep_daemon
+ export -f prep_finish
+ export -f prep_finishBegin
+ export -f prep_finishEnd
+ export -f prep_initDeprecatedEnvVars
+ export -f prep_openshift
+ export -f prep_quickstart
+ export -f prep_runUi
+ export -f prep_runWs
+ export -f prep_unsetAll
+ export -f prep_unsetAllAndFromFiles
+ export -f prep_ui
+ export -f prep_ws
+}
+
+# export everything
+prep_exportAll
+
diff --git a/container_files/usr-local-bin/libraryPrepOnly.sh b/container_files/usr-local-bin/libraryPrepOnly.sh
new file mode 100644
index 00000000..5895f982
--- /dev/null
+++ b/container_files/usr-local-bin/libraryPrepOnly.sh
@@ -0,0 +1,98 @@
+#!/bin/bash
+
+prepOnly_component() {
+ if [ "$GROUPER_WS" = "true" ] && [ "$GROUPER_UI" != "true" ] && [ "$GROUPER_DAEMON" != "true" ]
+ then
+ if [ -z "$GROUPER_WS_ONLY" ] ; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prepOnly_component) export GROUPER_WS_ONLY=true"
+ export GROUPER_WS_ONLY=true
+ fi
+ fi
+
+ if [ "$GROUPER_WS" != "true" ] && [ "$GROUPER_UI" = "true" ] && [ "$GROUPER_DAEMON" != "true" ]
+ then
+ if [ -z "$GROUPER_UI_ONLY" ] ; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prepOnly_component) export GROUPER_UI_ONLY=true"
+ export GROUPER_UI_ONLY=true
+ fi
+ fi
+
+ if [ "$GROUPER_WS" != "true" ] && [ "$GROUPER_UI" != "true" ] && [ "$GROUPER_DAEMON" = "true" ]
+ then
+ if [ -z "$GROUPER_DAEMON_ONLY" ] ; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prepOnly_component) export GROUPER_DAEMON_ONLY=true"
+ export GROUPER_DAEMON_ONLY=true
+ fi
+ fi
+}
+
+prepOnly_ui() {
+ if [ "$GROUPER_UI_ONLY" = "true" ]
+ then
+ if [ -z "$GROUPER_LOG_PREFIX" ]; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prepOnly_ui) export GROUPER_LOG_PREFIX=grouper-ui"
+ export GROUPER_LOG_PREFIX=grouper-ui
+ fi
+ fi
+}
+
+prepOnly_ws() {
+ if [ "$GROUPER_WS_ONLY" = "true" ]
+ then
+ if [ -z "$GROUPER_LOG_PREFIX" ]; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prepOnly_ui) export GROUPER_LOG_PREFIX=grouper-ws"
+ export GROUPER_LOG_PREFIX=grouper-ws
+ fi
+ if [ -z "$GROUPER_CONTEXT_COOKIES" ]; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prepOnly_ui) export GROUPER_CONTEXT_COOKIES=false"
+ export GROUPER_CONTEXT_COOKIES=false
+ fi
+ # default to whatever ws context is
+ if [ -z "$GROUPER_TOMCAT_CONTEXT" ] ; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prepOnly_ui) GROUPER_TOMCAT_CONTEXT=$GROUPERWS_URL_CONTEXT"
+ export GROUPER_TOMCAT_CONTEXT="$GROUPERWS_URL_CONTEXT"
+ fi
+ fi
+}
+
+prepOnly_daemon() {
+ if [ "$GROUPER_DAEMON_ONLY" = "true" ]
+ then
+ if [ -z "$GROUPER_LOG_PREFIX" ]; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prepOnly_daemon) GROUPER_LOG_PREFIX=grouper-daemon"
+ export GROUPER_LOG_PREFIX=grouper-daemon
+ fi
+ fi
+}
+
+prepOnly() {
+ prepOnly_component
+
+ prepOnly_ws
+
+ prepOnly_ui
+
+ prepOnly_daemon
+
+}
+
+prepOnly_unsetAll() {
+ unset -f prepOnly
+ unset -f prepOnly_component
+ unset -f prepOnly_daemon
+ unset -f prepOnly_ui
+ unset -f prepOnly_unsetAll
+ unset -f prepOnly_ws
+}
+
+prepOnly_exportAll() {
+ export -f prepOnly
+ export -f prepOnly_component
+ export -f prepOnly_daemon
+ export -f prepOnly_ui
+ export -f prepOnly_unsetAll
+ export -f prepOnly_ws
+}
+
+# export everything
+prepOnly_exportAll
diff --git a/container_files/usr-local-bin/libraryRunCommand.sh b/container_files/usr-local-bin/libraryRunCommand.sh
new file mode 100644
index 00000000..0f70bcc6
--- /dev/null
+++ b/container_files/usr-local-bin/libraryRunCommand.sh
@@ -0,0 +1,22 @@
+#!/bin/bash
+
+runCommand() {
+
+ echo "grouperContainer; INFO: (libraryRunCommand.sh-runCommand) Starting tomcat"
+ /opt/tomcat/bin/catalina.sh run
+}
+
+runCommand_unsetAll() {
+ unset -f runCommand
+ unset -f runCommand_unsetAll
+}
+
+runCommand_exportAll() {
+ export -f runCommand
+ export -f runCommand_unsetAll
+
+}
+
+# export everything
+runCommand_exportAll
+
diff --git a/container_files/usr-local-bin/librarySetupFiles.sh b/container_files/usr-local-bin/librarySetupFiles.sh
new file mode 100644
index 00000000..0611d922
--- /dev/null
+++ b/container_files/usr-local-bin/librarySetupFiles.sh
@@ -0,0 +1,352 @@
+#!/bin/bash
+
+setupFiles_linkGrouperSecrets() {
+ for filepath in /run/secrets/*; do
+ local label_file=`basename $filepath`
+ local file=$(echo $label_file| cut -d'_' -f 2)
+
+ if [ "$label_file" == "host-key.pem" ]; then
+ ln -sf /run/secrets/host-key.pem /etc/pki/tls/private/host-key.pem
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_linkGrouperSecrets) ln -sf /run/secrets/host-key.pem /etc/pki/tls/private/host-key.pem, result: $returnCode"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+ fi
+ done
+}
+
+setupFiles_rsyncSlashRoot() {
+ if [ -d "/opt/grouper/slashRoot" ]; then
+ # Copy any files into the root filesystem
+ rsync -l -r -v /opt/grouper/slashRoot/ /
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_rsyncSlashRoot) rsync -l -r -v /opt/grouper/slashRoot/ /, result: $returnCode"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+ fi
+}
+
+setupFiles_localLogging() {
+ additionalLoggersFile=/opt/grouper/grouperWebapp/WEB-INF/classes/log4j2.additionalLoggers.xml.txt
+ if [ -f $additionalLoggersFile ]; then
+ sed -i "/<!--MORELOGGERS-->/r $additionalLoggersFile" /opt/grouper/grouperWebapp/WEB-INF/classes/log4j2.xml
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_localLogging) sed -i '/<!--MORELOGGERS-->/r $additionalLoggersFile' /opt/grouper/grouperWebapp/WEB-INF/classes/log4j2.xml, result: $returnCode"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+ fi
+
+ additionalAppendersFile=/opt/grouper/grouperWebapp/WEB-INF/classes/log4j2.additionalAppenders.xml.txt
+ if [ -f $additionalAppendersFile ]; then
+ sed -i "/<!--MOREAPPENDERS-->/r $additionalAppendersFile" /opt/grouper/grouperWebapp/WEB-INF/classes/log4j2.xml
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_localLogging) sed -i '/<!--MOREAPPENDERS-->/r $additionalAppendersFile' /opt/grouper/grouperWebapp/WEB-INF/classes/log4j2.xml, result: $returnCode"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+ fi
+
+ if [ "$GROUPER_LOG_TO_HOST" = "true" ]; then
+ sed -i "s|__FILESTART__||g" /opt/grouper/grouperWebapp/WEB-INF/classes/log4j2.xml
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_localLogging) sed -i \"s|__FILESTART__||g\" /opt/grouper/grouperWebapp/WEB-INF/classes/log4j2.xml, result: $?"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+
+ sed -i "s|__FILEEND__||g" /opt/grouper/grouperWebapp/WEB-INF/classes/log4j2.xml
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_localLogging) sed -i \"s|__FILEEND__||g\" /opt/grouper/grouperWebapp/WEB-INF/classes/log4j2.xml, result: $?"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+ else
+ sed -i "s|__FILESTART__|<!--|g" /opt/grouper/grouperWebapp/WEB-INF/classes/log4j2.xml
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_localLogging) sed -i \"s|__FILESTART__|<!--|g\" /opt/grouper/grouperWebapp/WEB-INF/classes/log4j2.xml, result: $?"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+
+ sed -i "s|__FILEEND__|-->|g" /opt/grouper/grouperWebapp/WEB-INF/classes/log4j2.xml
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_localLogging) sed -i \"s|__FILEEND__|-->|g\" /opt/grouper/grouperWebapp/WEB-INF/classes/log4j2.xml, result: $?"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+ fi
+
+ # add semicolons
+ LOCAL_ENV=
+ if [ ! -z "$ENV" ] ; then
+ LOCAL_ENV="$ENV;"
+ fi
+
+ LOCAL_USERTOKEN=
+ if [ ! -z "$USERTOKEN" ] ; then
+ LOCAL_USERTOKEN="$USERTOKEN;"
+ fi
+
+ LOCAL_GROUPER_LOG_PREFIX=
+ if [ ! -z "$GROUPER_LOG_PREFIX" ] ; then
+ LOCAL_GROUPER_LOG_PREFIX="$GROUPER_LOG_PREFIX;"
+ fi
+
+ sed -i "s|__ENV__|$LOCAL_ENV|g" /opt/grouper/grouperWebapp/WEB-INF/classes/log4j2.xml
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_localLogging) sed -i \"s|__ENV__|$LOCAL_ENV|g\" /opt/grouper/grouperWebapp/WEB-INF/classes/log4j2.xml, result: $?"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+
+ sed -i "s|__USERTOKEN__|$LOCAL_USERTOKEN|g" /opt/grouper/grouperWebapp/WEB-INF/classes/log4j2.xml
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_localLogging) sed -i \"s|__USERTOKEN__|$LOCAL_USERTOKEN|g\" /opt/grouper/grouperWebapp/WEB-INF/classes/log4j2.xml, result: $?"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+
+ sed -i "s|__GROUPER_LOG_PREFIX__|$LOCAL_GROUPER_LOG_PREFIX|g" /opt/grouper/grouperWebapp/WEB-INF/classes/log4j2.xml
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_localLogging) sed -i \"s|__GROUPER_LOG_PREFIX__|$LOCAL_GROUPER_LOG_PREFIX|g\" /opt/grouper/grouperWebapp/WEB-INF/classes/log4j2.xml, result: $?"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+
+}
+
+setupFiles_loggingPrefix() {
+ sed -i "s|__GROUPER_LOG_PREFIX__|$GROUPER_LOG_PREFIX|g" /opt/grouper/grouperWebapp/WEB-INF/classes/log4j2.xml
+ echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_loggingPrefix) Changing log prefix to $GROUPER_LOG_PREFIX in log4j2.xml, result: $?"
