2.4 fix

docker · Sep 15, 2018 · 52a76e7 · 52a76e7
1 parent 4885fb4
commit 52a76e7
Show file tree

Hide file tree

Showing 8 changed files with 20 additions and 220 deletions.
diff --git a/base/Dockerfile b/base/Dockerfile
@@ -1,6 +1,6 @@
 FROM unicon/shibboleth-idp:3.3.3 as idp 
 
-FROM tier/grouper:latest
+FROM tier/grouper:2.4.0-a0-u0-w0-p0-test
 
 LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>" \
       Vendor="TIER" \
@@ -72,7 +72,7 @@ COPY container_files/tomcat/ /opt/tomcat/
 COPY container_files/tier-support/* /opt/tier-support/
 COPY container_files/tls/host-key.pem  /etc/pki/tls/private/
 COPY container_files/tls/* /etc/pki/tls/certs/
-COPY container_files/ui/* /opt/grouper/grouper.ui/WEB-INF/
+#COPY container_files/ui/* /opt/grouper/grouper.ui/WEB-INF/
 COPY container_files/usr-local-bin/* /usr/local/bin/
 COPY container_files/var-www-html/ /var/www/html/
 

diff --git a/base/container_files/ui/web.xml b/base/container_files/ui/web.xml
diff --git a/ex401/ex401.1.1/container_files/subject.properties b/ex401/ex401.1.1/container_files/subject.properties
@@ -11,11 +11,13 @@ subjectApi.source.ldap.param.VTLDAP_VALIDATOR.value = ConnectLdapValidator
 
 subjectApi.source.ldap.param.SubjectID_AttributeType.value = uid
 subjectApi.source.ldap.param.SubjectID_formatToLowerCase.value = false
-subjectApi.source.ldap.param.Name_AttributeType.value = cn
-subjectApi.source.ldap.param.Description_AttributeType.value = cn
+subjectApi.source.ldap.param.Name_AttributeType.value = displayName
+subjectApi.source.ldap.param.Description_AttributeType.value = displayName
 subjectApi.source.ldap.param.subjectVirtualAttribute_0_searchAttribute0.value = ${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('uid'), "")},${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('cn'), "")},${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('exampleEduRegId'), "")}
 subjectApi.source.ldap.param.sortAttribute0.value = cn
 subjectApi.source.ldap.param.searchAttribute0.value = searchAttribute0
+subjectApi.source.ldap.param.subjectVirtualAttribute_0_searchAttribute0.value = ${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('uid'), "")},${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('cn'), "")},${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('employeeNumber'), "")}
+subjectApi.source.ldap.param.subjectVirtualAttribute_1_displayName.value = ${subject.getAttributeValueOrCommaSeparated('cn') + ' (' + subject.getAttributeValueOrCommaSeparated('title') + ')'}
 
 # STATUS SECTION for searches to filter out inactives and allow
 # the user to filter by status with e.g. status=all

diff --git a/ex401/ex401.1.2/container_files/seed-data/bootstrap.gsh b/ex401/ex401.1.2/container_files/seed-data/bootstrap.gsh
@@ -10,7 +10,7 @@ attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperL
 attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapTypeName(), "LDAP_SIMPLE");
 attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapServerIdName(), "demo");
 attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapFilterName(), "(cn=vpn_users)");
-attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSearchDnName(), "ou=groups,dc=internet2,dc=edu");
+attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSearchDnName(), "ou=groups");
 attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSubjectAttributeName(), "member");
 attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSubjectIdTypeName(), "subjectId");
 attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSubjectExpressionName(), "\${loaderLdapElUtils.convertDnToSpecificValue(subjectId)}");

