PSPNG config added to demo

docker · Apr 3, 2018 · fe41c23 · fe41c23
1 parent dad2cb3
commit fe41c23
Show file tree

Hide file tree

Showing 4 changed files with 42 additions and 8 deletions.
diff --git a/full-demo/Dockerfile b/full-demo/Dockerfile
@@ -15,6 +15,8 @@ RUN (/usr/sbin/slapd -h "ldap:/// ldaps:/// ldapi:///" -u ldap &) \
     && while ! curl -s ldap://localhost:389 > /dev/null; do echo waiting for ldap to start; sleep 1; done; \
     (mysqld_safe & ) \
     && while ! curl -s localhost:3306 > /dev/null; do echo waiting for mysqld to start; sleep 3; done; \
+    . /usr/local/bin/library.sh; \
+    prepDaemon; \
     cd /opt/grouper/grouper.apiBinary \
     && bin/gsh /seed-data/demo.gsh \
     && pkill -HUP slapd \

diff --git a/full-demo/container_files/demo.gsh b/full-demo/container_files/demo.gsh
@@ -4,7 +4,7 @@ addRootStem("ref", "ref");
 addRootStem("bundle", "bundle");
 addRootStem("app", "app");
 addRootStem("org", "org");
-addRootStem("test", "test");
+testStem = addRootStem("test", "test");
 
 
 addStem("ref", "course", "course")
@@ -15,7 +15,8 @@ setGroupAttr("etc:coursesLoader", "grouperLoaderDbName", "grouper");
 setGroupAttr("etc:coursesLoader", "grouperLoaderType", "SQL_GROUP_LIST");
 setGroupAttr("etc:coursesLoader", "grouperLoaderScheduleType", "CRON");
 setGroupAttr("etc:coursesLoader", "grouperLoaderQuartzCron", "0 * * * * ?");
-setGroupAttr("etc:coursesLoader", "grouperLoaderQuery", "select distinct id as SUBJECT_IDENTIFIER, CONCAT('ref:course:', courseID) as GROUP_NAME from SIS_Courses");
+setGroupAttr("etc:coursesLoader", "grouperLoaderQuartzCron", "0 * * * * ?");
+setGroupAttr("etc:coursesLoader", "grouperLoaderQuery", "select distinct id as SUBJECT_IDENTIFIER, 'ldap' as SUBJECT_SOURCE_ID, CONCAT('ref:course:', courseID) as GROUP_NAME from SIS_Courses");
 
 
 addStem("ref", "affiliation", "affiliation")
@@ -197,6 +198,7 @@ addGroup("app:vpn", "vpn_user", "vpn_user");
 addComposite("app:vpn:vpn_user", CompositeType.UNION, "app:vpn:vpn_user_allow", "app:vpn:vpn_user_deny")
 
 
+# Setup some user favorites
 subject = SubjectFinder.findById("banderson");
 group = GroupFinder.findByName(gs, "etc:sysadmingroup", true);
 GrouperUserDataApi.favoriteGroupAdd("etc:grouperUi:grouperUiUserData", subject, group);
@@ -205,12 +207,26 @@ stem = StemFinder.findByName(gs, "org:computerscience", true);
 GrouperUserDataApi.favoriteStemAdd("etc:grouperUi:grouperUiUserData", subject, stem);
 
 
-
+#Set up service definitions
 AttributeDef appServiceDef = new AttributeDefSave(gs).assignCreateParentStemsIfNotExist(true).assignAttributeDefType(AttributeDefType.service).assignName("etc:apps:appsServiceDefinition").assignToStem(true).save();
 
 AttributeDefName appService = new AttributeDefNameSave(gs, appServiceDef).assignCreateParentStemsIfNotExist(true).assignName("etc:apps:appsService").assignDisplayExtension("Central IT production Apps").save();
 
 banner.getAttributeDelegate().assignAttribute(appService);
 portal.getAttributeDelegate().assignAttribute(appService);
 