+
+ cp /opt/grouper/grouperWebapp/WEB-INF/classes/log4j2.xml /opt/tomcat/conf/log4j2.xml
+ echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_loggingPrefix) cp /opt/grouper/grouperWebapp/WEB-INF/classes/log4j2.xml /opt/tomcat/conf/log4j2.xml, result: $?"
+}
+
+setupFiles_chownDirs() {
+ # do this last
+ if [ "$GROUPER_CHOWN_DIRS" = "true" ]
+ then
+ /opt/container_files/docker-build-bin/containerDockerfileInstallPermissions.sh tomcat root
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_chownDirs) /opt/container_files/docker-build-bin/containerDockerfileInstallPermissions.sh tomcat root, result: $returnCode"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+ fi
+}
+
+setupFiles_storeEnvVars() {
+
+ echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_storeEnvVars) Start store env vars in /opt/grouper/grouperEnv.sh"
+
+ echo "#!/bin/sh" > /opt/grouper/grouperEnv.sh
+ echo "" >> /opt/grouper/grouperEnv.sh
+ echo "UMASK=002" >> /opt/grouper/grouperEnv.sh
+ # go through env vars, should start with GROUPER*; this handles quoting but not multiline
+ export -p | grep "^declare -x GROUPER" | sort >> /opt/grouper/grouperEnv.sh
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_storeEnvVars) export -p | grep \"^declare -x GROUPER\" | sort >> /opt/grouper/grouperEnv.sh, result: $returnCode"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+
+ # declare -x exports to the current and child processes, but not globally to the procid=1 process; `export` works, as well as `declare -x -g`
+ sed -i "s|^declare -x |export |" /opt/grouper/grouperEnv.sh
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_storeEnvVars) sed -i \"s|^declare -x |export |\" /opt/grouper/grouperEnv.sh, result: $returnCode"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+
+ echo "" >> /opt/grouper/grouperEnv.sh
+
+ echo "export JAVA_HOME=$GROUPER_JAVA_HOME" >> /opt/grouper/grouperEnv.sh
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_storeEnvVars) echo \"export JAVA_HOME=$GROUPER_JAVA_HOME\" >> /opt/grouper/grouperEnv.sh, result: $returnCode"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+
+ if [ ! -f /home/tomcat/.bashrc ]
+ then
+ echo "grouperContainer; ERROR: (librarySetupFiles.sh-setupFiles_storeEnvVars) Why doesnt /home/tomcat/.bashrc exist????"
+ exit 1
+ fi
+ if ! grep -q grouperEnv /home/tomcat/.bashrc
+ then
+ echo "" >> /home/tomcat/.bashrc
+ echo ". /opt/grouper/grouperEnv.sh" >> /home/tomcat/.bashrc
+ echo "" >> /home/tomcat/.bashrc
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_storeEnvVars) echo \". /opt/grouper/grouperEnv.sh\" >> /home/tomcat/.bashrc , result: $returnCode"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+ fi
+
+ # if we own this file (i.e. running as root)
+ if [[ -O "/etc/bashrc" ]]; then
+ # we need these global
+ if [ ! -f /etc/bashrc ]
+ then
+ echo "grouperContainer; ERROR: (librarySetupFiles.sh-setupFiles_storeEnvVars) Why doesnt /etc/bashrc exist????"
+ exit 1
+ fi
+ if ! grep -q GROUPER_GSH_CHECK_USER /etc/bashrc
+ then
+ echo "" >> /etc/bashrc
+ echo "export GROUPER_GSH_CHECK_USER=$GROUPER_GSH_CHECK_USER" >> /etc/bashrc
+ echo "export GROUPER_GSH_USER=$GROUPER_GSH_USER" >> /etc/bashrc
+ if [ "$GROUPER_PUT_JAVA_HOME_IN_BASHRC" = "true" ]; then
+ echo "export JAVA_HOME=$GROUPER_JAVA_HOME" >> /etc/bashrc
+ echo "export PATH=$GROUPER_JAVA_HOME/bin:\$PATH" >> /etc/bashrc
+ fi
+ echo "" >> /etc/bashrc
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_storeEnvVars) echo env var script to /etc/bashrc, result: $returnCode"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+ fi
+ fi
+ echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_storeEnvVars) End store env vars in /opt/grouper/grouperEnv.sh"
+}
+
+setupFiles_originalFile() {
+ fullPath=$1
+ fileName="$(basename $fullPath)"
+ originalFilePath="/opt/tier-support/originalFiles/$fileName"
+ if [ -f "$fullPath" ]; then
+ if [ -f "$originalFilePath" ]; then
+ if cmp "$fullPath" "$originalFilePath" >/dev/null 2>&1
+ then
+ # true, same
+ return 0
+ else
+ # false, different
+ return 1
+ fi
+ else
+ # false, different
+ return 1
+ fi
+ fi
+ # didnt exist and still doesnt... same?
+ return 0
+}
+
+
+setupFiles_analyzeOriginalFiles() {
+
+ setupFiles_originalFile /opt/tomcat/conf/Catalina/localhost/grouper.xml
+ original_file=$?
+ if [ -z "$GROUPER_ORIGFILE_GROUPER_XML" ] && [[ $original_file -eq 0 ]]
+ then
+ echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_analyzeOriginalFiles) export GROUPER_ORIGFILE_GROUPER_XML=true"
+ export GROUPER_ORIGFILE_GROUPER_XML=true
+ fi
+ if [ -z "$GROUPER_ORIGFILE_GROUPER_XML" ] ; then
+ echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_analyzeOriginalFiles) export GROUPER_ORIGFILE_GROUPER_XML=false"
+ export GROUPER_ORIGFILE_GROUPER_XML=false
+ fi
+
+ setupFiles_originalFile /opt/tomcat/conf/server.xml
+ original_file=$?
+ if [ -z "$GROUPER_ORIGFILE_SERVER_XML" ] && [[ $original_file -eq 0 ]]
+ then
+ echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_analyzeOriginalFiles) export GROUPER_ORIGFILE_SERVER_XML=true"
+ export GROUPER_ORIGFILE_SERVER_XML=true
+ fi
+ if [ -z "$GROUPER_ORIGFILE_SERVER_XML" ] ; then
+ echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_analyzeOriginalFiles) export GROUPER_ORIGFILE_SERVER_XML=false"
+ export GROUPER_ORIGFILE_SERVER_XML=false
+ fi
+
+ setupFiles_originalFile /opt/grouper/grouperWebapp/WEB-INF/classes/log4j2.xml
+ original_file=$?
+ if [ -z "$GROUPER_ORIGFILE_LOG4J_PROPERTIES" ] && [[ $original_file -eq 0 ]]
+ then
+ echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_analyzeOriginalFiles) export GROUPER_ORIGFILE_LOG4J_PROPERTIES=true"
+ export GROUPER_ORIGFILE_LOG4J_PROPERTIES=true
+ fi
+ if [ -z "$GROUPER_ORIGFILE_LOG4J_PROPERTIES" ] ; then
+ echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_analyzeOriginalFiles) export GROUPER_ORIGFILE_LOG4J_PROPERTIES=false"
+ export GROUPER_ORIGFILE_LOG4J_PROPERTIES=false
+ fi
+
+ setupFiles_originalFile /opt/tomcat/conf/Catalina/localhost/grouper.xml
+ original_file=$?
+ if [ -z "$GROUPER_ORIGFILE_GROUPER_XML" ] && [[ $original_file -eq 0 ]]
+ then
+ echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_analyzeOriginalFiles) export GROUPER_ORIGFILE_GROUPER_XML=true"
+ export GROUPER_ORIGFILE_GROUPER_XML=true
+ fi
+ if [ -z "$GROUPER_ORIGFILE_GROUPER_XML" ] ; then
+ echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_analyzeOriginalFiles) export GROUPER_ORIGFILE_GROUPER_XML=false"
+ export GROUPER_ORIGFILE_GROUPER_XML=false
+ fi
+
+ setupFiles_originalFile /opt/grouper/grouperWebapp/WEB-INF/web.xml
+ original_file=$?