diff --git a/ex401/ex401.1.4/container_files/grouper-loader.properties b/ex401/ex401.1.4/container_files/grouper-loader.properties
@@ -79,11 +79,11 @@ changeLog.consumer.pspng_groupOfNames.ldapPoolName = demo
 changeLog.consumer.pspng_groupOfNames.supportsEmptyGroups = false
 changeLog.consumer.pspng_groupOfNames.memberAttributeName = member
 changeLog.consumer.pspng_groupOfNames.memberAttributeValueFormat = ${ldapUser.getDn()}
-changeLog.consumer.pspng_groupOfNames.groupSearchBaseDn = ou=groups,dc=internet2,dc=edu
+changeLog.consumer.pspng_groupOfNames.groupSearchBaseDn = ou=groups
 changeLog.consumer.pspng_groupOfNames.allGroupsSearchFilter = objectclass=groupOfNames
 changeLog.consumer.pspng_groupOfNames.singleGroupSearchFilter = (&(objectclass=groupOfNames)(cn=${group.name}))
 changeLog.consumer.pspng_groupOfNames.groupSearchAttributes = cn,objectclass
 changeLog.consumer.pspng_groupOfNames.groupCreationLdifTemplate = dn: cn=${group.name}||cn: ${group.name}||objectclass: groupOfNames
-changeLog.consumer.pspng_groupOfNames.userSearchBaseDn = ou=people,dc=internet2,dc=edu
+changeLog.consumer.pspng_groupOfNames.userSearchBaseDn = ou=people
 changeLog.consumer.pspng_groupOfNames.userSearchFilter = uid=${subject.id}
 changeLog.consumer.pspng_groupOfNames.grouperIsAuthoritative = true
diff --git a/ex401/ex401.2.3/container_files/grouper-loader.properties b/ex401/ex401.2.3/container_files/grouper-loader.properties
@@ -79,12 +79,12 @@ changeLog.consumer.pspng_groupOfNames.ldapPoolName = demo
 changeLog.consumer.pspng_groupOfNames.supportsEmptyGroups = false
 changeLog.consumer.pspng_groupOfNames.memberAttributeName = member
 changeLog.consumer.pspng_groupOfNames.memberAttributeValueFormat = ${ldapUser.getDn()}
-changeLog.consumer.pspng_groupOfNames.groupSearchBaseDn = ou=groups,dc=internet2,dc=edu
+changeLog.consumer.pspng_groupOfNames.groupSearchBaseDn = ou=groups
 changeLog.consumer.pspng_groupOfNames.allGroupsSearchFilter = objectclass=groupOfNames
 changeLog.consumer.pspng_groupOfNames.singleGroupSearchFilter = (&(objectclass=groupOfNames)(cn=${group.name}))
 changeLog.consumer.pspng_groupOfNames.groupSearchAttributes = cn,objectclass
 changeLog.consumer.pspng_groupOfNames.groupCreationLdifTemplate = dn: cn=${group.name}||cn: ${group.name}||objectclass: groupOfNames
-changeLog.consumer.pspng_groupOfNames.userSearchBaseDn = ou=people,dc=internet2,dc=edu
+changeLog.consumer.pspng_groupOfNames.userSearchBaseDn = ou=people
 changeLog.consumer.pspng_groupOfNames.userSearchFilter = uid=${subject.id}
 changeLog.consumer.pspng_groupOfNames.grouperIsAuthoritative = true
 
@@ -95,6 +95,6 @@ changeLog.consumer.pspng_entitlements.quartzCron = 0 * * * * ?
 changeLog.consumer.pspng_entitlements.ldapPoolName = demo
 changeLog.consumer.pspng_entitlements.provisionedAttributeName = eduPersonEntitlement
 changeLog.consumer.pspng_entitlements.provisionedAttributeValueFormat = urn:mace:example.edu:${group.extension}
-changeLog.consumer.pspng_entitlements.userSearchBaseDn = ou=people,dc=internet2,dc=edu
+changeLog.consumer.pspng_entitlements.userSearchBaseDn = ou=people
 changeLog.consumer.pspng_entitlements.userSearchFilter = uid=${subject.id}
 changeLog.consumer.pspng_entitlements.allProvisionedValuesPrefix=urn:mace:example.edu:
diff --git a/ex401/ex401.2.9/container_files/seed-data/bootstrap.gsh b/ex401/ex401.2.9/container_files/seed-data/bootstrap.gsh
@@ -1,6 +1,7 @@
 gs = GrouperSession.startRootSession();
 
