branch for new training Sept. 2021; rework demo data with more realis…

…tic data; delete some extraneous config files
docker · Aug 16, 2021 · b2a656c · b2a656c
1 parent 8874700
commit b2a656c
Showing 20 changed files with 55,293 additions and 15,667 deletions.
diff --git a/base/Dockerfile b/base/Dockerfile
@@ -1,7 +1,7 @@
 FROM tier/shib-idp:3.4.3_20190201 as idp
 
 # Grouper version for the entire GTE
-FROM i2incommon/grouper:2.5.52
+FROM i2incommon/grouper:2.5.54
 
 # Disable docker HEALTHCHECK inherited from tier/shib-sp
 HEALTHCHECK NONE
@@ -94,6 +94,7 @@ RUN chown -R tomcat:tomcat /opt/tomee
 
 ENV GROUPER_START_DELAY_SECONDS=10
 
-EXPOSE 389 3306 4443
+# note 5005 is for remote Java debugging
+EXPOSE 389 3306 8080 5005
 
 CMD ["grouper"]
diff --git a/base/container_files/conf/grouper-loader.properties b/base/container_files/conf/grouper-loader.properties
@@ -71,3 +71,5 @@ ldap.demo.tls = false
 
 #make the paths fully qualified and not relative to the loader group.
 loader.ldap.requireTopStemAsStemFromConfigGroup=false
+
+loader.allowStemDisplayNameChangesUnderStems=basis:hr:job, basis:sis:courses
diff --git a/base/container_files/conf/grouper.properties b/base/container_files/conf/grouper.properties
@@ -46,10 +46,6 @@ grouper.lockoutGroup.name.0 = ref:iam:global_deny
 # {valueType: "group", regex: "^grouper\\.requireGroup\\.name\\.\\d+$"}
 grouper.requireGroup.name.0 = ref:iam:active
 
-# group name of a require group
-# {valueType: "group", regex: "^grouper\\.requireGroup\\.name\\.\\d+$"}
-grouper.requireGroup.name.0 = ref:employee:fac_staff
-
 # allowed to use this require group.  If not configured, anyone could use
 # {valueType: "group", regex: "^grouper\\.lockoutGroup\\.requireGroup\\.\\d+$"}
 # grouper.requireGroup.allowedToUse.0 = ref:activeCanUse
@@ -67,14 +63,3 @@ grouper.membership.customComposite.compositeType.0 = complement
 
 # {valueType: "group", regex: "^grouper\\.membership\\.customComposite\\.groupName\\.\\d+$"}
 grouper.membership.customComposite.groupName.0 = ref:iam:active
-
-
-# Override default property added to 2.5.49
-group.validateExtensionByDefault = false
-stem.validateExtensionByDefault = false
-attributeDef.validateExtensionByDefault = false
-attributeDefName.validateExtensionByDefault = false
-grouperHook.StemUniqueNameCaseInsensitiveHook.autoRegister = false
-grouperHook.GroupUniqueNameCaseInsensitiveHook.autoRegister = false
-grouperHook.AttributeDefUniqueNameCaseInsensitiveHook.autoRegister = false
-grouperHook.AttributeDefNameUniqueNameCaseInsensitiveHook.autoRegister = false
diff --git a/base/container_files/conf/grouperText/grouper.text.en.us.properties b/base/container_files/conf/grouperText/grouper.text.en.us.properties
@@ -1,3 +1,6 @@
+# Used in general containers
 customCompositeMinusActive = Entities who are not active at the institution
+
+# Referenced in ex401
 customCompositeMinusFacStaff = Entities who are not faculty or staff
 customCompositeMinusFacStaffStudent = Entities who are not faculty, staff, or students
diff --git a/base/container_files/conf/subject.properties b/base/container_files/conf/subject.properties
@@ -1,21 +1,51 @@
-subjectApi.source.ldap.id = ldap
-subjectApi.source.ldap.name = EDU Ldap 
+subjectApi.source.ldap.id = eduLDAP
+subjectApi.source.ldap.name = EDU Ldap
 subjectApi.source.ldap.types = person
-subjectApi.source.ldap.adapterClass = edu.internet2.middleware.grouper.subj.GrouperJndiSourceAdapter
+subjectApi.source.ldap.adapterClass = edu.internet2.middleware.grouper.subj.GrouperLdapSourceAdapter2_5
 subjectApi.source.ldap.param.ldapServerId.value = demo
-subjectApi.source.ldap.param.SubjectID_AttributeType.value = uid
-subjectApi.source.ldap.param.SubjectID_formatToLowerCase.value = false
+subjectApi.source.ldap.param.SubjectID_AttributeType.value = employeeNumber
 subjectApi.source.ldap.param.Name_AttributeType.value = cn
 subjectApi.source.ldap.param.Description_AttributeType.value = cn
-subjectApi.source.ldap.param.VTLDAP_VALIDATOR.value = ConnectLdapValidator
+subjectApi.source.ldap.param.emailAttributeName.value = mail
+subjectApi.source.ldap.numberOfAttributes = 6
+subjectApi.source.ldap.attribute.0.name = uid
+subjectApi.source.ldap.attribute.0.subjectIdentifier = true
+subjectApi.source.ldap.attribute.0.translationType = sourceAttributeSameAsSubjectAttribute
+subjectApi.source.ldap.attribute.0.formatToLowerCase = false
+subjectApi.source.ldap.attribute.1.name = cn
+subjectApi.source.ldap.attribute.1.translationType = sourceAttributeSameAsSubjectAttribute
+subjectApi.source.ldap.attribute.1.formatToLowerCase = false
+subjectApi.source.ldap.attribute.2.name = mail
+subjectApi.source.ldap.attribute.2.translationType = sourceAttributeSameAsSubjectAttribute
+subjectApi.source.ldap.attribute.2.formatToLowerCase = false
+subjectApi.source.ldap.attribute.3.name = givenName
+subjectApi.source.ldap.attribute.3.translationType = sourceAttributeSameAsSubjectAttribute
+subjectApi.source.ldap.attribute.3.formatToLowerCase = false
+subjectApi.source.ldap.attribute.4.name = sn
+subjectApi.source.ldap.attribute.4.translationType = sourceAttributeSameAsSubjectAttribute
+subjectApi.source.ldap.attribute.4.formatToLowerCase = false
+subjectApi.source.ldap.attribute.5.name = employeeNumber
+subjectApi.source.ldap.attribute.5.translationType = sourceAttributeSameAsSubjectAttribute
+subjectApi.source.ldap.attribute.5.formatToLowerCase = false
 
-subjectApi.source.ldap.param.SubjectID_AttributeType.value = uid
-subjectApi.source.ldap.param.SubjectID_formatToLowerCase.value = false
-subjectApi.source.ldap.param.Name_AttributeType.value = cn
-subjectApi.source.ldap.param.Description_AttributeType.value = cn
-subjectApi.source.ldap.param.subjectVirtualAttribute_0_searchAttribute0.value = ${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('uid'), "")},${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('cn'), "")},${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('exampleEduRegId'), "")}
-subjectApi.source.ldap.param.sortAttribute0.value = cn
-subjectApi.source.ldap.param.searchAttribute0.value = searchAttribute0
+subjectApi.source.ldap.search.search.param.filter.value = (&(|(uid=%TERM%)(employeeNumber=%TERM%)(cn=*%TERM%*))(objectclass=eduPerson))
+#todo ??? not created by UI: subjectApi.source.ldap.search.search.param.base.value = ou=people,dc=internet2,dc=edu
+#todo ??? not created by UI: subjectApi.source.ldap.search.search.param.scope.value = SUBTREE_SCOPE
+
+subjectApi.source.ldap.search.searchSubject.param.base.value = ou=people,dc=internet2,dc=edu
+subjectApi.source.ldap.search.searchSubject.param.filter.value = (&(employeeNumber=%TERM%)(objectclass=eduPerson))
+subjectApi.source.ldap.search.searchSubject.param.scope.value = SUBTREE_SCOPE
+
+subjectApi.source.ldap.search.searchSubjectByIdentifier.param.filter.value = (&(uid=%TERM%)(objectclass=eduPerson))
+
+#todo ??? not created by UI: subjectApi.source.ldap.search.searchSubjectByIdentifier.param.base.value = ou=people,dc=internet2,dc=edu
+#todo ??? not created by UI: subjectApi.source.ldap.search.searchSubjectByIdentifier.param.scope.value = SUBTREE_SCOPE
+
+
+subjectApi.source.ldap.searchAttributeCount = 1
+subjectApi.source.ldap.searchAttribute.0.attributeName = employeeNumber
+subjectApi.source.ldap.sortAttribute.0.attributeName = employeeNumber
+subjectApi.source.ldap.sortAttributeCount = 1
 
 
 # STATUS SECTION for searches to filter out inactives and allow
@@ -49,26 +79,16 @@ subjectApi.source.ldap.param.searchAttribute0.value = searchAttribute0
 
 # subject identifier to store in grouper's member table.  this is used to increase speed of loader and perhaps for provisioning
 # you can have up to max 1 subject identifier
-subjectApi.source.ldap.param.subjectIdentifierAttribute0.value = employeeNumber
+# todo is this valid for GrouperLdapSourceAdapter2_5?
+#subjectApi.source.ldap.param.subjectIdentifierAttribute0.value = employeeNumber
 
-#searchSubject: find a subject by ID.  ID is generally an opaque and permanent identifier, e.g. 12345678.
-#  Each subject has one and only on ID.  Returns one result when searching for one ID.
-subjectApi.source.ldap.search.searchSubject.param.filter.value = (&(uid=%TERM%)(objectclass=person))
-subjectApi.source.ldap.search.searchSubject.param.scope.value = SUBTREE_SCOPE
-subjectApi.source.ldap.search.searchSubject.param.base.value = ou=people,dc=internet2,dc=edu
 
 #searchSubjectByIdentifier: find a subject by identifier.  Identifier is anything that uniquely
 #  identifies the user, e.g. jsmith or jsmith@institution.edu.
 #  Subjects can have multiple identifiers.  Note: it is nice to have if identifiers are unique
 #  even across sources.  Returns one result when searching for one identifier.
-subjectApi.source.ldap.search.searchSubjectByIdentifier.param.filter.value = (&(employeeNumber=%TERM%)(objectclass=person))
-subjectApi.source.ldap.search.searchSubjectByIdentifier.param.scope.value = SUBTREE_SCOPE
-subjectApi.source.ldap.search.searchSubjectByIdentifier.param.base.value = ou=people,dc=internet2,dc=edu
+# todo needed for GrouperLdapSourceAdapter2_5?
+#subjectApi.source.ldap.search.searchSubjectByIdentifier.param.scope.value = SUBTREE_SCOPE
+#subjectApi.source.ldap.search.searchSubjectByIdentifier.param.base.value = ou=people,dc=internet2,dc=edu
 
 #   search: find subjects by free form search.  Returns multiple results.
-
-subjectApi.source.ldap.search.search.param.filter.value = (&(|(|(uid=%TERM%)(cn=*%TERM%*))(uid=%TERM%*))(objectclass=person))
-subjectApi.source.ldap.search.search.param.scope.value = SUBTREE_SCOPE
-subjectApi.source.ldap.search.search.param.base.value = ou=people,dc=internet2,dc=edu
-
-subjectApi.source.ldap.internalAttributes = searchAttribute0
diff --git a/base/container_files/seed-data/bootstrap.gsh b/base/container_files/seed-data/bootstrap.gsh
@@ -1,3 +1,4 @@
 gs = GrouperSession.startRootSession()
 
-addMember("etc:sysadmingroup","banderson");
+// As long as the loader job works, this shouldn't be needed any longer, since banderson is in the IAM staff group which is in etc:sysadmingroup
+//addMember("etc:sysadmingroup","banderson");
diff --git a/base/container_files/seed-data/users.ldif b/base/container_files/seed-data/users.ldif
@@ -18,34 +18,3 @@ objectClass: organizationalRole
 cn: admin
 userPassword: password
 description: LDAP administrator
-
-dn: uid=jsmith,ou=People,dc=internet2,dc=edu
-objectClass: organizationalPerson
-objectClass: person
-objectClass: top
-objectClass: inetOrgPerson
-givenName: Joe
-uid: jsmith
-sn: Smith
-cn: John Smith
-userPassword: password
-
-dn: uid=banderson,ou=People,dc=internet2,dc=edu
-objectClass: organizationalPerson
-objectClass: person
-objectClass: top
-objectClass: inetOrgPerson
-objectClass: eduPerson
-givenName: Bob
-uid: banderson
-sn: Anderson
-cn: Bob Anderson
-userPassword: password
-eduPersonEntitlement: urn:mace:example.edu:admin
-
-dn: cn=users,ou=Groups,dc=internet2,dc=edu
-objectClass: groupOfUniqueNames
-objectClass: top
-uniqueMember: uid=banderson,ou=People,dc=internet2,dc=edu
-uniqueMember: uid=jsmith,ou=People,dc=internet2,dc=edu
-cn: users
diff --git a/ex101/ex101.1.1/Dockerfile b/ex101/ex101.1.1/Dockerfile
@@ -10,9 +10,7 @@ LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>" \
 ENV USERTOKEN=gte-101.1.1
 
 COPY container_files/seed-data/ /seed-data/
-COPY container_files/grouper-loader.properties /opt/grouper/grouperWebapp/WEB-INF/classes/
-COPY container_files/subject.properties /opt/grouper/grouperWebapp/WEB-INF/classes/
-COPY container_files/morphString.properties /opt/grouper/grouperWebapp/WEB-INF/classes/
+COPY container_files/conf/ /opt/grouper/grouperWebapp/WEB-INF/classes/
 
 # && setupFiles; \
 

diff --git a/ex101/ex101.1.1/container_files/grouper-loader.properties b/ex101/ex101.1.1/container_files/grouper-loader.properties
diff --git a/ex101/ex101.1.1/container_files/morphString.properties b/ex101/ex101.1.1/container_files/morphString.properties