+ if [ -z "$GROUPER_ORIGFILE_WEBAPP_WEB_XML" ] && [[ $original_file -eq 0 ]]
+ then
+ echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_analyzeOriginalFiles) export GROUPER_ORIGFILE_WEBAPP_WEB_XML=true"
+ export GROUPER_ORIGFILE_WEBAPP_WEB_XML=true
+ fi
+ if [ -z "$GROUPER_ORIGFILE_WEBAPP_WEB_XML" ] ; then
+ echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_analyzeOriginalFiles) export GROUPER_ORIGFILE_WEBAPP_WEB_XML=false"
+ export GROUPER_ORIGFILE_WEBAPP_WEB_XML=false
+ fi
+
+
+}
+
+setupFiles() {
+
+ if [ "$GROUPER_SETUP_FILES_COMPLETE" = "true" ]
+ then
+ echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles) GROUPER_SETUP_FILES_COMPLETE=true, skipping setting up files (including not syncing slashRoot again)"
+ setupFiles_unsetAllAndFromFiles
+ return
+ fi
+
+ setupFiles_rsyncSlashRoot
+
+ setupFiles_analyzeOriginalFiles
+
+ # do this first
+ setupFiles_storeEnvVars
+
+ setupFiles_linkGrouperSecrets
+
+ setupFilesTomcat
+
+ setupFilesForComponent
+
+ setupFiles_localLogging
+
+ setupFiles_loggingPrefix
+
+ grouperScriptHooks_setupFilesPost
+
+ # do this last
+ setupFiles_chownDirs
+
+ grouperScriptHooks_setupFilesPostChown
+
+ export GROUPER_SETUP_FILES_COMPLETE=true
+ echo 'export GROUPER_SETUP_FILES_COMPLETE=true' >> /opt/grouper/grouperEnv.sh
+
+ setupFiles_unsetAllAndFromFiles
+}
+
+setupFiles_unsetAllAndFromFiles() {
+ setupFiles_unsetAll
+ setupFilesTomcat_unsetAll
+ grouperScriptHooks_unsetAll
+}
+
+
+setupFiles_unsetAll() {
+ unset -f setupFiles
+ unset -f setupFiles_analyzeOriginalFiles
+ unset -f setupFiles_chownDirs
+ unset -f setupFiles_linkGrouperSecrets
+ unset -f setupFiles_localLogging
+ unset -f setupFiles_loggingPrefix
+ unset -f setupFiles_originalFile
+ unset -f setupFiles_rsyncSlashRoot
+ unset -f setupFiles_storeEnvVars
+ unset -f setupFiles_unsetAll
+ unset -f setupFiles_unsetAllAndFromFiles
+}
+
+setupFiles_exportAll() {
+ export -f setupFiles
+ export -f setupFiles_analyzeOriginalFiles
+ export -f setupFiles_chownDirs
+ export -f setupFiles_linkGrouperSecrets
+ export -f setupFiles_localLogging
+ export -f setupFiles_loggingPrefix
+ export -f setupFiles_originalFile
+ export -f setupFiles_removePids
+ export -f setupFiles_rsyncSlashRoot
+ export -f setupFiles_storeEnvVars
+ export -f setupFiles_unsetAll
+ export -f setupFiles_unsetAllAndFromFiles
+}
+
+# export everything
+setupFiles_exportAll
+
+
diff --git a/container_files/usr-local-bin/librarySetupFilesForComponent.sh b/container_files/usr-local-bin/librarySetupFilesForComponent.sh
new file mode 100644
index 00000000..c116e2ed
--- /dev/null
+++ b/container_files/usr-local-bin/librarySetupFilesForComponent.sh
@@ -0,0 +1,84 @@
+#!/bin/bash
+
+setupFilesForComponent_ws() {
+
+ # copy files to their appropriate locations based on passed in flags
+ if [ "$GROUPER_WS" = "true" ]
+ then
+ cp -r /opt/grouper/grouperWebapp/WEB-INF/libWs/* /opt/grouper/grouperWebapp/WEB-INF/lib/
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFilesForComponent.sh-setupFilesForComponent_ws) cp -r /opt/grouper/grouperWebapp/WEB-INF/libWs/* /opt/grouper/grouperWebapp/WEB-INF/lib/ , result: $returnCode"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+ fi
+
+}
+
+
+setupFilesForComponent_ui() {
+
+ if [ "$GROUPER_UI" = "true" ] || [ "$GROUPER_DAEMON" = "true" ]
+ then
+ cp -r /opt/grouper/grouperWebapp/WEB-INF/libUiAndDaemon/* /opt/grouper/grouperWebapp/WEB-INF/lib/
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFilesForComponent.sh-setupFilesForComponent_ui) cp -r /opt/grouper/grouperWebapp/WEB-INF/libUiAndDaemon/* /opt/grouper/grouperWebapp/WEB-INF/lib/ , result: $returnCode"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+ fi
+
+}
+
+setupFilesForComponent_quickstart() {
+
+ if [ ! -z "$GROUPERSYSTEM_QUICKSTART_PASS" ]
+ then
+ if [ "$GROUPER_UI_GROUPER_AUTH" = 'true' ]
+ then
+ echo '' >> /opt/grouper/grouperWebapp/WEB-INF/classes/grouper.hibernate.base.properties
+ echo 'grouperPasswordConfigOverride_UI_GrouperSystem_pass.elConfig = ${elUtils.processEnvVarOrFile('"'"'GROUPERSYSTEM_QUICKSTART_PASS'"'"')}' >> /opt/grouper/grouperWebapp/WEB-INF/classes/grouper.hibernate.properties
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFilesForComponent.sh-setupFilesForComponent_quickstart) edit grouper.hibernate.base.properties with UI GrouperSystem password for quick start, result: $returnCode"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+ fi
+ if [ "$GROUPER_WS_GROUPER_AUTH" = 'true' ]
+ then
+ echo '' >> /opt/grouper/grouperWebapp/WEB-INF/classes/grouper.hibernate.base.properties
+ echo 'grouperPasswordConfigOverride_WS_GrouperSystem_pass.elConfig = ${elUtils.processEnvVarOrFile('"'"'GROUPERSYSTEM_QUICKSTART_PASS'"'"')}' >> /opt/grouper/grouperWebapp/WEB-INF/classes/grouper.hibernate.properties
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFilesForComponent.sh-setupFilesForComponent_quickstart) edit grouper.hibernate.base.properties with WS GrouperSystem password for quick start, result: $returnCode"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+ fi
+ fi
+
+}
+
+setupFilesForComponent() {
+
+ setupFilesForComponent_ws
+
+ setupFilesForComponent_ui
+
+ setupFilesForComponent_quickstart
+
+}
+
+
+setupFilesForComponent_unsetAll() {
+ unset -f setupFilesForComponent
+ unset -f setupFilesForComponent_quickstart
+ unset -f setupFilesForComponent_ui
+ unset -f setupFilesForComponent_unsetAll
+ unset -f setupFilesForComponent_ws
+}
+
+setupFilesForComponent_exportAll() {
+ export -f setupFilesForComponent
+ export -f setupFilesForComponent_quickstart
+ export -f setupFilesForComponent_ui
+ export -f setupFilesForComponent_unsetAll
+ export -f setupFilesForComponent_ws
+
+}
+
+# export everything
+setupFilesForComponent_exportAll
+
+
diff --git a/container_files/usr-local-bin/librarySetupFilesTomcat.sh b/container_files/usr-local-bin/librarySetupFilesTomcat.sh
new file mode 100644
index 00000000..0311701d
--- /dev/null
+++ b/container_files/usr-local-bin/librarySetupFilesTomcat.sh
@@ -0,0 +1,285 @@
+#!/bin/bash
+
+setupFilesTomcat() {
+ setupFilesTomcat_turnOnAjp
+ setupFilesTomcat_authn
+ setupFilesTomcat_context
+ setupFilesTomcat_ports
+ setupFilesTomcat_accessLogs
+ setupFilesTomcat_sessionTimeout
+ setupFilesTomcat_ssl
+ setupFilesTomcat_sslCertsAnchors
+ setupFilesTomcat_sslCertsClient
+}
+
+
+setupFilesTomcat_turnOnAjp() {
+
+ if [ "$GROUPER_ORIGFILE_SERVER_XML" = "true" ]; then
+ cp /opt/tomcat/conf/server.xml /opt/tomcat/conf/server.xml.currentOriginalInContainer
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_turnOnAjp) cp /opt/tomcat/conf/server.xml /opt/tomcat/conf/server.xml.currentOriginalInContainer , result: $returnCode"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+
+ patch /opt/tomcat/conf/server.xml /opt/tomcat/conf/server.xml.turnOnAjp.patch
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_turnOnAjp) Patch server.xml to turn on ajp: patch /opt/tomcat/conf/server.xml /opt/tomcat/conf/server.xml.turnOnAjp.patch, result: $returnCode"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+ else
+ echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_turnOnAjp) /opt/tomcat/conf/server.xml is not the original file so will not be edited"
+ fi
+
+}
+
+setupFilesTomcat_accessLogs() {
+
+ if [ "$GROUPER_ORIGFILE_SERVER_XML" = "true" ]; then
+ if [ "$GROUPER_TOMCAT_LOG_ACCESS" != "true" ]; then
+
+ patch /opt/tomcat/conf/server.xml /opt/tomcat/conf/server.xml.nologging.patch
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_accessLogs) Patch server.xml to not log access: patch /opt/tomcat/conf/server.xml /opt/tomcat/conf/server.xml.nologging.patch , result: $returnCode"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+
+ fi
+ else
+ echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_accessLogs) /opt/tomcat/conf/server.xml is not the original file so will not be edited"
