diff --git a/ex401/ex401.1.1/container_files/grouper-loader.properties b/ex401/ex401.1.1/container_files/grouper-loader.properties index c2e6f72..5a38a2a 100644 --- a/ex401/ex401.1.1/container_files/grouper-loader.properties +++ b/ex401/ex401.1.1/container_files/grouper-loader.properties @@ -72,6 +72,32 @@ ldap.demo.tls = false #make the paths fully qualified and not relative to the loader group. loader.ldap.requireTopStemAsStemFromConfigGroup=false +changeLog.consumer.pspng_groupOfNames.class = edu.internet2.middleware.grouper.pspng.PspChangelogConsumerShim +changeLog.consumer.pspng_groupOfNames.type = edu.internet2.middleware.grouper.pspng.LdapGroupProvisioner +changeLog.consumer.pspng_groupOfNames.quartzCron = 0 * * * * ? +changeLog.consumer.pspng_groupOfNames.ldapPoolName = demo +changeLog.consumer.pspng_groupOfNames.supportsEmptyGroups = false +changeLog.consumer.pspng_groupOfNames.memberAttributeName = member +changeLog.consumer.pspng_groupOfNames.memberAttributeValueFormat = ${ldapUser.getDn()} +changeLog.consumer.pspng_groupOfNames.groupSearchBaseDn = ou=groups,dc=internet2,dc=edu +changeLog.consumer.pspng_groupOfNames.allGroupsSearchFilter = objectclass=groupOfNames +changeLog.consumer.pspng_groupOfNames.singleGroupSearchFilter = (&(objectclass=groupOfNames)(cn=${group.name})) +changeLog.consumer.pspng_groupOfNames.groupSearchAttributes = cn,objectclass +changeLog.consumer.pspng_groupOfNames.groupCreationLdifTemplate = dn: cn=${group.name}||cn: ${group.name}||objectclass: groupOfNames +changeLog.consumer.pspng_groupOfNames.userSearchBaseDn = ou=people,dc=internet2,dc=edu +changeLog.consumer.pspng_groupOfNames.userSearchFilter = uid=${subject.id} +changeLog.consumer.pspng_groupOfNames.grouperIsAuthoritative = false + + +changeLog.consumer.pspng_entitlements.class = edu.internet2.middleware.grouper.pspng.PspChangelogConsumerShim +changeLog.consumer.pspng_entitlements.type = edu.internet2.middleware.grouper.pspng.LdapAttributeProvisioner +changeLog.consumer.pspng_entitlements.quartzCron = 0 * * * * ? +changeLog.consumer.pspng_entitlements.ldapPoolName = demo +changeLog.consumer.pspng_entitlements.provisionedAttributeName = eduPersonEntitlement +changeLog.consumer.pspng_entitlements.provisionedAttributeValueFormat = ${group.name.equalsIgnoreCase('app:mfa:mfa_enabled') ? 'http://tier.internet2.edu/mfa/enabled' : 'urn:mace:example.edu:' + group.extension} +changeLog.consumer.pspng_entitlements.userSearchBaseDn = ou=people,dc=internet2,dc=edu +changeLog.consumer.pspng_entitlements.userSearchFilter = uid=${subject.id} +changeLog.consumer.pspng_entitlements.allProvisionedValuesPrefix=* ##################################### ## Messaging integration with change log diff --git a/ex401/ex401.1.4/Dockerfile b/ex401/ex401.1.4/Dockerfile index 38695f2..ad64933 100644 --- a/ex401/ex401.1.4/Dockerfile +++ b/ex401/ex401.1.4/Dockerfile @@ -9,7 +9,6 @@ LABEL author="tier-packaging@internet2.edu " \ ENV USERTOKEN=ex401.1.4 COPY container_files/seed-data/ /seed-data/ -COPY container_files/grouper-loader.properties /opt/grouper/conf/ RUN . /usr/local/bin/library.sh \ && prepConf; \ diff --git a/ex401/ex401.1.4/container_files/grouper-loader.properties b/ex401/ex401.1.4/container_files/grouper-loader.properties deleted file mode 100644 index ffab1fc..0000000 --- a/ex401/ex401.1.4/container_files/grouper-loader.properties +++ /dev/null @@ -1,107 +0,0 @@ -#specify the consumers here. specify the consumer name after the changeLog.consumer. part. This example is "psp" -#but it could be changeLog.consumer.myConsumerName.class -#the class must extend edu.internet2.middleware.grouper.changeLog.ChangeLogConsumerBase -#changeLog.consumer.psp.class = edu.internet2.middleware.psp.grouper.PspChangeLogConsumer - -#the quartz cron is a cron-like string. it defaults to every minute on the minute (since the temp to change log job runs -#at 10 seconds to each minute). it defaults to this: 0 * * * * ? -#though it will stagger each one by 2 seconds -# http://www.quartz-scheduler.org/documentation/quartz-1.x/tutorials/crontrigger -#changeLog.consumer.psp.quartzCron = 0 * * * * ? - -# To retry processing a change log entry if an error occurs, set retryOnError to true. Defaults to false. -#changeLog.consumer.psp.retryOnError = false - -# To run full provisioning synchronizations periodically, provide the class name which provides a 'public void fullSync()' method. -#changeLog.psp.fullSync.class = edu.internet2.middleware.psp.grouper.PspChangeLogConsumer - -# Schedule full synchronizations. Defaults to 5 am : 0 0 5 * * ?. -#changeLog.psp.fullSync.quartzCron = 0 0 5 * * ? - -# Run a full synchronization job at startup. Defaults to false. -#changeLog.psp.fullSync.runAtStartup = false - -# Omit diff responses from bulk response to conserve memory. -#changeLog.psp.fullSync.omitDiffResponses = true - -# Omit sync responses from bulk response to conserve memory. -#changeLog.psp.fullSync.omitSyncResponses = true - -################################# -## LDAP connections -################################# -# specify the ldap connection with user, pass, url -# the string after "ldap." is the ID of the connection, and it should not have -# spaces or other special chars in it. In this case is it "personLdap" - -#note the URL should start with ldap: or ldaps: if it is SSL. -#It should contain the server and port (optional if not default), and baseDn, -#e.g. ldaps://ldapserver.school.edu:636/dc=school,dc=edu -ldap.demo.url = ldap://localhost:389/ - -#optional, if authenticated -ldap.demo.user = cn=root,dc=internet2,dc=edu - -#optional, if authenticated note the password can be stored encrypted in an external file -ldap.demo.pass = password - -#optional, if you are using tls, set this to true. Generally you will not be using an SSL URL to use TLS... -ldap.demo.tls = false - -#optional, if using sasl -#ldap.personLdap.saslAuthorizationId = -#ldap.personLdap.saslRealm = - -#optional (note, time limit is for search operations, timeout is for connection timeouts), -#most of these default to vt-ldap defaults. times are in millis -#validateOnCheckout defaults to true if all other validate methods are false -#ldap.personLdap.batchSize = -#ldap.personLdap.countLimit = -#ldap.personLdap.timeLimit = -#ldap.personLdap.timeout = -#ldap.personLdap.minPoolSize = -#ldap.personLdap.maxPoolSize = -#ldap.personLdap.validateOnCheckIn = -#ldap.personLdap.validateOnCheckOut = -#ldap.personLdap.validatePeriodically = -#ldap.personLdap.validateTimerPeriod = -#ldap.personLdap.pruneTimerPeriod = -#if connections expire after a certain amount of time, this is it, in millis, defaults to 300000 (5 minutes) -#ldap.personLdap.expirationTime = - -#make the paths fully qualified and not relative to the loader group. -loader.ldap.requireTopStemAsStemFromConfigGroup=false - -changeLog.consumer.pspng_groupOfNames.class = edu.internet2.middleware.grouper.pspng.PspChangelogConsumerShim -changeLog.consumer.pspng_groupOfNames.type = edu.internet2.middleware.grouper.pspng.LdapGroupProvisioner -changeLog.consumer.pspng_groupOfNames.quartzCron = 0 * * * * ? -changeLog.consumer.pspng_groupOfNames.ldapPoolName = demo -changeLog.consumer.pspng_groupOfNames.supportsEmptyGroups = false -changeLog.consumer.pspng_groupOfNames.memberAttributeName = member -changeLog.consumer.pspng_groupOfNames.memberAttributeValueFormat = ${ldapUser.getDn()} -changeLog.consumer.pspng_groupOfNames.groupSearchBaseDn = ou=groups,dc=internet2,dc=edu -changeLog.consumer.pspng_groupOfNames.allGroupsSearchFilter = objectclass=groupOfNames -changeLog.consumer.pspng_groupOfNames.singleGroupSearchFilter = (&(objectclass=groupOfNames)(cn=${group.name})) -changeLog.consumer.pspng_groupOfNames.groupSearchAttributes = cn,objectclass -changeLog.consumer.pspng_groupOfNames.groupCreationLdifTemplate = dn: cn=${group.name}||cn: ${group.name}||objectclass: groupOfNames -changeLog.consumer.pspng_groupOfNames.userSearchBaseDn = ou=people,dc=internet2,dc=edu -changeLog.consumer.pspng_groupOfNames.userSearchFilter = uid=${subject.id} -changeLog.consumer.pspng_groupOfNames.grouperIsAuthoritative = false - -##################################### -## Messaging integration with change log -##################################### -changeLog.consumer.rabbitMqMessagingSample.quartzCron = 0 * * * * ? - -# note, change "messagingSample" in key to be the name of the consumer. e.g. changeLog.consumer.someNameAnyName.class -changeLog.consumer.rabbitMqMessagingSample.class = edu.internet2.middleware.grouper.changeLog.esb.consumer.EsbConsumer - -changeLog.consumer.rabbitMqMessagingSample.publisher.class = edu.internet2.middleware.grouper.changeLog.esb.consumer.EsbMessagingPublisher -changeLog.consumer.rabbitMqMessagingSample.publisher.messagingSystemName = rabbitmq -# note, routingKey property is valid only for rabbitmq. For other messaging systems, it is ignored. -changeLog.consumer.rabbitMqMessagingSample.publisher.routingKey = -## queue or topic -changeLog.consumer.rabbitMqMessagingSample.publisher.messageQueueType = queue -changeLog.consumer.rabbitMqMessagingSample.publisher.queueOrTopicName = grouper -## this is optional if not using "id" for subjectId, need to be a subject attribute in the sources.xml -#changeLog.consumer.rabbitMqMessagingSample.publisher.addSubjectAttributes = email diff --git a/ex401/ex401.2.3/Dockerfile b/ex401/ex401.2.3/Dockerfile index fded027..6f8ba80 100644 --- a/ex401/ex401.2.3/Dockerfile +++ b/ex401/ex401.2.3/Dockerfile @@ -9,7 +9,6 @@ LABEL author="tier-packaging@internet2.edu " \ ENV USERTOKEN=ex401.2.3 COPY container_files/seed-data/ /seed-data/ -COPY container_files/grouper-loader.properties /opt/grouper/conf/ RUN . /usr/local/bin/library.sh \ && prepConf; \ diff --git a/ex401/ex401.2.3/container_files/grouper-loader.properties b/ex401/ex401.2.3/container_files/grouper-loader.properties deleted file mode 100644 index 5a38a2a..0000000 --- a/ex401/ex401.2.3/container_files/grouper-loader.properties +++ /dev/null @@ -1,118 +0,0 @@ -#specify the consumers here. specify the consumer name after the changeLog.consumer. part. This example is "psp" -#but it could be changeLog.consumer.myConsumerName.class -#the class must extend edu.internet2.middleware.grouper.changeLog.ChangeLogConsumerBase -#changeLog.consumer.psp.class = edu.internet2.middleware.psp.grouper.PspChangeLogConsumer - -#the quartz cron is a cron-like string. it defaults to every minute on the minute (since the temp to change log job runs -#at 10 seconds to each minute). it defaults to this: 0 * * * * ? -#though it will stagger each one by 2 seconds -# http://www.quartz-scheduler.org/documentation/quartz-1.x/tutorials/crontrigger -#changeLog.consumer.psp.quartzCron = 0 * * * * ? - -# To retry processing a change log entry if an error occurs, set retryOnError to true. Defaults to false. -#changeLog.consumer.psp.retryOnError = false - -# To run full provisioning synchronizations periodically, provide the class name which provides a 'public void fullSync()' method. -#changeLog.psp.fullSync.class = edu.internet2.middleware.psp.grouper.PspChangeLogConsumer - -# Schedule full synchronizations. Defaults to 5 am : 0 0 5 * * ?. -#changeLog.psp.fullSync.quartzCron = 0 0 5 * * ? - -# Run a full synchronization job at startup. Defaults to false. -#changeLog.psp.fullSync.runAtStartup = false - -# Omit diff responses from bulk response to conserve memory. -#changeLog.psp.fullSync.omitDiffResponses = true - -# Omit sync responses from bulk response to conserve memory. -#changeLog.psp.fullSync.omitSyncResponses = true - -################################# -## LDAP connections -################################# -# specify the ldap connection with user, pass, url -# the string after "ldap." is the ID of the connection, and it should not have -# spaces or other special chars in it. In this case is it "personLdap" - -#note the URL should start with ldap: or ldaps: if it is SSL. -#It should contain the server and port (optional if not default), and baseDn, -#e.g. ldaps://ldapserver.school.edu:636/dc=school,dc=edu -ldap.demo.url = ldap://localhost:389/ - -#optional, if authenticated -ldap.demo.user = cn=root,dc=internet2,dc=edu - -#optional, if authenticated note the password can be stored encrypted in an external file -ldap.demo.pass = password - -#optional, if you are using tls, set this to true. Generally you will not be using an SSL URL to use TLS... -ldap.demo.tls = false - -#optional, if using sasl -#ldap.personLdap.saslAuthorizationId = -#ldap.personLdap.saslRealm = - -#optional (note, time limit is for search operations, timeout is for connection timeouts), -#most of these default to vt-ldap defaults. times are in millis -#validateOnCheckout defaults to true if all other validate methods are false -#ldap.personLdap.batchSize = -#ldap.personLdap.countLimit = -#ldap.personLdap.timeLimit = -#ldap.personLdap.timeout = -#ldap.personLdap.minPoolSize = -#ldap.personLdap.maxPoolSize = -#ldap.personLdap.validateOnCheckIn = -#ldap.personLdap.validateOnCheckOut = -#ldap.personLdap.validatePeriodically = -#ldap.personLdap.validateTimerPeriod = -#ldap.personLdap.pruneTimerPeriod = -#if connections expire after a certain amount of time, this is it, in millis, defaults to 300000 (5 minutes) -#ldap.personLdap.expirationTime = - -#make the paths fully qualified and not relative to the loader group. -loader.ldap.requireTopStemAsStemFromConfigGroup=false - -changeLog.consumer.pspng_groupOfNames.class = edu.internet2.middleware.grouper.pspng.PspChangelogConsumerShim -changeLog.consumer.pspng_groupOfNames.type = edu.internet2.middleware.grouper.pspng.LdapGroupProvisioner -changeLog.consumer.pspng_groupOfNames.quartzCron = 0 * * * * ? -changeLog.consumer.pspng_groupOfNames.ldapPoolName = demo -changeLog.consumer.pspng_groupOfNames.supportsEmptyGroups = false -changeLog.consumer.pspng_groupOfNames.memberAttributeName = member -changeLog.consumer.pspng_groupOfNames.memberAttributeValueFormat = ${ldapUser.getDn()} -changeLog.consumer.pspng_groupOfNames.groupSearchBaseDn = ou=groups,dc=internet2,dc=edu -changeLog.consumer.pspng_groupOfNames.allGroupsSearchFilter = objectclass=groupOfNames -changeLog.consumer.pspng_groupOfNames.singleGroupSearchFilter = (&(objectclass=groupOfNames)(cn=${group.name})) -changeLog.consumer.pspng_groupOfNames.groupSearchAttributes = cn,objectclass -changeLog.consumer.pspng_groupOfNames.groupCreationLdifTemplate = dn: cn=${group.name}||cn: ${group.name}||objectclass: groupOfNames -changeLog.consumer.pspng_groupOfNames.userSearchBaseDn = ou=people,dc=internet2,dc=edu -changeLog.consumer.pspng_groupOfNames.userSearchFilter = uid=${subject.id} -changeLog.consumer.pspng_groupOfNames.grouperIsAuthoritative = false - - -changeLog.consumer.pspng_entitlements.class = edu.internet2.middleware.grouper.pspng.PspChangelogConsumerShim -changeLog.consumer.pspng_entitlements.type = edu.internet2.middleware.grouper.pspng.LdapAttributeProvisioner -changeLog.consumer.pspng_entitlements.quartzCron = 0 * * * * ? -changeLog.consumer.pspng_entitlements.ldapPoolName = demo -changeLog.consumer.pspng_entitlements.provisionedAttributeName = eduPersonEntitlement -changeLog.consumer.pspng_entitlements.provisionedAttributeValueFormat = ${group.name.equalsIgnoreCase('app:mfa:mfa_enabled') ? 'http://tier.internet2.edu/mfa/enabled' : 'urn:mace:example.edu:' + group.extension} -changeLog.consumer.pspng_entitlements.userSearchBaseDn = ou=people,dc=internet2,dc=edu -changeLog.consumer.pspng_entitlements.userSearchFilter = uid=${subject.id} -changeLog.consumer.pspng_entitlements.allProvisionedValuesPrefix=* - -##################################### -## Messaging integration with change log -##################################### -changeLog.consumer.rabbitMqMessagingSample.quartzCron = 0 * * * * ? - -# note, change "messagingSample" in key to be the name of the consumer. e.g. changeLog.consumer.someNameAnyName.class -changeLog.consumer.rabbitMqMessagingSample.class = edu.internet2.middleware.grouper.changeLog.esb.consumer.EsbConsumer - -changeLog.consumer.rabbitMqMessagingSample.publisher.class = edu.internet2.middleware.grouper.changeLog.esb.consumer.EsbMessagingPublisher -changeLog.consumer.rabbitMqMessagingSample.publisher.messagingSystemName = rabbitmq -# note, routingKey property is valid only for rabbitmq. For other messaging systems, it is ignored. -changeLog.consumer.rabbitMqMessagingSample.publisher.routingKey = -## queue or topic -changeLog.consumer.rabbitMqMessagingSample.publisher.messageQueueType = queue -changeLog.consumer.rabbitMqMessagingSample.publisher.queueOrTopicName = grouper -## this is optional if not using "id" for subjectId, need to be a subject attribute in the sources.xml -#changeLog.consumer.rabbitMqMessagingSample.publisher.addSubjectAttributes = email