diff --git a/full-demo/Dockerfile b/full-demo/Dockerfile index aa8d158..218f27f 100644 --- a/full-demo/Dockerfile +++ b/full-demo/Dockerfile @@ -15,6 +15,8 @@ RUN (/usr/sbin/slapd -h "ldap:/// ldaps:/// ldapi:///" -u ldap &) \ && while ! curl -s ldap://localhost:389 > /dev/null; do echo waiting for ldap to start; sleep 1; done; \ (mysqld_safe & ) \ && while ! curl -s localhost:3306 > /dev/null; do echo waiting for mysqld to start; sleep 3; done; \ + . /usr/local/bin/library.sh; \ + prepDaemon; \ cd /opt/grouper/grouper.apiBinary \ && bin/gsh /seed-data/demo.gsh \ && pkill -HUP slapd \ diff --git a/full-demo/container_files/demo.gsh b/full-demo/container_files/demo.gsh index b62305c..480de57 100644 --- a/full-demo/container_files/demo.gsh +++ b/full-demo/container_files/demo.gsh @@ -4,7 +4,7 @@ addRootStem("ref", "ref"); addRootStem("bundle", "bundle"); addRootStem("app", "app"); addRootStem("org", "org"); -addRootStem("test", "test"); +testStem = addRootStem("test", "test"); addStem("ref", "course", "course") @@ -15,7 +15,8 @@ setGroupAttr("etc:coursesLoader", "grouperLoaderDbName", "grouper"); setGroupAttr("etc:coursesLoader", "grouperLoaderType", "SQL_GROUP_LIST"); setGroupAttr("etc:coursesLoader", "grouperLoaderScheduleType", "CRON"); setGroupAttr("etc:coursesLoader", "grouperLoaderQuartzCron", "0 * * * * ?"); -setGroupAttr("etc:coursesLoader", "grouperLoaderQuery", "select distinct id as SUBJECT_IDENTIFIER, CONCAT('ref:course:', courseID) as GROUP_NAME from SIS_Courses"); +setGroupAttr("etc:coursesLoader", "grouperLoaderQuartzCron", "0 * * * * ?"); +setGroupAttr("etc:coursesLoader", "grouperLoaderQuery", "select distinct id as SUBJECT_IDENTIFIER, 'ldap' as SUBJECT_SOURCE_ID, CONCAT('ref:course:', courseID) as GROUP_NAME from SIS_Courses"); addStem("ref", "affiliation", "affiliation") @@ -197,6 +198,7 @@ addGroup("app:vpn", "vpn_user", "vpn_user"); addComposite("app:vpn:vpn_user", CompositeType.UNION, "app:vpn:vpn_user_allow", "app:vpn:vpn_user_deny") +# Setup some user favorites subject = SubjectFinder.findById("banderson"); group = GroupFinder.findByName(gs, "etc:sysadmingroup", true); GrouperUserDataApi.favoriteGroupAdd("etc:grouperUi:grouperUiUserData", subject, group); @@ -205,7 +207,7 @@ stem = StemFinder.findByName(gs, "org:computerscience", true); GrouperUserDataApi.favoriteStemAdd("etc:grouperUi:grouperUiUserData", subject, stem); - +#Set up service definitions AttributeDef appServiceDef = new AttributeDefSave(gs).assignCreateParentStemsIfNotExist(true).assignAttributeDefType(AttributeDefType.service).assignName("etc:apps:appsServiceDefinition").assignToStem(true).save(); AttributeDefName appService = new AttributeDefNameSave(gs, appServiceDef).assignCreateParentStemsIfNotExist(true).assignName("etc:apps:appsService").assignDisplayExtension("Central IT production Apps").save(); @@ -213,4 +215,18 @@ AttributeDefName appService = new AttributeDefNameSave(gs, appServiceDef).assign banner.getAttributeDelegate().assignAttribute(appService); portal.getAttributeDelegate().assignAttribute(appService); -addMember("app:banner:banner_user_allow", "banderson"); \ No newline at end of file +addMember("app:banner:banner_user_allow", "banderson"); + + +# Auto create the PSPNG attributes +edu.internet2.middleware.grouper.pspng.FullSyncProvisionerFactory.getFullSyncer("pspng_groupOfUniqueNames"); + +#Assign the PSPNG attributes +AttributeDef pspngAttributeDef = AttributeDefFinder.findByName("etc:pspng:provision_to_def", true); +AttributeDefName pspngAttribute = AttributeDefNameFinder.findByName("etc:pspng:provision_to", true); + +AttributeAssignSave attributeAssignSave = new AttributeAssignSave(gs).assignPrintChangesToSystemOut(true); +attributeAssignSave.assignAttributeDefName(pspngAttribute); +attributeAssignSave.assignOwnerStem(testStem); +attributeAssignSave.addValue("pspng_groupOfUniqueNames"); +attributeAssignSave.save(); diff --git a/full-demo/container_files/grouper-loader.properties b/full-demo/container_files/grouper-loader.properties index 1cd2ebf..9e262b6 100644 --- a/full-demo/container_files/grouper-loader.properties +++ b/full-demo/container_files/grouper-loader.properties @@ -40,13 +40,13 @@ ldap.demo.url = ldap://localhost:389/dc=internet2,dc=edu #optional, if authenticated -ldap.personLdap.user = cn=admin,dc=internet2,dc=edu +ldap.demo.user = cn=root,dc=internet2,dc=edu #optional, if authenticated note the password can be stored encrypted in an external file -ldap.personLdap.pass = password +ldap.demo.pass = password #optional, if you are using tls, set this to true. Generally you will not be using an SSL URL to use TLS... -#ldap.personLdap.tls = false +ldap.demo.tls = false #optional, if using sasl #ldap.personLdap.saslAuthorizationId = @@ -71,3 +71,19 @@ ldap.personLdap.pass = password #make the paths fully qualified and not relative to the loader group. loader.ldap.requireTopStemAsStemFromConfigGroup=false + +changeLog.consumer.pspng_groupOfUniqueNames.class = edu.internet2.middleware.grouper.pspng.PspChangelogConsumerShim +changeLog.consumer.pspng_groupOfUniqueNames.type = edu.internet2.middleware.grouper.pspng.LdapGroupProvisioner +changeLog.consumer.pspng_groupOfUniqueNames.quartzCron = 0 * * * * ? +changeLog.consumer.pspng_groupOfUniqueNames.ldapPoolName = demo +changeLog.consumer.pspng_groupOfUniqueNames.supportsEmptyGroups = false +changeLog.consumer.pspng_groupOfUniqueNames.memberAttributeName = uniqueMember +# changeLog.consumer.pspng_groupOfUniqueNames.memberAttributeValueFormat = ${ldapUser.getStringValue("uid")} +changeLog.consumer.pspng_groupOfUniqueNames.memberAttributeValueFormat = ${ldapUser.getDn()} +changeLog.consumer.pspng_groupOfUniqueNames.groupSearchBaseDn = ou=groups +changeLog.consumer.pspng_groupOfUniqueNames.allGroupsSearchFilter = objectclass=groupOfUniqueNames +changeLog.consumer.pspng_groupOfUniqueNames.singleGroupSearchFilter = (&(objectclass=groupOfUniqueNames)(cn=${group.name})) +changeLog.consumer.pspng_groupOfUniqueNames.groupSearchAttributes = cn,objectclass +changeLog.consumer.pspng_groupOfUniqueNames.groupCreationLdifTemplate = dn: cn=${group.name}||cn: ${group.name}||objectclass: groupOfUniqueNames +changeLog.consumer.pspng_groupOfUniqueNames.userSearchBaseDn = ou=people +changeLog.consumer.pspng_groupOfUniqueNames.userSearchFilter = uid=${subject.id} \ No newline at end of file diff --git a/full-demo/container_files/subject.properties b/full-demo/container_files/subject.properties index a823191..0440064 100644 --- a/full-demo/container_files/subject.properties +++ b/full-demo/container_files/subject.properties @@ -14,7 +14,7 @@ subjectApi.source.ldap.param.SubjectID_formatToLowerCase.value = false subjectApi.source.ldap.param.Name_AttributeType.value = cn subjectApi.source.ldap.param.Description_AttributeType.value = cn subjectApi.source.ldap.param.VTLDAP_VALIDATOR.value = ConnectLdapValidator -subjectApi.source.ldap.param.subjectVirtualAttribute_0_searchAttribute0.value = ${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('uid'), "")},${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('cn'), "")},${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('exampleEduRegId'), "")} +subjectApi.source.ldap.param.subjectVirtualAttribute_0_searchAttribute0.value = ${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('uid'), "")},${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('cn'), "")},${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('employeeNumber'), "")} subjectApi.source.ldap.param.sortAttribute0.value = cn subjectApi.source.ldap.param.searchAttribute0.value = searchAttribute0