+ fi
+
+}
+
+setupFilesTomcat_ports() {
+
+ if [ "$GROUPER_TOMCAT_HTTP_PORT" != "8080" ]; then
+ sed -i "s|8080|$GROUPER_TOMCAT_HTTP_PORT|g" /opt/tomcat/conf/server.xml
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_ports) update server.xml to change http port: sed -i \"s|8080|$GROUPER_TOMCAT_HTTP_PORT|g\" /opt/tomcat/conf/server.xml, result: $returnCode"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+ fi
+
+ if [ "$GROUPER_TOMCAT_AJP_PORT" != "8009" ]; then
+ sed -i "s|8009|$GROUPER_TOMCAT_AJP_PORT|g" /opt/tomcat/conf/server.xml
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_ports) update server.xml to change ajp port: sed -i \"s|8009|$GROUPER_TOMCAT_AJP_PORT|g\" /opt/tomcat/conf/server.xml, result: $returnCode"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+ fi
+
+ if [ "$GROUPER_TOMCAT_MAX_HEADER_COUNT" != "-1" ]; then
+ # add in maxHeaderCount since new chrome sends too many headers
+ sed -i "s|port=\"$GROUPER_TOMCAT_AJP_PORT\"|port=\"$GROUPER_TOMCAT_AJP_PORT\" maxHeaderCount=\"$GROUPER_TOMCAT_MAX_HEADER_COUNT\" |g" /opt/tomcat/conf/server.xml
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_ports) update server.xml add maxHeaderCount: sed -i \"s|port=\"$GROUPER_TOMCAT_AJP_PORT\"|port=\"$GROUPER_TOMCAT_AJP_PORT\" maxHeaderCount=\"$GROUPER_TOMCAT_MAX_HEADER_COUNT\" |g\" /opt/tomcat/conf/server.xml, result: $returnCode"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+ fi
+
+ if [ "$GROUPER_TOMCAT_SHUTDOWN_PORT" != "8005" ]; then
+ sed -i "s|8005|$GROUPER_TOMCAT_SHUTDOWN_PORT|g" /opt/tomcat/conf/server.xml
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_ports) update server.xml to change shutdown port: sed -i \"s|8005|$GROUPER_TOMCAT_SHUTDOWN_PORT|g\" /opt/tomcat/conf/server.xml , result: $returnCode"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+ fi
+}
+
+setupFilesTomcat_context() {
+
+ if [ -f /opt/tomcat/conf/Catalina/localhost/grouper.xml ]
+ then
+ if [ "$GROUPER_ORIGFILE_GROUPER_XML" = "true" ]; then
+ # ws only doesnt have cookies
+ sed -i "s|__GROUPER_CONTEXT_COOKIES__|$GROUPER_CONTEXT_COOKIES|g" /opt/tomcat/conf/Catalina/localhost/grouper.xml
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_context) Replace context cookies in grouper.xml: sed -i \"s|__GROUPER_CONTEXT_COOKIES__|$GROUPER_CONTEXT_COOKIES|g\" /opt/tomcat/conf/Catalina/localhost/grouper.xml , result: $returnCode"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+
+ # setup context
+ sed -i "s|__GROUPER_TOMCAT_CONTEXT__|$GROUPER_TOMCAT_CONTEXT|g" /opt/tomcat/conf/Catalina/localhost/grouper.xml
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_context) Replace tomcat context in grouper.xml: sed -i \"s|__GROUPER_TOMCAT_CONTEXT__|$GROUPER_TOMCAT_CONTEXT|g\" /opt/tomcat/conf/Catalina/localhost/grouper.xml, result: $returnCode"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+
+ # rename file if needed since that can matter with tomcat
+ if [ "$GROUPER_TOMCAT_CONTEXT" != "grouper" ]
+ then
+ mv -v /opt/tomcat/conf/Catalina/localhost/grouper.xml "/opt/tomcat/conf/Catalina/localhost/$GROUPER_TOMCAT_CONTEXT.xml"
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_context) mv -v /opt/tomcat/conf/Catalina/localhost/grouper.xml \"/opt/tomcat/conf/Catalina/localhost/$GROUPER_TOMCAT_CONTEXT.xml\" , result: $returnCode"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+ fi
+ else
+ echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_context) /opt/tomcat/conf/Catalina/localhost/grouper.xml is not the original file so will not be edited"
+ fi
+ fi
+
+}
+
+setupFilesTomcat_authn() {
+
+ if [ "$GROUPER_WS_TOMCAT_AUTHN" = "true" ]
+ then
+
+ if [ "$GROUPER_ORIGFILE_WEBAPP_WEB_XML" = "true" ]; then
+ cp /opt/tier-support/web.wsTomcatAuthn.xml /opt/grouper/grouperWebapp/WEB-INF/web.xml
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_authn) cp /opt/tier-support/web.wsTomcatAuthn.xml /opt/grouper/grouperWebapp/WEB-INF/web.xml , result: $returnCode"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+ else
+ echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_authn) /opt/grouper/grouperWebapp/WEB-INF/web.xml is not the original file so will not be edited"
+ fi
+
+ sed -i 's|tomcatAuthentication="false"|tomcatAuthentication="true"|g' /opt/tomcat/conf/server.xml
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_authn) sed -i 's|tomcatAuthentication=\"false\"|tomcatAuthentication=\"true\"|g' /opt/tomcat/conf/server.xml, result: $returnCode"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+
+ fi
+
+}
+
+setupFilesTomcat_sessionTimeout() {
+
+ if [ "$GROUPER_RUN_TOMCAT" = "true" ] && [ "$GROUPER_TOMCAT_SESSION_TIMEOUT_MINUTES" != "-2" ]
+ then
+ sed -i "s|<session-timeout>30</session-timeout>|<session-timeout>$GROUPER_TOMCAT_SESSION_TIMEOUT_MINUTES</session-timeout>|g" /opt/tomcat/conf/web.xml
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_sessionTimeout) based on GROUPER_TOMCAT_SESSION_TIMEOUT_MINUTES, sed -i \"s|<session-timeout>30</session-timeout>|<session-timeout>$GROUPER_TOMCAT_SESSION_TIMEOUT_MINUTES</session-timeout>|g\" /opt/tomcat/conf/web.xml , result=$returnCode"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+ fi
+}
+
+setupFilesTomcat_ssl() {
+
+ if [ "$GROUPER_WEBCLIENT_IS_SSL" = "false" ]
+ then
+ sed -i 's|secure="true"||g' /opt/tomcat/conf/server.xml
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_ssl) based on GROUPER_WEBCLIENT_IS_SSL, sed -i 's|secure=\"true\"||g' /opt/tomcat/conf/server.xml , result=$returnCode"
+ if [ $returnCode != 0 ] && [ "$GROUPER_ORIGFILE_SERVER_XML" = "true" ]
+ then
+ exit $returnCode
+ fi
+ sed -i 's|scheme="https"|scheme="http"|g' /opt/tomcat/conf/server.xml
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_ssl) based on GROUPER_WEBCLIENT_IS_SSL, sed -i 's|scheme=\"https\"|scheme=\"http\"|g' /opt/tomcat/conf/server.xml , result=$returnCode"
+ if [ $returnCode != 0 ] && [ "$GROUPER_ORIGFILE_SERVER_XML" = "true" ]
+ then
+ exit $returnCode
+ fi
+ fi
+}
+
+setupFilesTomcat_sslCertsAnchors() {
+
+ # the container user (we arent sure who this is) should be able to update root certs
+ # echo 'ALL ALL=NOPASSWD: /bin/update-ca-trust' | sudo EDITOR='tee -n' visudo
+
+
+ if [ -n "$(ls -A /opt/grouper/certs/anchors/ 2>/dev/null)" ]; then
+
+ amiroot=`whoami`
+ if [ "$amiroot" = "root" ]; then
+
+ echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_sslCertsAnchors) There are anchor certs in /opt/grouper/certs/anchors/ to process"
+
+ /usr/bin/cp -v /opt/grouper/certs/anchors/* /etc/pki/ca-trust/source/anchors
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_sslCertsAnchors) /usr/bin/cp -v /opt/grouper/certs/anchors/* /etc/pki/ca-trust/source/anchors , result=$returnCode"
+ if [ $returnCode != 0 ]
+ then
+ exit $returnCode
+ fi
+
+ /bin/update-ca-trust
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_sslCertsAnchors) /bin/update-ca-trust , result=$returnCode"
+ if [ $returnCode != 0 ]
+ then
+ exit $returnCode
+ fi
+
+ else
+ echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_sslCertsAnchors) There are anchor certs in /opt/grouper/certs/anchors/ to process but not running as root so run this in subimage: /bin/update-ca-trust"
+ fi
+
+ else
+ echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_sslCertsAnchors) There are no anchor certs in /opt/grouper/certs/anchors/ to process"
+ fi
+
+}
+
+setupFilesTomcat_sslCertsClient() {
+
+ if [ -n "$(ls -A /opt/grouper/certs/client/*.pem 2>/dev/null)" ]; then
+
+ chmod u+w $JAVA_HOME/lib/security/cacerts
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_sslCertsAnchors) chmod u+w $JAVA_HOME/lib/security/cacerts , result=$returnCode"
+ if [ $returnCode != 0 ]
+ then
+ exit $returnCode
+ fi
+
+ for fileName in /opt/grouper/certs/client/*.pem; do
+ [ -f "$fileName" ] || break
+
