diff --git a/ex401/ex401.1.1/Dockerfile b/ex401/ex401.1.1/Dockerfile index c2c9c95..f11899a 100644 --- a/ex401/ex401.1.1/Dockerfile +++ b/ex401/ex401.1.1/Dockerfile @@ -10,6 +10,7 @@ ENV USERTOKEN=ex401.1.1 COPY container_files/seed-data/ /seed-data/ COPY container_files/grouper-loader.properties /opt/grouper/conf/ +COPY container_files/grouper.client.properties /opt/grouper/conf/ COPY container_files/subject.properties /opt/grouper/conf/ RUN (/usr/sbin/slapd -h "ldap:/// ldaps:/// ldapi:///" -u ldap &) \ diff --git a/ex401/ex401.1.1/container_files/grouper-loader.properties b/ex401/ex401.1.1/container_files/grouper-loader.properties index ae41ed1..c2e6f72 100644 --- a/ex401/ex401.1.1/container_files/grouper-loader.properties +++ b/ex401/ex401.1.1/container_files/grouper-loader.properties @@ -71,3 +71,22 @@ ldap.demo.tls = false #make the paths fully qualified and not relative to the loader group. loader.ldap.requireTopStemAsStemFromConfigGroup=false + + +##################################### +## Messaging integration with change log +##################################### +changeLog.consumer.rabbitMqMessagingSample.quartzCron = 0 * * * * ? + +# note, change "messagingSample" in key to be the name of the consumer. e.g. changeLog.consumer.someNameAnyName.class +changeLog.consumer.rabbitMqMessagingSample.class = edu.internet2.middleware.grouper.changeLog.esb.consumer.EsbConsumer + +changeLog.consumer.rabbitMqMessagingSample.publisher.class = edu.internet2.middleware.grouper.changeLog.esb.consumer.EsbMessagingPublisher +changeLog.consumer.rabbitMqMessagingSample.publisher.messagingSystemName = rabbitmq +# note, routingKey property is valid only for rabbitmq. For other messaging systems, it is ignored. +changeLog.consumer.rabbitMqMessagingSample.publisher.routingKey = +## queue or topic +changeLog.consumer.rabbitMqMessagingSample.publisher.messageQueueType = queue +changeLog.consumer.rabbitMqMessagingSample.publisher.queueOrTopicName = grouper +## this is optional if not using "id" for subjectId, need to be a subject attribute in the sources.xml +#changeLog.consumer.rabbitMqMessagingSample.publisher.addSubjectAttributes = email diff --git a/ex401/ex401.3.3/container_files/grouper.client.properties b/ex401/ex401.1.1/container_files/grouper.client.properties similarity index 100% rename from ex401/ex401.3.3/container_files/grouper.client.properties rename to ex401/ex401.1.1/container_files/grouper.client.properties diff --git a/ex401/ex401.1.4/container_files/grouper-loader.properties b/ex401/ex401.1.4/container_files/grouper-loader.properties index ddcb809..ffab1fc 100644 --- a/ex401/ex401.1.4/container_files/grouper-loader.properties +++ b/ex401/ex401.1.4/container_files/grouper-loader.properties @@ -87,3 +87,21 @@ changeLog.consumer.pspng_groupOfNames.groupCreationLdifTemplate = dn: cn=${group changeLog.consumer.pspng_groupOfNames.userSearchBaseDn = ou=people,dc=internet2,dc=edu changeLog.consumer.pspng_groupOfNames.userSearchFilter = uid=${subject.id} changeLog.consumer.pspng_groupOfNames.grouperIsAuthoritative = false + +##################################### +## Messaging integration with change log +##################################### +changeLog.consumer.rabbitMqMessagingSample.quartzCron = 0 * * * * ? + +# note, change "messagingSample" in key to be the name of the consumer. e.g. changeLog.consumer.someNameAnyName.class +changeLog.consumer.rabbitMqMessagingSample.class = edu.internet2.middleware.grouper.changeLog.esb.consumer.EsbConsumer + +changeLog.consumer.rabbitMqMessagingSample.publisher.class = edu.internet2.middleware.grouper.changeLog.esb.consumer.EsbMessagingPublisher +changeLog.consumer.rabbitMqMessagingSample.publisher.messagingSystemName = rabbitmq +# note, routingKey property is valid only for rabbitmq. For other messaging systems, it is ignored. +changeLog.consumer.rabbitMqMessagingSample.publisher.routingKey = +## queue or topic +changeLog.consumer.rabbitMqMessagingSample.publisher.messageQueueType = queue +changeLog.consumer.rabbitMqMessagingSample.publisher.queueOrTopicName = grouper +## this is optional if not using "id" for subjectId, need to be a subject attribute in the sources.xml +#changeLog.consumer.rabbitMqMessagingSample.publisher.addSubjectAttributes = email diff --git a/ex401/ex401.2.3/container_files/grouper-loader.properties b/ex401/ex401.2.3/container_files/grouper-loader.properties index 1050e7f..5a38a2a 100644 --- a/ex401/ex401.2.3/container_files/grouper-loader.properties +++ b/ex401/ex401.2.3/container_files/grouper-loader.properties @@ -98,3 +98,21 @@ changeLog.consumer.pspng_entitlements.provisionedAttributeValueFormat = ${group. changeLog.consumer.pspng_entitlements.userSearchBaseDn = ou=people,dc=internet2,dc=edu changeLog.consumer.pspng_entitlements.userSearchFilter = uid=${subject.id} changeLog.consumer.pspng_entitlements.allProvisionedValuesPrefix=* + +##################################### +## Messaging integration with change log +##################################### +changeLog.consumer.rabbitMqMessagingSample.quartzCron = 0 * * * * ? + +# note, change "messagingSample" in key to be the name of the consumer. e.g. changeLog.consumer.someNameAnyName.class +changeLog.consumer.rabbitMqMessagingSample.class = edu.internet2.middleware.grouper.changeLog.esb.consumer.EsbConsumer + +changeLog.consumer.rabbitMqMessagingSample.publisher.class = edu.internet2.middleware.grouper.changeLog.esb.consumer.EsbMessagingPublisher +changeLog.consumer.rabbitMqMessagingSample.publisher.messagingSystemName = rabbitmq +# note, routingKey property is valid only for rabbitmq. For other messaging systems, it is ignored. +changeLog.consumer.rabbitMqMessagingSample.publisher.routingKey = +## queue or topic +changeLog.consumer.rabbitMqMessagingSample.publisher.messageQueueType = queue +changeLog.consumer.rabbitMqMessagingSample.publisher.queueOrTopicName = grouper +## this is optional if not using "id" for subjectId, need to be a subject attribute in the sources.xml +#changeLog.consumer.rabbitMqMessagingSample.publisher.addSubjectAttributes = email diff --git a/ex401/ex401.2.end/container_files/seed-data/bootstrap.gsh b/ex401/ex401.2.end/container_files/seed-data/bootstrap.gsh index d7cbd89..875e82f 100644 --- a/ex401/ex401.2.end/container_files/seed-data/bootstrap.gsh +++ b/ex401/ex401.2.end/container_files/seed-data/bootstrap.gsh @@ -3,6 +3,7 @@ gs = GrouperSession.startRootSession(); addMember("app:mfa:mfa_enabled_allow", "ref:faculty"); addMember("app:mfa:mfa_enabled_allow", "ref:staff"); addMember("app:mfa:mfa_enabled_allow", "ref:student"); +delMember("app:mfa:mfa_enabled_allow", "ref:dept:Information Technology"); delGroup("app:mfa:ref:pilot"); delGroup("app:mfa:etc:mfa_opt_in_access"); @@ -10,6 +11,7 @@ delGroup("app:mfa:etc:mfa_opt_in_access_allow"); delGroup("app:mfa:etc:mfa_opt_in_access_deny"); delGroup("app:mfa:ref:mfa_opt_in"); delGroup("app:mfa:ref:mfa_bypass_not_opt_in"); +delGroup("app:mfa:mfa_required"); delGroup("app:mfa:ref:BannerUsersMinusFaculty"); delGroup("app:mfa:ref:NonFacultyBannerINB"); delGroup("app:mfa:ref:athletics_dept"); diff --git a/ex401/ex401.3.3/Dockerfile b/ex401/ex401.3.3/Dockerfile index 456f7ce..29dcbca 100644 --- a/ex401/ex401.3.3/Dockerfile +++ b/ex401/ex401.3.3/Dockerfile @@ -9,8 +9,6 @@ LABEL author="tier-packaging@internet2.edu " \ ENV USERTOKEN=ex401.3.3 COPY container_files/seed-data/ /seed-data/ -COPY container_files/grouper-loader.properties /opt/grouper/conf/ -COPY container_files/grouper.client.properties /opt/grouper/conf/ RUN . /usr/local/bin/library.sh \ && prepConf; \ diff --git a/ex401/ex401.3.3/container_files/grouper-loader.properties b/ex401/ex401.3.3/container_files/grouper-loader.properties deleted file mode 100644 index 45f2b18..0000000 --- a/ex401/ex401.3.3/container_files/grouper-loader.properties +++ /dev/null @@ -1,118 +0,0 @@ -#specify the consumers here. specify the consumer name after the changeLog.consumer. part. This example is "psp" -#but it could be changeLog.consumer.myConsumerName.class -#the class must extend edu.internet2.middleware.grouper.changeLog.ChangeLogConsumerBase -#changeLog.consumer.psp.class = edu.internet2.middleware.psp.grouper.PspChangeLogConsumer - -#the quartz cron is a cron-like string. it defaults to every minute on the minute (since the temp to change log job runs -#at 10 seconds to each minute). it defaults to this: 0 * * * * ? -#though it will stagger each one by 2 seconds -# http://www.quartz-scheduler.org/documentation/quartz-1.x/tutorials/crontrigger -#changeLog.consumer.psp.quartzCron = 0 * * * * ? - -# To retry processing a change log entry if an error occurs, set retryOnError to true. Defaults to false. -#changeLog.consumer.psp.retryOnError = false - -# To run full provisioning synchronizations periodically, provide the class name which provides a 'public void fullSync()' method. -#changeLog.psp.fullSync.class = edu.internet2.middleware.psp.grouper.PspChangeLogConsumer - -# Schedule full synchronizations. Defaults to 5 am : 0 0 5 * * ?. -#changeLog.psp.fullSync.quartzCron = 0 0 5 * * ? - -# Run a full synchronization job at startup. Defaults to false. -#changeLog.psp.fullSync.runAtStartup = false - -# Omit diff responses from bulk response to conserve memory. -#changeLog.psp.fullSync.omitDiffResponses = true - -# Omit sync responses from bulk response to conserve memory. -#changeLog.psp.fullSync.omitSyncResponses = true - -################################# -## LDAP connections -################################# -# specify the ldap connection with user, pass, url -# the string after "ldap." is the ID of the connection, and it should not have -# spaces or other special chars in it. In this case is it "personLdap" - -#note the URL should start with ldap: or ldaps: if it is SSL. -#It should contain the server and port (optional if not default), and baseDn, -#e.g. ldaps://ldapserver.school.edu:636/dc=school,dc=edu -ldap.demo.url = ldap://localhost:389/ - -#optional, if authenticated -ldap.demo.user = cn=root,dc=internet2,dc=edu - -#optional, if authenticated note the password can be stored encrypted in an external file -ldap.demo.pass = password - -#optional, if you are using tls, set this to true. Generally you will not be using an SSL URL to use TLS... -ldap.demo.tls = false - -#optional, if using sasl -#ldap.personLdap.saslAuthorizationId = -#ldap.personLdap.saslRealm = - -#optional (note, time limit is for search operations, timeout is for connection timeouts), -#most of these default to vt-ldap defaults. times are in millis -#validateOnCheckout defaults to true if all other validate methods are false -#ldap.personLdap.batchSize = -#ldap.personLdap.countLimit = -#ldap.personLdap.timeLimit = -#ldap.personLdap.timeout = -#ldap.personLdap.minPoolSize = -#ldap.personLdap.maxPoolSize = -#ldap.personLdap.validateOnCheckIn = -#ldap.personLdap.validateOnCheckOut = -#ldap.personLdap.validatePeriodically = -#ldap.personLdap.validateTimerPeriod = -#ldap.personLdap.pruneTimerPeriod = -#if connections expire after a certain amount of time, this is it, in millis, defaults to 300000 (5 minutes) -#ldap.personLdap.expirationTime = - -#make the paths fully qualified and not relative to the loader group. -loader.ldap.requireTopStemAsStemFromConfigGroup=false - -changeLog.consumer.pspng_groupOfNames.class = edu.internet2.middleware.grouper.pspng.PspChangelogConsumerShim -changeLog.consumer.pspng_groupOfNames.type = edu.internet2.middleware.grouper.pspng.LdapGroupProvisioner -changeLog.consumer.pspng_groupOfNames.quartzCron = 0 * * * * ? -changeLog.consumer.pspng_groupOfNames.ldapPoolName = demo -changeLog.consumer.pspng_groupOfNames.supportsEmptyGroups = false -changeLog.consumer.pspng_groupOfNames.memberAttributeName = member -changeLog.consumer.pspng_groupOfNames.memberAttributeValueFormat = ${ldapUser.getDn()} -changeLog.consumer.pspng_groupOfNames.groupSearchBaseDn = ou=groups,dc=internet2,dc=edu -changeLog.consumer.pspng_groupOfNames.allGroupsSearchFilter = objectclass=groupOfNames -changeLog.consumer.pspng_groupOfNames.singleGroupSearchFilter = (&(objectclass=groupOfNames)(cn=${group.name})) -changeLog.consumer.pspng_groupOfNames.groupSearchAttributes = cn,objectclass -changeLog.consumer.pspng_groupOfNames.groupCreationLdifTemplate = dn: cn=${group.name}||cn: ${group.name}||objectclass: groupOfNames -changeLog.consumer.pspng_groupOfNames.userSearchBaseDn = ou=people,dc=internet2,dc=edu -changeLog.consumer.pspng_groupOfNames.userSearchFilter = uid=${subject.id} -changeLog.consumer.pspng_groupOfNames.grouperIsAuthoritative = false - - -changeLog.consumer.pspng_entitlements.class = edu.internet2.middleware.grouper.pspng.PspChangelogConsumerShim -changeLog.consumer.pspng_entitlements.type = edu.internet2.middleware.grouper.pspng.LdapAttributeProvisioner -changeLog.consumer.pspng_entitlements.quartzCron = 0 * * * * ? -changeLog.consumer.pspng_entitlements.ldapPoolName = demo -changeLog.consumer.pspng_entitlements.provisionedAttributeName = eduPersonEntitlement -changeLog.consumer.pspng_entitlements.provisionedAttributeValueFormat = ${group.name.equalsIgnoreCase('app:mfa:mfa_enabled') ? 'http://tier.internet2.edu/mfa/enabled' : (group.name.equalsIgnoreCase('app:boardeffect:boardeffect_authorized') ? 'https://college.boardeffect.com/' : 'urn:mace:example.edu:' + group.extension) } -changeLog.consumer.pspng_entitlements.userSearchBaseDn = ou=people,dc=internet2,dc=edu -changeLog.consumer.pspng_entitlements.userSearchFilter = uid=${subject.id} -changeLog.consumer.pspng_entitlements.allProvisionedValuesPrefix=* - -##################################### -## Messaging integration with change log -##################################### -changeLog.consumer.rabbitMqMessagingSample.quartzCron = 0 * * * * ? - -# note, change "messagingSample" in key to be the name of the consumer. e.g. changeLog.consumer.someNameAnyName.class -changeLog.consumer.rabbitMqMessagingSample.class = edu.internet2.middleware.grouper.changeLog.esb.consumer.EsbConsumer - -changeLog.consumer.rabbitMqMessagingSample.publisher.class = edu.internet2.middleware.grouper.changeLog.esb.consumer.EsbMessagingPublisher -changeLog.consumer.rabbitMqMessagingSample.publisher.messagingSystemName = rabbitmq -# note, routingKey property is valid only for rabbitmq. For other messaging systems, it is ignored. -changeLog.consumer.rabbitMqMessagingSample.publisher.routingKey = -## queue or topic -changeLog.consumer.rabbitMqMessagingSample.publisher.messageQueueType = queue -changeLog.consumer.rabbitMqMessagingSample.publisher.queueOrTopicName = grouper -## this is optional if not using "id" for subjectId, need to be a subject attribute in the sources.xml -#changeLog.consumer.rabbitMqMessagingSample.publisher.addSubjectAttributes = email