From 52a76e704fed4717272eb0e164a6f9713dca4c75 Mon Sep 17 00:00:00 2001
From: John Gasper <jtgasper3@gmail.com>
Date: Fri, 14 Sep 2018 20:02:43 -0700
Subject: [PATCH] 2.4 fix

---
 base/Dockerfile                               |   4 +-
 base/container_files/ui/web.xml               | 203 ------------------
 .../container_files/subject.properties        |   6 +-
 .../container_files/seed-data/bootstrap.gsh   |   2 +-
 .../container_files/grouper-loader.properties |   4 +-
 .../container_files/grouper-loader.properties |   6 +-
 .../container_files/seed-data/bootstrap.gsh   |   9 +-
 .../container_files/grouper-loader.properties |   6 +-
 8 files changed, 20 insertions(+), 220 deletions(-)
 delete mode 100644 base/container_files/ui/web.xml

diff --git a/base/Dockerfile b/base/Dockerfile
index e861680..ec5274b 100644
--- a/base/Dockerfile
+++ b/base/Dockerfile
@@ -1,6 +1,6 @@
 FROM unicon/shibboleth-idp:3.3.3 as idp 
 
-FROM tier/grouper:latest
+FROM tier/grouper:2.4.0-a0-u0-w0-p0-test
 
 LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>" \
       Vendor="TIER" \
@@ -72,7 +72,7 @@ COPY container_files/tomcat/ /opt/tomcat/
 COPY container_files/tier-support/* /opt/tier-support/
 COPY container_files/tls/host-key.pem  /etc/pki/tls/private/
 COPY container_files/tls/* /etc/pki/tls/certs/
-COPY container_files/ui/* /opt/grouper/grouper.ui/WEB-INF/
+#COPY container_files/ui/* /opt/grouper/grouper.ui/WEB-INF/
 COPY container_files/usr-local-bin/* /usr/local/bin/
 COPY container_files/var-www-html/ /var/www/html/
 
diff --git a/base/container_files/ui/web.xml b/base/container_files/ui/web.xml
deleted file mode 100644
index 92d4125..0000000
--- a/base/container_files/ui/web.xml
+++ /dev/null
@@ -1,203 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:j2ee="http://java.sun.com/xml/ns/j2ee" version="2.4" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.s
-un.com/xml/ns/j2ee/web-app_2_4.xsd">
-<!--DO NOT EDIT THIS FILE. IT WILL BE OVERWRITTEN. CHANGE YOUR FILE specified by the build.properties value [additional.web.xml]. The contents of that file are merged into ${grouper-ui}/w
-ebapp/WEB-INF/web.core.xml-->
-<!--In webapp-->
-<!--Processing context-param-->
-<!--Processing filter-->
-<!--Inserting tag from merge file-->
-<filter>
-    <filter-name>GrouperUi</filter-name>
-    <filter-class>edu.internet2.middleware.grouper.ui.GrouperUiFilter</filter-class>
-</filter>
-<!--Inserting tag from merge file-->
-<filter>
-  	<filter-name>Error Catcher</filter-name>
-  	<filter-class>edu.internet2.middleware.grouper.ui.ErrorFilter</filter-class>
-  </filter>
-<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
-<filter>
-  	<filter-name>Login check</filter-name>
-  	<filter-class>edu.internet2.middleware.grouper.ui.LoginCheckFilter</filter-class>
-  	<init-param>    
-  		<param-name>failureUrl</param-name>    
-  		<param-value>/index.jsp</param-value>  
-  	</init-param>
-	 	<init-param>    
-  	<param-name>ignore</param-name>    
-  		<param-value>:/populateIndex.do:/callLogin.do:/error.do:/logout.do:/status:</param-value>  
-  	</init-param>
-  	<init-param>    
-  		<param-name>grouperRole</param-name>    
-  		<param-value>*</param-value>  
-  	</init-param>
-  </filter>
-<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
-<filter>
-  	<filter-name>Caller page</filter-name>
-  	<filter-class>edu.internet2.middleware.grouper.ui.CallerPageFilter</filter-class>
-    </filter>
-<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
-<filter>
-    <filter-name>CSRFGuard</filter-name>
-    <filter-class>org.owasp.csrfguard.CsrfGuardFilter</filter-class>
-  </filter>
-<!--Processing filter-mapping-->
-<!--Inserting tag from merge file-->
-<filter-mapping>
-    <filter-name>GrouperUi</filter-name>
-    <url-pattern>*.do</url-pattern>
-  </filter-mapping>
-<!--Inserting tag from merge file-->
-<filter-mapping>
-    <filter-name>GrouperUi</filter-name>
-    <url-pattern>*.jsp</url-pattern>
-  </filter-mapping>
-<!--Inserting tag from merge file-->
-<filter-mapping>
-  	<filter-name>Error Catcher</filter-name>
-  	<url-pattern>*.do</url-pattern>
-  </filter-mapping>
-<!--Inserting tag from merge file-->
-<filter-mapping>
-  	<filter-name>Error Catcher</filter-name>
-  	<url-pattern>/gotoCallerPage</url-pattern>
-  </filter-mapping>
-<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
-<filter-mapping>
-    <filter-name>GrouperUi</filter-name>
-    <url-pattern>/grouperUi/app/*</url-pattern>
-  </filter-mapping>
-<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
-<filter-mapping>
-    <filter-name>GrouperUi</filter-name>
-    <url-pattern>/grouperUi/appHtml/*</url-pattern>
-  </filter-mapping>
-<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
-<filter-mapping>
-    <filter-name>GrouperUi</filter-name>
-    <url-pattern>/grouperExternal/app/*</url-pattern>
-  </filter-mapping>
-<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
-<filter-mapping>
-    <filter-name>GrouperUi</filter-name>
-    <url-pattern>/grouperExternal/appHtml/*</url-pattern>
-  </filter-mapping>
-<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
-<filter-mapping>
-    <filter-name>GrouperUi</filter-name>
-    <url-pattern>/grouperExternal/public/UiV2Public.index</url-pattern>
-  </filter-mapping>
-<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
-<filter-mapping>
-    <filter-name>GrouperUi</filter-name>
-    <url-pattern>/grouperExternal/public/UiV2Public.postIndex</url-pattern>
-  </filter-mapping>
-<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
-<filter-mapping>
-  	<filter-name>Caller page</filter-name>
-  	<url-pattern>/gotoCallerPage</url-pattern>
-  </filter-mapping>
-<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
-<filter-mapping>
-  	<filter-name>Login check</filter-name>
-  	<url-pattern>*.do</url-pattern>
-  </filter-mapping>
-<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
-<filter-mapping>
-    <filter-name>CSRFGuard</filter-name>
-    <url-pattern>/*</url-pattern>
-  </filter-mapping>
-<!--Processing listener-->
-<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
-<listener>
-  	<listener-class>edu.internet2.middleware.grouper.ui.GrouperSessionAttributeListener</listener-class>
-</listener>
-<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
-<listener>
-    <listener-class>org.owasp.csrfguard.CsrfGuardServletContextListener</listener-class>
-  </listener>
-<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
-<listener>
-    <listener-class>org.owasp.csrfguard.CsrfGuardHttpSessionListener</listener-class>
-  </listener>
-<!--Processing servlet-->
-<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
-<servlet>
-    <servlet-name>StatusServlet</servlet-name>
-    <display-name>Status Servlet</display-name>
-    <servlet-class>edu.internet2.middleware.grouper.j2ee.status.GrouperStatusServlet</servlet-class>
-    <load-on-startup>1</load-on-startup>
-  </servlet>
-<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
-<servlet>
-  <!-- Map the filter to a Servlet or URL -->
-
-    <servlet-name>UiServlet</servlet-name>
-    <servlet-class>edu.internet2.middleware.grouper.j2ee.GrouperUiRestServlet</servlet-class>
-    <load-on-startup>1</load-on-startup>
-  </servlet>
-<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
-<servlet>
-     <servlet-name>OwaspJavaScriptServlet</servlet-name>
-     <servlet-class>org.owasp.csrfguard.servlet.JavaScriptServlet</servlet-class>
-  </servlet>
-<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
-<servlet>
-    <servlet-name>action</servlet-name>
-    <servlet-class>org.apache.struts.action.ActionServlet</servlet-class>
-    <init-param>
-      <param-name>config</param-name>
-      <param-value>/WEB-INF/struts-config.xml</param-value>
-    </init-param>
-    <load-on-startup>2</load-on-startup>
-  </servlet>
-<!--Processing servlet-mapping-->
-<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
-<servlet-mapping>
-    <servlet-name>StatusServlet</servlet-name>
-    <url-pattern>/status</url-pattern>
-  </servlet-mapping>
-<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
-<servlet-mapping>
-    <servlet-name>UiServlet</servlet-name>
-    <url-pattern>/grouperUi/app/*</url-pattern>
-  </servlet-mapping>
-<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
-<servlet-mapping>
-    <servlet-name>UiServlet</servlet-name>
-    <url-pattern>/grouperExternal/app/*</url-pattern>
-  </servlet-mapping>
-<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
-<servlet-mapping>
-    <servlet-name>UiServlet</servlet-name>
-    <url-pattern>/grouperExternal/public/UiV2Public.index</url-pattern>
-  </servlet-mapping>
-<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
-<servlet-mapping>
-    <servlet-name>UiServlet</servlet-name>
-    <url-pattern>/grouperExternal/public/UiV2Public.postIndex</url-pattern>
-  </servlet-mapping>
-<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
-<servlet-mapping>
-     <servlet-name>OwaspJavaScriptServlet</servlet-name>
-     <url-pattern>/grouperExternal/public/OwaspJavaScriptServlet</url-pattern>
-  </servlet-mapping>
-<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
-<servlet-mapping>
-    <servlet-name>action</servlet-name>
-    <url-pattern>*.do</url-pattern>
-  </servlet-mapping>
-<!--Processing mime-mapping-->
-<!--Processing error-page-->
-<!--Processing error-page-->
-<!--Processing taglib-->
-<!--Processing resource-env-ref-->
-<!--Processing resource-ref-->
-<!--Processing security-constraint-->
-<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
-<!--Processing env-entry-->
-<!--Processing ejb-ref-->
-<!--Processing ejb-local-ref-->
-</web-app>
diff --git a/ex401/ex401.1.1/container_files/subject.properties b/ex401/ex401.1.1/container_files/subject.properties
index af7911a..5edd00d 100644
--- a/ex401/ex401.1.1/container_files/subject.properties
+++ b/ex401/ex401.1.1/container_files/subject.properties
@@ -11,11 +11,13 @@ subjectApi.source.ldap.param.VTLDAP_VALIDATOR.value = ConnectLdapValidator
 
 subjectApi.source.ldap.param.SubjectID_AttributeType.value = uid
 subjectApi.source.ldap.param.SubjectID_formatToLowerCase.value = false
-subjectApi.source.ldap.param.Name_AttributeType.value = cn
-subjectApi.source.ldap.param.Description_AttributeType.value = cn
+subjectApi.source.ldap.param.Name_AttributeType.value = displayName
+subjectApi.source.ldap.param.Description_AttributeType.value = displayName
 subjectApi.source.ldap.param.subjectVirtualAttribute_0_searchAttribute0.value = ${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('uid'), "")},${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('cn'), "")},${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('exampleEduRegId'), "")}
 subjectApi.source.ldap.param.sortAttribute0.value = cn
 subjectApi.source.ldap.param.searchAttribute0.value = searchAttribute0
+subjectApi.source.ldap.param.subjectVirtualAttribute_0_searchAttribute0.value = ${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('uid'), "")},${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('cn'), "")},${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('employeeNumber'), "")}
+subjectApi.source.ldap.param.subjectVirtualAttribute_1_displayName.value = ${subject.getAttributeValueOrCommaSeparated('cn') + ' (' + subject.getAttributeValueOrCommaSeparated('title') + ')'}
 
 # STATUS SECTION for searches to filter out inactives and allow
 # the user to filter by status with e.g. status=all
diff --git a/ex401/ex401.1.2/container_files/seed-data/bootstrap.gsh b/ex401/ex401.1.2/container_files/seed-data/bootstrap.gsh
index 9007b97..0497f68 100644
--- a/ex401/ex401.1.2/container_files/seed-data/bootstrap.gsh
+++ b/ex401/ex401.1.2/container_files/seed-data/bootstrap.gsh
@@ -10,7 +10,7 @@ attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperL
 attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapTypeName(), "LDAP_SIMPLE");
 attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapServerIdName(), "demo");
 attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapFilterName(), "(cn=vpn_users)");
-attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSearchDnName(), "ou=groups,dc=internet2,dc=edu");
+attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSearchDnName(), "ou=groups");
 attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSubjectAttributeName(), "member");
 attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSubjectIdTypeName(), "subjectId");
 attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSubjectExpressionName(), "\${loaderLdapElUtils.convertDnToSpecificValue(subjectId)}");
diff --git a/ex401/ex401.1.4/container_files/grouper-loader.properties b/ex401/ex401.1.4/container_files/grouper-loader.properties
index ae032ff..9539771 100644
--- a/ex401/ex401.1.4/container_files/grouper-loader.properties
+++ b/ex401/ex401.1.4/container_files/grouper-loader.properties
@@ -79,11 +79,11 @@ changeLog.consumer.pspng_groupOfNames.ldapPoolName = demo
 changeLog.consumer.pspng_groupOfNames.supportsEmptyGroups = false
 changeLog.consumer.pspng_groupOfNames.memberAttributeName = member
 changeLog.consumer.pspng_groupOfNames.memberAttributeValueFormat = ${ldapUser.getDn()}
-changeLog.consumer.pspng_groupOfNames.groupSearchBaseDn = ou=groups,dc=internet2,dc=edu
+changeLog.consumer.pspng_groupOfNames.groupSearchBaseDn = ou=groups
 changeLog.consumer.pspng_groupOfNames.allGroupsSearchFilter = objectclass=groupOfNames
 changeLog.consumer.pspng_groupOfNames.singleGroupSearchFilter = (&(objectclass=groupOfNames)(cn=${group.name}))
 changeLog.consumer.pspng_groupOfNames.groupSearchAttributes = cn,objectclass
 changeLog.consumer.pspng_groupOfNames.groupCreationLdifTemplate = dn: cn=${group.name}||cn: ${group.name}||objectclass: groupOfNames
-changeLog.consumer.pspng_groupOfNames.userSearchBaseDn = ou=people,dc=internet2,dc=edu
+changeLog.consumer.pspng_groupOfNames.userSearchBaseDn = ou=people
 changeLog.consumer.pspng_groupOfNames.userSearchFilter = uid=${subject.id}
 changeLog.consumer.pspng_groupOfNames.grouperIsAuthoritative = true
diff --git a/ex401/ex401.2.3/container_files/grouper-loader.properties b/ex401/ex401.2.3/container_files/grouper-loader.properties
index 8a4c72d..792789e 100644
--- a/ex401/ex401.2.3/container_files/grouper-loader.properties
+++ b/ex401/ex401.2.3/container_files/grouper-loader.properties
@@ -79,12 +79,12 @@ changeLog.consumer.pspng_groupOfNames.ldapPoolName = demo
 changeLog.consumer.pspng_groupOfNames.supportsEmptyGroups = false
 changeLog.consumer.pspng_groupOfNames.memberAttributeName = member
 changeLog.consumer.pspng_groupOfNames.memberAttributeValueFormat = ${ldapUser.getDn()}
-changeLog.consumer.pspng_groupOfNames.groupSearchBaseDn = ou=groups,dc=internet2,dc=edu
+changeLog.consumer.pspng_groupOfNames.groupSearchBaseDn = ou=groups
 changeLog.consumer.pspng_groupOfNames.allGroupsSearchFilter = objectclass=groupOfNames
 changeLog.consumer.pspng_groupOfNames.singleGroupSearchFilter = (&(objectclass=groupOfNames)(cn=${group.name}))
 changeLog.consumer.pspng_groupOfNames.groupSearchAttributes = cn,objectclass
 changeLog.consumer.pspng_groupOfNames.groupCreationLdifTemplate = dn: cn=${group.name}||cn: ${group.name}||objectclass: groupOfNames
-changeLog.consumer.pspng_groupOfNames.userSearchBaseDn = ou=people,dc=internet2,dc=edu
+changeLog.consumer.pspng_groupOfNames.userSearchBaseDn = ou=people
 changeLog.consumer.pspng_groupOfNames.userSearchFilter = uid=${subject.id}
 changeLog.consumer.pspng_groupOfNames.grouperIsAuthoritative = true
 
@@ -95,6 +95,6 @@ changeLog.consumer.pspng_entitlements.quartzCron = 0 * * * * ?
 changeLog.consumer.pspng_entitlements.ldapPoolName = demo
 changeLog.consumer.pspng_entitlements.provisionedAttributeName = eduPersonEntitlement
 changeLog.consumer.pspng_entitlements.provisionedAttributeValueFormat = urn:mace:example.edu:${group.extension}
-changeLog.consumer.pspng_entitlements.userSearchBaseDn = ou=people,dc=internet2,dc=edu
+changeLog.consumer.pspng_entitlements.userSearchBaseDn = ou=people
 changeLog.consumer.pspng_entitlements.userSearchFilter = uid=${subject.id}
 changeLog.consumer.pspng_entitlements.allProvisionedValuesPrefix=urn:mace:example.edu:
diff --git a/ex401/ex401.2.9/container_files/seed-data/bootstrap.gsh b/ex401/ex401.2.9/container_files/seed-data/bootstrap.gsh
index c247e87..60808f7 100644
--- a/ex401/ex401.2.9/container_files/seed-data/bootstrap.gsh
+++ b/ex401/ex401.2.9/container_files/seed-data/bootstrap.gsh
@@ -1,6 +1,7 @@
 gs = GrouperSession.startRootSession();
 