+ fileNameNoExtension=$(basename -- "$fileName")
+ fileNameNoExtension="${fileNameNoExtension%.*}"
+ /usr/lib/jvm/java/bin/keytool -import -noprompt -keystore $JAVA_HOME/lib/security/cacerts -storepass changeit -alias "$fileNameNoExtension" -file "$fileName"
+
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_sslCertsAnchors) /usr/lib/jvm/java/bin/keytool -import -noprompt -keystore $JAVA_HOME/lib/security/cacerts -storepass changeit -alias \"$fileNameNoExtension\" -file \"$fileName\" , result=$returnCode"
+ if [ $returnCode != 0 ]
+ then
+ exit $returnCode
+ fi
+
+ done
+
+ chmod u-w $JAVA_HOME/lib/security/cacerts
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_sslCertsAnchors) chmod u-w $JAVA_HOME/lib/security/cacerts , result=$returnCode"
+ if [ $returnCode != 0 ]
+ then
+ exit $returnCode
+ fi
+
+ else
+ echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_sslCertsClient) There are no client certs in /opt/grouper/certs/client/*.pem to process"
+ fi
+
+}
+
+
+setupFilesTomcat_unsetAll() {
+
+ unset -f setupFilesTomcat
+ unset -f setupFilesTomcat_authn
+ unset -f setupFilesTomcat_context
+ unset -f setupFilesTomcat_ports
+ unset -f setupFilesTomcat_ssl
+ unset -f setupFilesTomcat_sslCertsAnchors
+ unset -f setupFilesTomcat_sslCertsClient
+ unset -f setupFilesTomcat_unsetAll
+ unset -f setupFilesTomcat_accessLogs
+ unset -f setupFilesTomcat_sessionTimeout
+ unset -f setupFilesTomcat_turnOnAjp
+
+}
+
+setupFilesTomcat_exportAll() {
+
+ export -f setupFilesTomcat
+ export -f setupFilesTomcat_authn
+ export -f setupFilesTomcat_context
+ export -f setupFilesTomcat_ports
+ export -f setupFilesTomcat_ssl
+ export -f setupFilesTomcat_sslCertsAnchors
+ export -f setupFilesTomcat_sslCertsClient
+ export -f setupFilesTomcat_unsetAll
+ export -f setupFilesTomcat_accessLogs
+ export -f setupFilesTomcat_sessionTimeout
+ export -f setupFilesTomcat_turnOnAjp
+}
+
+# export everything
+setupFilesTomcat_exportAll
+
diff --git a/container_files/usr-local-bin/quickstart b/container_files/usr-local-bin/quickstart
new file mode 100755
index 00000000..d15780d9
--- /dev/null
+++ b/container_files/usr-local-bin/quickstart
@@ -0,0 +1,10 @@
+#!/bin/bash
+
+prep_quickstart
+prep_ui
+prep_ws
+prep_daemon
+prep_finish
+setupFiles
+
+runCommand
diff --git a/container_files/usr-local-bin/scim b/container_files/usr-local-bin/scim
deleted file mode 100755
index ffe12b37..00000000
--- a/container_files/usr-local-bin/scim
+++ /dev/null
@@ -1,7 +0,0 @@
-#!/bin/bash
-
-. /usr/local/bin/library.sh
-
-prepSCIM
-
-exec /usr/bin/supervisord -c /opt/tier-support/supervisord-tomee.conf
diff --git a/container_files/usr-local-bin/ui b/container_files/usr-local-bin/ui
index a03ed585..ef417f8b 100755
--- a/container_files/usr-local-bin/ui
+++ b/container_files/usr-local-bin/ui
@@ -1,9 +1,7 @@
#!/bin/bash
-. /usr/local/bin/library.sh
+prep_ui
+prep_finish
+setupFiles
-prepUI
-
-export LD_LIBRARY_PATH=/opt/shibboleth/lib64:$LD_LIBRARY_PATH
-
-exec /usr/bin/supervisord -c /opt/tier-support/supervisord-tomcat.conf
+runCommand
\ No newline at end of file
diff --git a/container_files/usr-local-bin/ui-ws b/container_files/usr-local-bin/ui-ws
index de1384c4..4e5dd61e 100755
--- a/container_files/usr-local-bin/ui-ws
+++ b/container_files/usr-local-bin/ui-ws
@@ -1,10 +1,8 @@
#!/bin/bash
-. /usr/local/bin/library.sh
+prep_ui
+prep_ws
+prep_finish
+setupFiles
-prepUI
-prepWS
-
-export LD_LIBRARY_PATH=/opt/shibboleth/lib64:$LD_LIBRARY_PATH
-
-/usr/bin/supervisord -c /opt/tier-support/supervisord-tomcat.conf
+runCommand
\ No newline at end of file
diff --git a/container_files/usr-local-bin/ws b/container_files/usr-local-bin/ws
index 0e10b688..6fafe7f0 100755
--- a/container_files/usr-local-bin/ws
+++ b/container_files/usr-local-bin/ws
@@ -1,7 +1,7 @@
#!/bin/bash
-. /usr/local/bin/library.sh
+prep_ws
+prep_finish
+setupFiles
-prepWS
-
-exec /usr/bin/supervisord -c /opt/tier-support/supervisord-tomcat.conf
+runCommand
\ No newline at end of file
diff --git a/container_files/ws/classes/log4j.properties b/container_files/ws/classes/log4j.properties
deleted file mode 100644
index c104dc10..00000000
--- a/container_files/ws/classes/log4j.properties
+++ /dev/null
@@ -1,144 +0,0 @@
-
-#
-# Copyright 2014 Internet2
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-#${grouper.home} will be substituted with the System property "grouper.home", which must have a trailing \ or /
-# depending on your OS. Of course you can use absolute paths if you prefer
-
-
-#
-# log4j Configuration
-# $Id: log4j.example.properties,v 1.13 2009-12-18 13:56:51 tzeller Exp $
-#
-
-# Appenders
-
-## Grouper API event logging
-log4j.appender.grouper_event = org.apache.log4j.FileAppender
-log4j.appender.grouper_event.file = /tmp/logpipe
-log4j.appender.grouper_event.append = true
-log4j.appender.grouper_event.layout = org.apache.log4j.PatternLayout
-log4j.appender.grouper_event.layout.ConversionPattern = grouper-ws;grouper_event.log;${ENV};${USERTOKEN};%d{ISO8601}: [%t] %-5p %C{1}.%M(%L) - %x - %m%n
-
-## Grouper API error logging
-log4j.appender.grouper_error = org.apache.log4j.FileAppender
-log4j.appender.grouper_error.file = /tmp/logpipe
-log4j.appender.grouper_errot.append = true
-log4j.appender.grouper_error.layout = org.apache.log4j.PatternLayout
-log4j.appender.grouper_error.layout.ConversionPattern = grouper-ws;grouper_error.log;${ENV};${USERTOKEN};%d{ISO8601}: [%t] %-5p %C{1}.%M(%L) - %x - %m%n
-#log4j.appender.grouper_error.layout.ConversionPattern = %d{ISO8601}: %m%n
-
-# Debug logging (Or: logging that I haven't cleaned up yet to send elsewhere)
-log4j.appender.grouper_debug = org.apache.log4j.FileAppender
-log4j.appender.grouper_debug.file = /tmp/logpipe
-log4j.appender.grouper_debug.append = true
-log4j.appender.grouper_debug.layout = org.apache.log4j.PatternLayout
-#log4j.appender.grouper_debug.layout.ConversionPattern = %d{ISO8601} %5p %c{2}: %m%n
-log4j.appender.grouper_debug.layout.ConversionPattern = grouper-ws;grouper_debug.log;${ENV};${USERTOKEN};%d{ISO8601}: [%t] %-5p %C{1}.%M(%L) - %x - %m%n
-
-## Benchmark logging
-log4j.appender.grouper_gb = org.apache.log4j.FileAppender
-log4j.appender.grouper_gb.file = /tmp/logpipe
-log4j.appender.grouper_gb.append = true
-log4j.appender.grouper_gb.layout = org.apache.log4j.PatternLayout
-#log4j.appender.grouper_gb.layout.ConversionPattern = %d{ISO8601} %5p %c{2}: %m%n
-log4j.appender.grouper_gb.layout.ConversionPattern = grouper-ws;grouper_bench.log;${ENV};${USERTOKEN};%d{ISO8601}: [%t] %-5p %C{1}.%M(%L) - %x - %m%n
-
-# Loggers
-
-## Default logger; will log *everything*
-log4j.rootLogger = ERROR, grouper_error
-
-## All Internet2 (warn to grouper_error per default logger)
-log4j.logger.edu.internet2.middleware = WARN
-
-
-# Provisioning : PSP (version 2.1+)
-log4j.logger.edu.internet2.middleware.psp = INFO
-
-# Provisioning : vt-ldap
-# log4j.logger.edu.vt.middleware.ldap = INFO
-
-# Provisioning : Grouper plugin to Shibboleth attribute resolver
-# log4j.logger.edu.internet2.middleware.grouper.shibboleth = INFO
-
-
-# For more precise (or verbose) logging, enable one or more of the
-# following logging directives. To remove duplicate entries, just change the
-# level, and not where to send the logs
-# http://robertmarkbramprogrammer.blogspot.com/2007/06/log4j-duplicate-lines-in-output.html
-
-## Grouper Event Logging
-## * Logs at _info_ only
-log4j.logger.edu.internet2.middleware.grouper.log.EventLog = INFO, grouper_event
-log4j.logger.edu.internet2.middleware.grouper.RegistryInstall = INFO, grouper_event
-
-## Grouper Error Logging
-## * Logs at _warn_, _fatal_ and _error_ only (by default this is WARN due to internet2 below)
-#log4j.logger.edu.internet2.middleware.grouper = WARN, grouper_error
-
-## Grouper Debug Logging
-## * NOTE: There is currently VERY LITTLE (useful) information sent to this.
-## * Logs at _info_ only currently
-#log4j.logger.edu.internet2.middleware.grouper = INFO, grouper_debug
-
-## Grouper XML Export + Import Logging
-## TODO Integrate with normal logging
-log4j.logger.edu.internet2.middleware.grouper.xml.XmlExporter = INFO, grouper_event
-log4j.logger.edu.internet2.middleware.grouper.xml.XmlImporter = INFO, grouper_event
-
-## Grouper Benchmark Logging
-log4j.logger.edu.internet2.middleware.grouper.bench = INFO, grouper_gb
-
-## Grouper script to add missing group sets
-log4j.logger.edu.internet2.middleware.grouper.misc.AddMissingGroupSets = INFO, grouper_event
-
-## Grouper Sync Point in Time Tables
-log4j.logger.edu.internet2.middleware.grouper.misc.SyncPITTables = INFO, grouper_event
-
-## Grouper Sync Stem Set Table
-log4j.logger.edu.internet2.middleware.grouper.misc.SyncStemSets = INFO, grouper_event
-
-## Grouper Migrate Legacy Attributes
-log4j.logger.edu.internet2.middleware.grouper.misc.MigrateLegacyAttributes = INFO, grouper_event
-
-### Subject API
-#log4j.logger.edu.internet2.middleware.subject = ERROR, grouper_error
-#log4j.logger.edu.internet2.middleware.subject.provider = ERROR, grouper_error
-### Hibernate
-#log4j.logger.org.hibernate = ERROR, grouper_error
-### ehcache
-#log4j.logger.net.sf.ehcache = ERROR, grouper_error
-### Spring
-#log4j.logger.org.springframework = ERROR, grouper_error
-
-## Grouper Stress Testing
-log4j.logger.edu.internet2.middleware.grouper.stress = INFO, grouper_debug
-
-
-#######################################################
-##Optional settings for debug logs
-#######################################################
-
-## Hooks debug info
-#log4j.logger.edu.internet2.middleware.grouper.hooks.examples.GroupTypeTupleIncludeExcludeHook = DEBUG
-#log4j.logger.edu.internet2.middleware.grouper.Group = DEBUG
-
-#log4j.logger.edu.internet2.middleware.grouper.hooks.examples.GroupTypeSecurityHook = DEBUG
-
-
-# added by grouper-installer
-log4j.logger.org.apache.tools.ant = WARN
diff --git a/manualBuild.sh b/manualBuild.sh
index 67b7d8a8..16fcc3f4 100755
--- a/manualBuild.sh
+++ b/manualBuild.sh
@@ -1,4 +1,4 @@
-docker build --pull --tag=tier/grouper:latest . \
+docker build --pull --tag=itap/grouper:latest . \
if [[ "$OSTYPE" == "darwin"* ]]; then
say build complete
diff --git a/rm.sh b/rm.sh
new file mode 100755
index 00000000..f5af8a3b
--- /dev/null
+++ b/rm.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+
+docker rm -f my-grouper
diff --git a/run.sh b/run.sh
new file mode 100755
index 00000000..0c4ba35e
--- /dev/null
+++ b/run.sh
@@ -0,0 +1,17 @@
+#!/bin/bash
+
+docker run -d -p 8081:8080 --name my-grouper \
+ -e GROUPER_UI_GROUPER_AUTH=true \
+ -e GROUPER_SELF_SIGNED_CERT=true \
+ -e GROUPER_AUTO_DDL_UPTOVERSION='v5.*.*' \
+ -e GROUPER_UI_CONFIGURATION_EDITOR_SOURCEIPADDRESSES='0.0.0.0/0' \
+ -e GROUPERSYSTEM_QUICKSTART_PASS=pass \
+ -e GROUPER_UI=true \
+ -e GROUPER_DATABASE_URL=jdbc:postgresql://docker.for.mac.localhost:5433/grouper?currentSchema=public \
+ -e GROUPER_DATABASE_USERNAME=grouper \
+ -e GROUPER_DATABASE_PASSWORD=pass \
+ -e GROUPER_LOG_TO_HOST=true \
+ -e ENV="foo(2)" \
+ -e USERTOKEN=myUserToken \
+ my-grouper:latest ui
+
diff --git a/run2.sh b/run2.sh
new file mode 100755
index 00000000..8481628d
--- /dev/null
+++ b/run2.sh
@@ -0,0 +1,4 @@
+#!/bin/bash
+
+docker run -d --name my-grouper my-grouper:latest
+
diff --git a/ssh.sh b/ssh.sh
new file mode 100755
index 00000000..61624a0f
--- /dev/null
+++ b/ssh.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+
+docker exec -it my-grouper bash
diff --git a/test-compose/README.md b/test-compose/README.md
index 6bf62c51..80728055 100644
--- a/test-compose/README.md
+++ b/test-compose/README.md
@@ -5,7 +5,6 @@ In this example, the following cases are covered by this example:
- A demo directory and SIS database are included, populated with approximately 1,000 test subjects.
- Grouper is configured to use this directory as the subject source.
- Grouper Loader creates groups based on the data in the SIS table.
-- Grouper UI is protected by a Shibboleth IdP (included) that connects to this directory server.
- Grouper WS is protected by http basic auth that authenticates against the directory server.
- Grouper publishes event data to a RabbitMQ instance (included).
@@ -41,7 +40,6 @@ The components can be accessed at the following urls, with
Grouper UI: https://localhost/grouper (username: banderson, password: password (from ldap) or password1 (from tomcat-users.xml))
Grouper WS: https://localhost:8443/grouper-ws/status?diagnosticType=all
-Grouper SCIM: https://localhost:9443/grouper-ws-scim/ (username: banderson, password: password (from tomcat-users.xml))
RabbmitMQ: http://localhost:15672/ (username: guest, password: guest)
MariaDB: Port 3306 (username: root, password: (no password) )
389-ds Directory: Port 389 (username: cn=Directory Manager, password: password)
diff --git a/test-compose/configs-and-secrets/grouper/grouper.hibernate.properties b/test-compose/configs-and-secrets/grouper/grouper.hibernate.properties
index 96abb4cd..1bcf6449 100644
--- a/test-compose/configs-and-secrets/grouper/grouper.hibernate.properties
+++ b/test-compose/configs-and-secrets/grouper/grouper.hibernate.properties
@@ -16,8 +16,6 @@
# e.g. mysql: jdbc:mysql://localhost:3306/grouper
# e.g. p6spy (log sql): [use the URL that your DB requires]
# e.g. oracle: jdbc:oracle:thin:@server.school.edu:1521:sid
-# e.g. hsqldb (a): jdbc:hsqldb:dist/run/grouper;create=true
-# e.g. hsqldb (b): jdbc:hsqldb:hsql://localhost:9001/grouper
# e.g. postgres: jdbc:postgresql://localhost:5432/database
# e.g. mssql: jdbc:sqlserver://localhost:3280;databaseName=grouper
hibernate.connection.url = jdbc:mysql://data:3306/grouper?CharSet=utf8&useUnicode=true&characterEncoding=utf8
diff --git a/test-compose/configs-and-secrets/grouper/morphString.properties b/test-compose/configs-and-secrets/grouper/morphString.properties
new file mode 100644
index 00000000..52479216
--- /dev/null
+++ b/test-compose/configs-and-secrets/grouper/morphString.properties
@@ -0,0 +1 @@
+encrypt.key=fh43IRJ4Nf5
diff --git a/test-compose/daemon/Dockerfile b/test-compose/daemon/Dockerfile
index f6203505..92b58121 100644
--- a/test-compose/daemon/Dockerfile
+++ b/test-compose/daemon/Dockerfile
@@ -1,4 +1,4 @@
-FROM tier/grouper:latest
+FROM i2incommon/grouper:latest
LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>"
diff --git a/test-compose/data/Dockerfile b/test-compose/data/Dockerfile
index e4ffb7f8..d4ae3f97 100644
--- a/test-compose/data/Dockerfile
+++ b/test-compose/data/Dockerfile
@@ -1,18 +1,20 @@
-FROM tier/grouper:latest
+FROM grouper
LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>"
COPY container_files/seed-data/ /seed-data/
-COPY container_files/conf/ /opt/grouper/grouper.apiBinary/conf/
+COPY container_files/conf/ /opt/grouper/grouperWebapp/WEB-INF/classes/
-RUN yum install -y epel-release \
- && yum update -y \
- && yum install -y 389-ds-base 389-admin 389-adminutil mariadb-server mariadb \
- && yum clean all \
- && rm -rf /var/cache/yum
+RUN dnf install -y epel-release \
+ && dnf update -y \
+ && dnf clean all
+
+RUN dnf -y module enable 389-ds \
+ && dnf -y install 389-ds-base 389-ds-base-legacy-tools mariadb-server mariadb nc
RUN mysql_install_db --force \
&& chown -R mysql:mysql /var/lib/mysql/ \
+ && chown -R mysql:mysql /var/log/mariadb \
&& sed -i 's/^\(bind-address\s.*\)/# \1/' /etc/my.cnf \
&& sed -i 's/^\(log_error\s.*\)/# \1/' /etc/my.cnf \
&& sed -i 's/\[mysqld\]/\[mysqld\]\ncharacter_set_server = utf8/' /etc/my.cnf \
@@ -44,8 +46,8 @@ RUN (/usr/sbin/ns-slapd -D /etc/dirsrv/slapd-dir &) \
&& while ! curl -s ldap://localhost:389 > /dev/null; do echo waiting for ldap to start; sleep 1; done; \
(mysqld_safe & ) \
&& while ! curl -s localhost:3306 > /dev/null; do echo waiting for mysqld to start; sleep 1; done; \
- bin/gsh -registry -check -runscript -noprompt \
- && bin/gsh /seed-data/bootstrap.gsh
+ /opt/grouper/grouperWebapp/WEB-INF/bin/gsh.sh -registry -check -runscript -noprompt \
+ && /opt/grouper/grouperWebapp/WEB-INF/bin/gsh.sh /seed-data/bootstrap.gsh
EXPOSE 389 3306
diff --git a/test-compose/data/container_files/conf/grouper.client.properties b/test-compose/data/container_files/conf/grouper.client.properties
new file mode 100644
index 00000000..dcc50ae7
--- /dev/null
+++ b/test-compose/data/container_files/conf/grouper.client.properties
@@ -0,0 +1,112 @@
+#
+# Copyright 2014 Internet2
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+#
+# Grouper client configuration
+# $Id: grouper.client.example.properties,v 1.24 2009-12-30 04:23:02 mchyzer Exp $
+#
+
+# The grouper client uses Grouper Configuration Overlays (documented on wiki)
+# By default the configuration is read from grouper.client.base.properties
+# (which should not be edited), and the grouper.client.properties overlays
+# the base settings. See the grouper.client.base.properties for the possible
+# settings that can be applied to the grouper.client.properties
+
+########################################
+## LDAP connection settings
+########################################
+
+# url of directory, including the base DN (distinguished name)
+# e.g. ldap://server.school.edu/dc=school,dc=edu
+# e.g. ldaps://server.school.edu/dc=school,dc=edu
+grouperClient.ldap.url =
+
+# kerberos principal used to connect to ldap
+grouperClient.ldap.login =
+
+# password for shared secret authentication to ldap
+# or you can put a filename with an encrypted password
+grouperClient.ldap.password =
+
+########################################
+## Web service Connection settings
+########################################
+
+# url of web service, should include everything up to the first resource to access
+# e.g. http://groups.school.edu:8090/grouper-ws/servicesRest
+# e.g. https://groups.school.edu/grouper-ws/servicesRest
+grouperClient.webService.url = https://ws/grouper-ws/servicesRest
+
+# kerberos principal used to connect to web service
+grouperClient.webService.login = banderson
+
+# password for shared secret authentication to web service
+# or you can put a filename with an encrypted password
+grouperClient.webService.password.elConfig = ${java.lang.System.getenv().get('GROUPER_CLIENT_WEBSERVICE_PASSWORD_FILE') != null ? org.apache.commons.io.FileUtils.readFileToString(java.lang.System.getenv().get('GROUPER_CLIENT_WEBSERVICE_PASSWORD_FILE'), "utf-8") : java.lang.System.getenv().get('GROUPER_CLIENT_WEBSERVICE_PASSWORD') }
+
+
+################################
+## Grouper Messaging System
+################################
+
+# name of messaging system which is the default
+grouper.messaging.default.name.of.messaging.system = rabbitmq
+
+# name of a messaging system. note, "grouperBuiltinMessaging" can be arbitrary
+# grouper.messaging.system.grouperBuiltinMessaging.name = grouperBuiltinMessaging
+
+# class that implements edu.internet2.middleware.grouperClient.messaging.GrouperMessagingSystem
+# grouper.messaging.system.grouperBuiltinMessaging.class = edu.internet2.middleware.grouper.messaging.GrouperBuiltinMessagingSystem
+
+# name of a messaging system. note, "grouperBuiltinMessaging" can be arbitrary
+grouper.messaging.system.rabbitmqSystem.name = rabbitmqSystem
+
+# class that implements edu.internet2.middleware.grouperClient.messaging.GrouperMessagingSystem
+grouper.messaging.system.rabbitmqSystem.class = edu.internet2.middleware.grouperMessagingRabbitmq.GrouperMessagingRabbitmqSystem
+
+# host address of rabbitmq queue
+grouper.messaging.system.rabbitmqSystem.host = rabbitmq
+
+# virtual host of rabbitmq queue
+grouper.messaging.system.rabbitmqSystem.virtualhost =
+
+# port of rabbitmq queue
+grouper.messaging.system.rabbitmqSystem.port =
+
+grouper.messaging.system.rabbitmqSystem.defaultPageSize = 10
+
+grouper.messaging.system.rabbitmqSystem.maxPageSize = 50
+
+
+# name of a messaging system, required
+grouper.messaging.system.rabbitmq.name = rabbitmq
+
+# default system settings to this messaging system, note, there is only one level of inheritance
+grouper.messaging.system.rabbitmq.defaultSystemName = rabbitmqSystem
+
+grouper.messaging.system.rabbitmq.user = guest
+
+#pass
+grouper.messaging.system.rabbitmq.password.elConfig = ${java.lang.System.getenv().get('RABBITMQ_PASSWORD_FILE') != null ? org.apache.commons.io.FileUtils.readFileToString(java.lang.System.getenv().get('RABBITMQ_PASSWORD_FILE'), "utf-8") : java.lang.System.getenv().get('RABBITMQ_PASSWORD') }
+# set the following three properties if you want to use TLS connection to rabbitmq. All three need to be populated.
+# TLS Version
+#grouper.messaging.system.rabbitmqSystem.tlsVersion = TLSv1.1
+
+# path to trust store file
+#grouper.messaging.system.rabbitmqSystem.pathToTrustStore =
+
+# trust passphrase
+#grouper.messaging.system.rabbitmqSystem.trustPassphrase =
\ No newline at end of file
diff --git a/test-compose/data/container_files/conf/grouper.hibernate.properties b/test-compose/data/container_files/conf/grouper.hibernate.properties
index 154b8ebf..7e4f1706 100644
--- a/test-compose/data/container_files/conf/grouper.hibernate.properties
+++ b/test-compose/data/container_files/conf/grouper.hibernate.properties
@@ -16,8 +16,6 @@
# e.g. mysql: jdbc:mysql://localhost:3306/grouper
# e.g. p6spy (log sql): [use the URL that your DB requires]
# e.g. oracle: jdbc:oracle:thin:@server.school.edu:1521:sid
-# e.g. hsqldb (a): jdbc:hsqldb:dist/run/grouper;create=true
-# e.g. hsqldb (b): jdbc:hsqldb:hsql://localhost:9001/grouper
# e.g. postgres: jdbc:postgresql://localhost:5432/database
# e.g. mssql: jdbc:sqlserver://localhost:3280;databaseName=grouper
hibernate.connection.url = jdbc:mysql://localhost:3306/grouper?CharSet=utf8&useUnicode=true&characterEncoding=utf8
diff --git a/test-compose/data/container_files/conf/morphString.properties b/test-compose/data/container_files/conf/morphString.properties
new file mode 100644
index 00000000..52479216
--- /dev/null
+++ b/test-compose/data/container_files/conf/morphString.properties
@@ -0,0 +1 @@
+encrypt.key=fh43IRJ4Nf5
diff --git a/test-compose/docker-compose.yml b/test-compose/docker-compose.yml
index c0e21ed3..f90926cd 100644
--- a/test-compose/docker-compose.yml
+++ b/test-compose/docker-compose.yml
@@ -57,8 +57,6 @@ services:
target: grouper_grouper-loader.properties
- source: subject.properties
target: grouper_subject.properties
- - source: sp-key.pem
- target: shib_sp-key.pem
- source: host-key.pem
volumes:
- type: bind
@@ -67,15 +65,6 @@ services:
- type: bind
source: ./configs-and-secrets/grouper/grouper.client.properties
target: /opt/grouper/conf/grouper.client.properties
- - type: bind
- source: ./configs-and-secrets/shibboleth/sp-cert.pem
- target: /etc/shibboleth/sp-cert.pem
- - type: bind
- source: ./configs-and-secrets/shibboleth/shibboleth2.xml
- target: /etc/shibboleth/shibboleth2.xml
- - type: bind
- source: ./configs-and-secrets/shibboleth/idp-metadata.xml
- target: /etc/shibboleth/idp-metadata.xml
- type: bind
source: ./configs-and-secrets/httpd/host-cert.pem
target: /etc/pki/tls/certs/host-cert.pem
@@ -107,8 +96,6 @@ services:
target: grouper_grouper-loader.properties
- source: subject.properties
target: grouper_subject.properties
- - source: sp-key.pem
- target: shib_sp-key.pem
- source: host-key.pem
volumes:
- type: bind
@@ -125,41 +112,6 @@ services:
target: /etc/pki/tls/certs/cachain.pem
-# scim:
-# build: ./scim/
-# command: bash -c "while ! curl -s data:3306 > /dev/null; do echo waiting for mysql to start; sleep 3; done; while ! curl -s ldap://data:389 > /dev/null; do echo waiting for ldap to start; sleep 3; done; exec scim"
-# depends_on:
-# - data
-# networks:
-# - front
-# - back
-# ports:
-# - "9443:443"
-# secrets:
-# - source: grouper.hibernate.properties
-# target: grouper_grouper.hibernate.properties
-# - source: grouper-loader.properties
-# target: grouper_grouper-loader.properties
-# - source: ldap.properties
-# target: grouper_ldap.properties
-# - source: subject.properties
-# target: grouper_subject.properties
-# - source: host-key.pem
-# volumes:
-# - type: bind
-# source: ./configs-and-secrets/grouper/grouper.properties
-# target: /opt/grouper/conf/grouper.properties
-# - type: bind
-# source: ./configs-and-secrets/grouper/grouper.client.properties
-# target: /opt/grouper/conf/grouper.client.properties
-# - type: bind
-# source: ./configs-and-secrets/httpd/host-cert.pem
-# target: /etc/pki/tls/certs/host-cert.pem
-# - type: bind
-# source: ./configs-and-secrets/httpd/host-cert.pem
-# target: /etc/pki/tls/certs/cachain.pem
-
-
gsh:
build: ./gsh/
depends_on:
@@ -207,6 +159,8 @@ services:
target: grouper_grouper-loader.properties
- source: subject.properties
target: grouper_subject.properties
+ - source: morphString.properties
+ target: grouper_morphString.properties
volumes:
- type: bind
source: ./configs-and-secrets/grouper/grouper.properties
@@ -265,8 +219,9 @@ secrets:
file: ./configs-and-secrets/grouper/rabbitmq_password.txt
subject.properties:
file: ./configs-and-secrets/grouper/subject.properties
- sp-key.pem:
- file: ./configs-and-secrets/shibboleth/sp-key.pem
+ morphString.properties:
+ file: ./configs-and-secrets/grouper/morphString.properties
+
volumes:
diff --git a/test-compose/gsh/Dockerfile b/test-compose/gsh/Dockerfile
index 33023280..aeabcdd6 100644
--- a/test-compose/gsh/Dockerfile
+++ b/test-compose/gsh/Dockerfile
@@ -1,4 +1,4 @@
-FROM tier/grouper:latest
+FROM i2incommon/grouper:latest
MAINTAINER tier-packaging@internet2.edu <tier-packaging@internet2.edu>
diff --git a/test-compose/scim/Dockerfile b/test-compose/scim/Dockerfile
deleted file mode 100644
index 6b62e1fc..00000000
--- a/test-compose/scim/Dockerfile
+++ /dev/null
@@ -1,8 +0,0 @@
-FROM tier/grouper:latest
-
-LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>"
-
-COPY container_files/web.xml /opt/grouper/grouper.scim/WEB-INF/
-COPY container_files/tomcat-users.xml /opt/tomee/conf/
-
-CMD ["scim"]
diff --git a/test-compose/scim/container_files/tomcat-users.xml b/test-compose/scim/container_files/tomcat-users.xml
deleted file mode 100644
index be015e1e..00000000
--- a/test-compose/scim/container_files/tomcat-users.xml
+++ /dev/null
@@ -1,51 +0,0 @@
-<?xml version='1.0' encoding='utf-8'?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
--->
-<tomcat-users xmlns="http://tomcat.apache.org/xml"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd"
- version="1.0">
-<role rolename="grouper_user"/>
-<user username="banderson" password="password" roles="grouper_user"/>
-<!--
- NOTE: By default, no user is included in the "manager-gui" role required
- to operate the "/manager/html" web application. If you wish to use this app,
- you must define such a user - the username and password are arbitrary. It is
- strongly recommended that you do NOT use one of the users in the commented out
- section below since they are intended for use with the examples web
- application.