-addGroup("basis", "bypass", "bypass");
-addComposite("app:mfa:ref:mfa_opt_in_access", CompositeType.COMPLEMENT, "basis:bypass", "ref:opt-in");
-addGroup("ref", "bypass-not-opt-in", "bypass-not-opt-in");
-addMember("app:mfa:mfa_enabled_deny", "ref:bypass-not-opt-in");
+addStem("app:mfa", "basis", "basis");
+addGroup("app:mfa:basis", "bypass", "bypass");
+addComposite("app:mfa:ref:mfa_opt_in_access", CompositeType.COMPLEMENT, "app:mfa:basis:bypass", "app:mfa:ref:opt-in");
+addGroup("app:mfa:ref", "bypass-not-opt-in", "bypass-not-opt-in");
+addMember("app:mfa:mfa_enabled_deny", "app:mfa:ref:bypass-not-opt-in");
diff --git a/full-demo/container_files/grouper-loader.properties b/full-demo/container_files/grouper-loader.properties
@@ -80,12 +80,12 @@ changeLog.consumer.pspng_groupOfUniqueNames.supportsEmptyGroups = false
 changeLog.consumer.pspng_groupOfUniqueNames.memberAttributeName = uniqueMember
 # changeLog.consumer.pspng_groupOfUniqueNames.memberAttributeValueFormat = ${ldapUser.getStringValue("uid")}
 changeLog.consumer.pspng_groupOfUniqueNames.memberAttributeValueFormat = ${ldapUser.getDn()}
-changeLog.consumer.pspng_groupOfUniqueNames.groupSearchBaseDn = ou=groups,dc=internet2,dc=edu
+changeLog.consumer.pspng_groupOfUniqueNames.groupSearchBaseDn = ou=groups
 changeLog.consumer.pspng_groupOfUniqueNames.allGroupsSearchFilter = objectclass=groupOfUniqueNames
 changeLog.consumer.pspng_groupOfUniqueNames.singleGroupSearchFilter = (&(objectclass=groupOfUniqueNames)(cn=${group.name}))
 changeLog.consumer.pspng_groupOfUniqueNames.groupSearchAttributes = cn,objectclass
 changeLog.consumer.pspng_groupOfUniqueNames.groupCreationLdifTemplate = dn: cn=${group.name}||cn: ${group.name}||objectclass: groupOfUniqueNames
-changeLog.consumer.pspng_groupOfUniqueNames.userSearchBaseDn = ou=people,dc=internet2,dc=edu
+changeLog.consumer.pspng_groupOfUniqueNames.userSearchBaseDn = ou=people
 changeLog.consumer.pspng_groupOfUniqueNames.userSearchFilter = uid=${subject.id}
 changeLog.consumer.pspng_groupOfUniqueNames.grouperIsAuthoritative = true
 changeLog.consumer.pspng_groupOfUniqueNames.provisionedAttributeName = eduPersonEntitlement
@@ -98,6 +98,6 @@ changeLog.consumer.pspng_entitlements.quartzCron = 0 * * * * ?
 changeLog.consumer.pspng_entitlements.ldapPoolName = demo
 changeLog.consumer.pspng_entitlements.provisionedAttributeName = eduPersonEntitlement
 changeLog.consumer.pspng_entitlements.provisionedAttributeValueFormat = urn:mace:example.edu:${group.extension}
-changeLog.consumer.pspng_entitlements.userSearchBaseDn = ou=people,dc=internet2,dc=edu
+changeLog.consumer.pspng_entitlements.userSearchBaseDn = ou=people
 changeLog.consumer.pspng_entitlements.userSearchFilter = uid=${subject.id}
 changeLog.consumer.pspng_entitlements.allProvisionedValuesPrefix=urn:mace:example.edu: