#subject.sources.xml.location =

subjectApi.source.ldap.param.ldapServerId.value = demo


subjectApi.source.ldap.id = ldap
subjectApi.source.ldap.name = EDU Ldap 
subjectApi.source.ldap.types = person
subjectApi.source.ldap.adapterClass = edu.internet2.middleware.grouper.subj.GrouperJndiSourceAdapter

## replaced with new LDAPTIVE lib
#subjectApi.source.ldap.param.INITIAL_CONTEXT_FACTORY.value = com.sun.jndi.ldap.LdapCtxFactory
#subjectApi.source.ldap.param.PROVIDER_URL.value = ldap://data:389
#subjectApi.source.ldap.param.SECURITY_AUTHENTICATION.value = simple
#subjectApi.source.ldap.param.SECURITY_PRINCIPAL.value = cn=admin,dc=internet2,dc=edu
#subjectApi.source.ldap.param.SECURITY_CREDENTIALS.value.elConfig = ${java.lang.System.getenv().get('SUBJECT_SOURCE_LDAP_PASSWORD_FILE') != null ? org.apache.commons.io.FileUtils.readFileToString(java.lang.System.getenv().get('SUBJECT_SOURCE_LDAP_PASSWORD_FILE'), "utf-8") : java.lang.System.getenv().get('SUBJECT_SOURCE_LDAP_PASSWORD')}
#subjectApi.source.ldap.param.VTLDAP_VALIDATOR.value = ConnectLdapValidator

subjectApi.source.ldap.param.SubjectID_AttributeType.value = uid
subjectApi.source.ldap.param.SubjectID_formatToLowerCase.value = false
subjectApi.source.ldap.param.Name_AttributeType.value = cn
subjectApi.source.ldap.param.Description_AttributeType.value = cn
subjectApi.source.ldap.param.subjectVirtualAttribute_0_searchAttribute0.value = ${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('uid'), "")},${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('cn'), "")},${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('exampleEduRegId'), "")}
subjectApi.source.ldap.param.sortAttribute0.value = cn
subjectApi.source.ldap.param.searchAttribute0.value = searchAttribute0

# STATUS SECTION for searches to filter out inactives and allow
# the user to filter by status with e.g. status=all
# this is optional, and advanced
#
# field in database or ldap or endpoint that is the status field
#subjectApi.source.example.param.statusDatastoreFieldName.value = status

# search string from user which represents the status.  e.g. status=active
#subjectApi.source.example.param.statusLabel.value = status

# available statuses from screen (if not specified, any will be allowed). comma separated list.
# Note, this is optional and you probably dont want to configure it, it is mostly necessary
# when you have multiple sources with statuses...  if someone types an invalid status
# and you have this configured, it will not filter by it
#subjectApi.source.example.param.statusesFromUser.value = Active, Inactive, Pending, All

# all label from the user
#subjectApi.source.example.param.statusAllFromUser.value = All

# if no status is specified, this will be used (e.g. for active only).  Note, the value should be of the
# form the user would type in
#subjectApi.source.example.param.statusSearchDefault.value = status=active

# translate between screen values of status, and the data store value.  Increment the 0 to 1, 2, etc for more translations.
# so the user could enter: status=active, and that could translate to status_col=A.  The 'user' is what the user types in,
# the 'datastore' is what is in the datastore.  The user part is not case-sensitive.  Note, this could be a many to one
#subjectApi.source.example.param.statusTranslateUser0.value = active
#subjectApi.source.example.param.statusTranslateDatastore0.value = A

# subject identifier to store in grouper's member table.  this is used to increase speed of loader and perhaps for provisioning
# you can have up to max 1 subject identifier
#subjectApi.source.example.param.subjectIdentifierAttribute0.value = uid

#searchSubject: find a subject by ID.  ID is generally an opaque and permanent identifier, e.g. 12345678.
#  Each subject has one and only on ID.  Returns one result when searching for one ID.
subjectApi.source.ldap.search.searchSubject.param.filter.value = (&(uid=%TERM%)(objectclass=person))
subjectApi.source.ldap.search.searchSubject.param.scope.value = SUBTREE_SCOPE
subjectApi.source.ldap.search.searchSubject.param.base.value = ou=people

#searchSubjectByIdentifier: find a subject by identifier.  Identifier is anything that uniquely
#  identifies the user, e.g. jsmith or jsmith@institution.edu.
#  Subjects can have multiple identifiers.  Note: it is nice to have if identifiers are unique
#  even across sources.  Returns one result when searching for one identifier.
subjectApi.source.ldap.search.searchSubjectByIdentifier.param.filter.value = (&(|(uid=%TERM%)(employeeNumber=%TERM%))(objectclass=person))
subjectApi.source.ldap.search.searchSubjectByIdentifier.param.scope.value = SUBTREE_SCOPE
subjectApi.source.ldap.search.searchSubjectByIdentifier.param.base.value = ou=people

#   search: find subjects by free form search.  Returns multiple results.

subjectApi.source.ldap.search.search.param.filter.value = (&(|(|(uid=%TERM%)(cn=*%TERM%*))(uid=%TERM%*))(objectclass=person))
subjectApi.source.ldap.search.search.param.scope.value = SUBTREE_SCOPE
subjectApi.source.ldap.search.search.param.base.value = ou=people

subjectApi.source.ldap.attributes = givenName, sn, uid, mail, employeeNumber
subjectApi.source.ldap.internalAttributes = searchAttribute0