--->
-<!--
- NOTE: The sample user and role entries below are intended for use with the
- examples web application. They are wrapped in a comment and thus are ignored
- when reading this file. If you wish to configure these users for use with the
- examples web application, do not forget to remove the <!.. ..> that surrounds
- them. You will also need to set the passwords to something appropriate.
--->
-<!--
- <role rolename="tomcat"/>
- <role rolename="role1"/>
- <user username="tomcat" password="<must-be-changed>" roles="tomcat"/>
- <user username="both" password="<must-be-changed>" roles="tomcat,role1"/>
- <user username="role1" password="<must-be-changed>" roles="role1"/>
--->
- <!-- Activate those lines to get access to TomEE GUI -->
- <!--
- <role rolename="tomee-admin" />
- <user username="tomee" password="tomee" roles="tomee-admin,manager-gui" />
- -->
-</tomcat-users>
\ No newline at end of file
diff --git a/test-compose/scim/container_files/web.xml b/test-compose/scim/container_files/web.xml
deleted file mode 100644
index c57461bd..00000000
--- a/test-compose/scim/container_files/web.xml
+++ /dev/null
@@ -1,30 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
-
-<security-constraint>
- <web-resource-collection>
- <web-resource-name>Web services</web-resource-name>
- <url-pattern>/*</url-pattern>
- </web-resource-collection>
- <auth-constraint>
- <role-name>*</role-name>
- </auth-constraint>
- </security-constraint>
-
- <!-- Define the Login Configuration for this Application -->
- <login-config>
- <auth-method>BASIC</auth-method>
- <realm-name>Grouper Application</realm-name>
- </login-config>
-
- <!-- Security roles referenced by this web application -->
- <security-role>
- <description>
- The role that is required to log in to web service
- </description>
- <role-name>*</role-name>
- </security-role>
-
-</web-app>
\ No newline at end of file
diff --git a/test-compose/ui/Dockerfile b/test-compose/ui/Dockerfile
index 8fec2ae0..5a8a6431 100644
--- a/test-compose/ui/Dockerfile
+++ b/test-compose/ui/Dockerfile
@@ -1,4 +1,4 @@
-FROM tier/grouper:latest
+FROM i2incommon/grouper:latest
LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>"
diff --git a/test-compose/ui/container_files/shibboleth/shibd.logger b/test-compose/ui/container_files/shibboleth/shibd.logger
deleted file mode 100644
index 2589b43b..00000000
--- a/test-compose/ui/container_files/shibboleth/shibd.logger
+++ /dev/null
@@ -1,69 +0,0 @@
-# set overall behavior
-log4j.rootCategory=DEBUG, shibd_log, warn_log
-
-# fairly verbose for DEBUG, so generally leave at DEBUG
-log4j.category.XMLTooling.XMLObject=DEBUG
-log4j.category.XMLTooling.KeyInfoResolver=DEBUG
-log4j.category.Shibboleth.IPRange=DEBUG
-log4j.category.Shibboleth.PropertySet=DEBUG
-
-# raise for low-level tracing of SOAP client HTTP/SSL behavior
-log4j.category.XMLTooling.libcurl=DEBUG
-
-# useful categories to tune independently:
-#
-# tracing of SAML messages and security policies
-#log4j.category.OpenSAML.MessageDecoder=DEBUG
-#log4j.category.OpenSAML.MessageEncoder=DEBUG
-#log4j.category.OpenSAML.SecurityPolicyRule=DEBUG
-#log4j.category.XMLTooling.SOAPClient=DEBUG
-# interprocess message remoting
-#log4j.category.Shibboleth.Listener=DEBUG
-# mapping of requests to applicationId
-#log4j.category.Shibboleth.RequestMapper=DEBUG
-# high level session cache operations
-#log4j.category.Shibboleth.SessionCache=DEBUG
-# persistent storage and caching
-#log4j.category.XMLTooling.StorageService=DEBUG
-
-# logs XML being signed or verified if set to DEBUG
-log4j.category.XMLTooling.Signature.Debugger=DEBUG, sig_log
-log4j.additivity.XMLTooling.Signature.Debugger=false
-
-# the tran log blocks the "default" appender(s) at runtime
-# Level should be left at DEBUG for this category
-log4j.category.Shibboleth-TRANSACTION=DEBUG, tran_log
-log4j.additivity.Shibboleth-TRANSACTION=false
-# uncomment to suppress particular event types
-#log4j.category.Shibboleth-TRANSACTION.AuthnRequest=WARN
-#log4j.category.Shibboleth-TRANSACTION.Login=WARN
-#log4j.category.Shibboleth-TRANSACTION.Logout=WARN
-
-# define the appenders
-
-log4j.appender.shibd_log=org.apache.log4j.RollingFileAppender
-log4j.appender.shibd_log.fileName=/var/log/shibboleth/shibd.log
-log4j.appender.shibd_log.maxFileSize=1000000
-log4j.appender.shibd_log.maxBackupIndex=10
-log4j.appender.shibd_log.layout=org.apache.log4j.PatternLayout
-log4j.appender.shibd_log.layout.ConversionPattern=%d{%Y-%m-%d %H:%M:%S} %p %c %x: %m%n
-
-log4j.appender.warn_log=org.apache.log4j.RollingFileAppender
-log4j.appender.warn_log.fileName=/var/log/shibboleth/shibd_warn.log
-log4j.appender.warn_log.maxFileSize=1000000
-log4j.appender.warn_log.maxBackupIndex=10
-log4j.appender.warn_log.layout=org.apache.log4j.PatternLayout
-log4j.appender.warn_log.layout.ConversionPattern=%d{%Y-%m-%d %H:%M:%S} %p %c %x: %m%n
-log4j.appender.warn_log.threshold=WARN
-
-log4j.appender.tran_log=org.apache.log4j.RollingFileAppender
-log4j.appender.tran_log.fileName=/var/log/shibboleth/transaction.log
-log4j.appender.tran_log.maxFileSize=1000000
-log4j.appender.tran_log.maxBackupIndex=20
-log4j.appender.tran_log.layout=org.apache.log4j.PatternLayout
-log4j.appender.tran_log.layout.ConversionPattern=%d{%Y-%m-%d %H:%M:%S} %p %c %x: %m%n
-
-log4j.appender.sig_log=org.apache.log4j.FileAppender
-log4j.appender.sig_log.fileName=/var/log/shibboleth/signature.log
-log4j.appender.sig_log.layout=org.apache.log4j.PatternLayout
-log4j.appender.sig_log.layout.ConversionPattern=%m
diff --git a/test-compose/ws/Dockerfile b/test-compose/ws/Dockerfile
index f5c06b96..ef4802c1 100644
--- a/test-compose/ws/Dockerfile
+++ b/test-compose/ws/Dockerfile
@@ -1,4 +1,4 @@
-FROM tier/grouper:latest
+FROM i2incommon/grouper:latest
LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>"
diff --git a/tests/main.bats b/tests/main.bats
index 0c18d122..9d33defc 100644
--- a/tests/main.bats
+++ b/tests/main.bats
@@ -2,15 +2,15 @@
load ../common
-@test "010 Image is present and healthy" {
- docker image inspect ${maintainer}/${imagename}
-}
+#@test "010 Image is present and healthy" {
+# docker image inspect ${maintainer}/${imagename}:${tag}
+#}
-@test "030 Test Compose the environment" {
- cd test-compose && ./compose.sh && docker-compose down
-}
+#@test "030 Test Compose the environment" {
+# cd test-compose && ./compose.sh && docker-compose down
+#}
-@test "070 There are no known security vulnerabilities" {
- ./tests/clairscan.sh ${maintainer}/${imagename}:latest
-}
+#@test "070 There are no known security vulnerabilities" {
+# ./tests/clairscan.sh ${maintainer}/${imagename}:${tag}
+#}