Skip to content
Permalink
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

grouper_noVM/test-compose/daemon/conf/psp.xml

Go to file
@chubing
chubing Grouper container layout based on Unicon work.
Latest commit 9595abe Sep 18, 2017 History
1 contributor

Users who have contributed to this file

171 lines (125 sloc) 5.69 KB
Raw Blame
<?xml version="1.0" encoding="utf-8"?>
<!-- Provisioning Service Provider (PSP) configuration. -->
<!-- A <pso /> is a Provisioning Service Object. The authoritative and allSourceIdentifiersRef attributes control the provisioning
of all source and target objects. If authoritative is "true", orphan objects will be deleted. Orphan objects exist on a target
without a corresponding source object. The allSourceIdentifiersRef attribute refers to an attribute resolver definition whose
values are all source identifiers applicable to this provisioned object. -->
<!-- <pso id="entityName" authoritative="[true|false]" allSourceIdentifiersRef="attributeDefinitionID" /> -->
<!-- The pso identifier refers to an attribute resolver definition. The targetId must match the id of a provisioning service
target in psp-services.xml. The containerId is the string id of the pso identifier containing these objects. -->
<!-- <identifier ref="attributeDefinitionID" targetId="targetId" containerId="containerId"/> -->
<!-- The identifying attribute has two purposes : (1) to determine the schema entity of target objects returned from a lookup
or search request and (2) to be converted to a query to search a target for all identifiers. If the identifying attribute
is not present, the pso will be ignored during bulk requests. -->
<!-- <identifyingAttribute name="attributeName" value="attributeValue" /> -->
<!-- The alternate identifier refers to an attribute resolver definition, and is the previous (old) identifier of an object
after it has been renamed. -->
<!-- <alternateIdentifier ref="attributeDefinitionID" /> -->
<!-- A provisioned attribute refers to an attribute resolver definition. -->
<!-- <attribute name="attributeName" ref="attributeDefinitionID" /> -->
<!-- References to the identifiers of other objects. -->
<!-- <references name="attributeName"> <reference ... /> </references> -->
<!-- A reference to the identifier of an object refers to an attribute resolver definition. -->
<!-- <reference ref="attributeDefinitionID" toObject="psoId" /> -->
<psp
xmlns="http://grouper.internet2.edu/psp"
xmlns:psp="http://grouper.internet2.edu/psp"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://grouper.internet2.edu/psp classpath:/schema/psp.xsd">
<!-- Provision a grouper stem as an ldap organizational unit. -->
<pso
id="stem"
authoritative="true"
allSourceIdentifiersRef="stemNames">
<!-- The ldap organizational unit DN. -->
<identifier
ref="stemDn"
targetId="ldap"
containerId="${edu.internet2.middleware.psp.groupsBaseDn}" />
<!-- Identifies stem objects which exist on the target by objectclass attribute value. -->
<identifyingAttribute
name="objectclass"
value="organizationalUnit" />
<!-- The "old" ldap organizational unit DN calculated from stem update change log events. -->
<alternateIdentifier ref="stemDnAlternateChangeLog" />
<!-- The ldap organizational unit "objectClass" attribute. -->
<attribute
name="objectClass"
ref="stemObjectclass" />
<!-- The ldap organizational unit "ou" attribute. -->
<attribute
name="ou"
ref="stemOu" />
<!-- The ldap organizational unit "description" attribute. -->
<attribute
name="description"
ref="stemDescription" />
</pso>
<!-- Provision a grouper group as an ldap group. -->
<pso
id="group"
authoritative="true"
allSourceIdentifiersRef="groupNames">
<!-- The ldap group DN. -->
<identifier
ref="groupDn"
targetId="ldap"
containerId="${edu.internet2.middleware.psp.groupsBaseDn}" />
<!-- Identifies ldap group objects which exist on the target by objectClass attribute value. -->
<identifyingAttribute
name="objectClass"
value="${edu.internet2.middleware.psp.groupObjectClass}" />
<!-- The "old" ldap group DN if a group has been renamed. -->
<alternateIdentifier ref="groupDnAlternate" />
<!-- The "old" ldap group DN calculated from group update change log events. -->
<alternateIdentifier ref="groupDnAlternateChangeLog" />
<!-- The ldap group "objectClass" attribute. -->
<attribute
name="objectClass"
ref="groupObjectclass" />
<!-- The ldap group "cn" attribute. -->
<attribute name="cn" />
<!-- The ldap group "description" attribute. -->
<attribute
name="description"
ref="groupDescription" />
<!-- The ldap group "member" attribute. -->
<references name="member">
<reference
ref="membersLdap"
toObject="member" />
<reference
ref="membersGsa"
toObject="group" />
</references>
</pso>
<!-- Do not provision grouper members, but enable lookup. -->
<pso id="member">
<!-- The ldap member DN. -->
<identifier
ref="memberDn"
targetId="ldap"
containerId="${edu.internet2.middleware.psp.peopleBaseDn}" />
<!-- Identifies member objects which exist on the target by objectclass attribute value. -->
<identifyingAttribute
name="objectclass"
value="person" />
</pso>
<!-- Provision a group membership triggered by the grouper change log. -->
<pso id="groupMembership">
<!-- The ldap group DN calculated from membership change log events. -->
<identifier
ref="changeLogMembershipGroupDn"
targetId="ldap"
containerId="${edu.internet2.middleware.psp.groupsBaseDn}" />
<!-- The ldap group "member" attribute. -->
<references name="member">
<reference
ref="changeLogMembershipLdapSubjectId"
toObject="member" />
<reference
ref="changeLogMembershipGroupSubjectName"
toObject="group" />
</references>
</pso>
</psp>