-addMember("app:banner:banner_user_allow", "banderson");
+addMember("app:banner:banner_user_allow", "banderson");
+
+
+# Auto create the PSPNG attributes
+edu.internet2.middleware.grouper.pspng.FullSyncProvisionerFactory.getFullSyncer("pspng_groupOfUniqueNames");
+
+#Assign the PSPNG attributes
+AttributeDef pspngAttributeDef = AttributeDefFinder.findByName("etc:pspng:provision_to_def", true);
+AttributeDefName pspngAttribute = AttributeDefNameFinder.findByName("etc:pspng:provision_to", true);
+
+AttributeAssignSave attributeAssignSave = new AttributeAssignSave(gs).assignPrintChangesToSystemOut(true);
+attributeAssignSave.assignAttributeDefName(pspngAttribute);
+attributeAssignSave.assignOwnerStem(testStem);
+attributeAssignSave.addValue("pspng_groupOfUniqueNames");
+attributeAssignSave.save();
diff --git a/full-demo/container_files/grouper-loader.properties b/full-demo/container_files/grouper-loader.properties
@@ -40,13 +40,13 @@
 ldap.demo.url = ldap://localhost:389/dc=internet2,dc=edu
 
 #optional, if authenticated
-ldap.personLdap.user = cn=admin,dc=internet2,dc=edu
+ldap.demo.user = cn=root,dc=internet2,dc=edu
 
 #optional, if authenticated note the password can be stored encrypted in an external file
-ldap.personLdap.pass = password
+ldap.demo.pass = password
 
 #optional, if you are using tls, set this to true.  Generally you will not be using an SSL URL to use TLS...
-#ldap.personLdap.tls = false
+ldap.demo.tls = false
 
 #optional, if using sasl
 #ldap.personLdap.saslAuthorizationId =
@@ -71,3 +71,19 @@ ldap.personLdap.pass = password
 
 #make the paths fully qualified and not relative to the loader group.
 loader.ldap.requireTopStemAsStemFromConfigGroup=false
+
+changeLog.consumer.pspng_groupOfUniqueNames.class = edu.internet2.middleware.grouper.pspng.PspChangelogConsumerShim
+changeLog.consumer.pspng_groupOfUniqueNames.type = edu.internet2.middleware.grouper.pspng.LdapGroupProvisioner
+changeLog.consumer.pspng_groupOfUniqueNames.quartzCron = 0 * * * * ?
+changeLog.consumer.pspng_groupOfUniqueNames.ldapPoolName = demo
+changeLog.consumer.pspng_groupOfUniqueNames.supportsEmptyGroups = false
+changeLog.consumer.pspng_groupOfUniqueNames.memberAttributeName = uniqueMember
+# changeLog.consumer.pspng_groupOfUniqueNames.memberAttributeValueFormat = ${ldapUser.getStringValue("uid")}
+changeLog.consumer.pspng_groupOfUniqueNames.memberAttributeValueFormat = ${ldapUser.getDn()}
+changeLog.consumer.pspng_groupOfUniqueNames.groupSearchBaseDn = ou=groups
+changeLog.consumer.pspng_groupOfUniqueNames.allGroupsSearchFilter = objectclass=groupOfUniqueNames
+changeLog.consumer.pspng_groupOfUniqueNames.singleGroupSearchFilter = (&(objectclass=groupOfUniqueNames)(cn=${group.name}))
+changeLog.consumer.pspng_groupOfUniqueNames.groupSearchAttributes = cn,objectclass
+changeLog.consumer.pspng_groupOfUniqueNames.groupCreationLdifTemplate = dn: cn=${group.name}||cn: ${group.name}||objectclass: groupOfUniqueNames
+changeLog.consumer.pspng_groupOfUniqueNames.userSearchBaseDn = ou=people
+changeLog.consumer.pspng_groupOfUniqueNames.userSearchFilter = uid=${subject.id}
diff --git a/full-demo/container_files/subject.properties b/full-demo/container_files/subject.properties
@@ -14,7 +14,7 @@ subjectApi.source.ldap.param.SubjectID_formatToLowerCase.value = false
 subjectApi.source.ldap.param.Name_AttributeType.value = cn
 subjectApi.source.ldap.param.Description_AttributeType.value = cn
 subjectApi.source.ldap.param.VTLDAP_VALIDATOR.value = ConnectLdapValidator
-subjectApi.source.ldap.param.subjectVirtualAttribute_0_searchAttribute0.value = ${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('uid'), "")},${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('cn'), "")},${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('exampleEduRegId'), "")}
+subjectApi.source.ldap.param.subjectVirtualAttribute_0_searchAttribute0.value = ${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('uid'), "")},${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('cn'), "")},${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('employeeNumber'), "")}
 subjectApi.source.ldap.param.sortAttribute0.value = cn
 subjectApi.source.ldap.param.searchAttribute0.value = searchAttribute0