-addGroup("basis", "bypass", "bypass");
-addComposite("app:mfa:ref:mfa_opt_in_access", CompositeType.COMPLEMENT, "basis:bypass", "ref:opt-in");
-addGroup("ref", "bypass-not-opt-in", "bypass-not-opt-in");
-addMember("app:mfa:mfa_enabled_deny", "ref:bypass-not-opt-in");
\ No newline at end of file
+addStem("app:mfa", "basis", "basis");
+addGroup("app:mfa:basis", "bypass", "bypass");
+addComposite("app:mfa:ref:mfa_opt_in_access", CompositeType.COMPLEMENT, "app:mfa:basis:bypass", "app:mfa:ref:opt-in");
+addGroup("app:mfa:ref", "bypass-not-opt-in", "bypass-not-opt-in");
+addMember("app:mfa:mfa_enabled_deny", "app:mfa:ref:bypass-not-opt-in");
\ No newline at end of file
diff --git a/full-demo/container_files/grouper-loader.properties b/full-demo/container_files/grouper-loader.properties
index e5c004e..3c4194e 100644
--- a/full-demo/container_files/grouper-loader.properties
+++ b/full-demo/container_files/grouper-loader.properties
@@ -80,12 +80,12 @@ changeLog.consumer.pspng_groupOfUniqueNames.supportsEmptyGroups = false
 changeLog.consumer.pspng_groupOfUniqueNames.memberAttributeName = uniqueMember
 # changeLog.consumer.pspng_groupOfUniqueNames.memberAttributeValueFormat = ${ldapUser.getStringValue("uid")}
 changeLog.consumer.pspng_groupOfUniqueNames.memberAttributeValueFormat = ${ldapUser.getDn()}
-changeLog.consumer.pspng_groupOfUniqueNames.groupSearchBaseDn = ou=groups,dc=internet2,dc=edu
+changeLog.consumer.pspng_groupOfUniqueNames.groupSearchBaseDn = ou=groups
 changeLog.consumer.pspng_groupOfUniqueNames.allGroupsSearchFilter = objectclass=groupOfUniqueNames
 changeLog.consumer.pspng_groupOfUniqueNames.singleGroupSearchFilter = (&(objectclass=groupOfUniqueNames)(cn=${group.name}))
 changeLog.consumer.pspng_groupOfUniqueNames.groupSearchAttributes = cn,objectclass
 changeLog.consumer.pspng_groupOfUniqueNames.groupCreationLdifTemplate = dn: cn=${group.name}||cn: ${group.name}||objectclass: groupOfUniqueNames
-changeLog.consumer.pspng_groupOfUniqueNames.userSearchBaseDn = ou=people,dc=internet2,dc=edu
+changeLog.consumer.pspng_groupOfUniqueNames.userSearchBaseDn = ou=people
 changeLog.consumer.pspng_groupOfUniqueNames.userSearchFilter = uid=${subject.id}
 changeLog.consumer.pspng_groupOfUniqueNames.grouperIsAuthoritative = true
 changeLog.consumer.pspng_groupOfUniqueNames.provisionedAttributeName = eduPersonEntitlement
@@ -98,6 +98,6 @@ changeLog.consumer.pspng_entitlements.quartzCron = 0 * * * * ?
 changeLog.consumer.pspng_entitlements.ldapPoolName = demo
 changeLog.consumer.pspng_entitlements.provisionedAttributeName = eduPersonEntitlement
 changeLog.consumer.pspng_entitlements.provisionedAttributeValueFormat = urn:mace:example.edu:${group.extension}
-changeLog.consumer.pspng_entitlements.userSearchBaseDn = ou=people,dc=internet2,dc=edu
+changeLog.consumer.pspng_entitlements.userSearchBaseDn = ou=people
 changeLog.consumer.pspng_entitlements.userSearchFilter = uid=${subject.id}
 changeLog.consumer.pspng_entitlements.allProvisionedValuesPrefix=urn:mace:example.edu: