From 02276b23582655fece832ae18eb872c168ba523a Mon Sep 17 00:00:00 2001 From: Pavol Mederly Date: Wed, 17 Oct 2018 14:40:53 +0200 Subject: [PATCH] Switch to tier/grouper:2.4.0-a2-u1-w0-p0 --- .../application/grouper-loader.properties | 8 +-- .../grouper/application/subject.properties | 23 ++++--- demo/complex/grouper_daemon/Dockerfile | 2 +- demo/complex/grouper_data/Dockerfile | 2 +- .../conf/grouper-loader.properties | 64 +++++++++++++++++++ .../container_files/conf/subject.properties | 23 ++++--- .../container_files/seed-data/demo.gsh | 17 +++-- demo/complex/grouper_ui/Dockerfile | 2 +- 8 files changed, 109 insertions(+), 32 deletions(-) create mode 100644 demo/complex/grouper_data/container_files/conf/grouper-loader.properties diff --git a/demo/complex/configs-and-secrets/grouper/application/grouper-loader.properties b/demo/complex/configs-and-secrets/grouper/application/grouper-loader.properties index d73a54a..777376c 100644 --- a/demo/complex/configs-and-secrets/grouper/application/grouper-loader.properties +++ b/demo/complex/configs-and-secrets/grouper/application/grouper-loader.properties @@ -4,19 +4,19 @@ # specify the ldap connection with user, pass, url # the string after "ldap." is the ID of the connection, and it should not have # spaces or other special chars in it. In this case is it "personLdap" - + #note the URL should start with ldap: or ldaps: if it is SSL. #It should contain the server and port (optional if not default), and baseDn, #e.g. ldaps://ldapserver.school.edu:636/dc=school,dc=edu -#ldap.demo.url = ldap://directory:389/dc=internet2,dc=edu -ldap.demo.url = ldap://directory:389 +ldap.demo.url = ldap://directory:389/dc=internet2,dc=edu #optional, if authenticated ldap.demo.user = cn=admin,dc=internet2,dc=edu +#ldap.demo.user = cn=admin #optional, if authenticated note the password can be stored encrypted in an external file #ldap.demo.pass = ${java.lang.System.getenv().get('SUBJECT_SOURCE_LDAP_PASSWORD_FILE') != null ? org.apache.commons.io.FileUtils.readFileToString(java.lang.System.getenv().get('SUBJECT_SOURCE_LDAP_PASSWORD_FILE'), "utf-8") : java.lang.System.getenv().get('SUBJECT_SOURCE_LDAP_PASSWORD')} -ldap.demo.pass=password +ldap.demo.pass = password #optional, if you are using tls, set this to true. Generally you will not be using an SSL URL to use TLS... ldap.demo.tls = false diff --git a/demo/complex/configs-and-secrets/grouper/application/subject.properties b/demo/complex/configs-and-secrets/grouper/application/subject.properties index 535e728..577db03 100644 --- a/demo/complex/configs-and-secrets/grouper/application/subject.properties +++ b/demo/complex/configs-and-secrets/grouper/application/subject.properties @@ -1,19 +1,22 @@ -subject.sources.xml.location = +#subject.sources.xml.location = + +subjectApi.source.ldap.param.ldapServerId.value = demo subjectApi.source.ldap.id = ldap subjectApi.source.ldap.name = EDU Ldap subjectApi.source.ldap.types = person subjectApi.source.ldap.adapterClass = edu.internet2.middleware.grouper.subj.GrouperJndiSourceAdapter -subjectApi.source.ldap.param.INITIAL_CONTEXT_FACTORY.value = com.sun.jndi.ldap.LdapCtxFactory -subjectApi.source.ldap.param.PROVIDER_URL.value = ldap://directory:389 -subjectApi.source.ldap.param.SECURITY_AUTHENTICATION.value = simple -subjectApi.source.ldap.param.SECURITY_PRINCIPAL.value = cn=admin,dc=internet2,dc=edu -subjectApi.source.ldap.param.SECURITY_CREDENTIALS.value.elConfig = ${java.lang.System.getenv().get('SUBJECT_SOURCE_LDAP_PASSWORD_FILE') != null ? org.apache.commons.io.FileUtils.readFileToString(java.lang.System.getenv().get('SUBJECT_SOURCE_LDAP_PASSWORD_FILE'), "utf-8") : java.lang.System.getenv().get('SUBJECT_SOURCE_LDAP_PASSWORD')} +#subjectApi.source.ldap.param.INITIAL_CONTEXT_FACTORY.value = com.sun.jndi.ldap.LdapCtxFactory +#subjectApi.source.ldap.param.PROVIDER_URL.value = ldap://directory:389 +#subjectApi.source.ldap.param.SECURITY_AUTHENTICATION.value = simple +#subjectApi.source.ldap.param.SECURITY_PRINCIPAL.value = cn=admin,dc=internet2,dc=edu +#subjectApi.source.ldap.param.SECURITY_CREDENTIALS.value.elConfig = ${java.lang.System.getenv().get('SUBJECT_SOURCE_LDAP_PASSWORD_FILE') != null ? org.apache.commons.io.FileUtils.readFileToString(java.lang.System.getenv().get('SUBJECT_SOURCE_LDAP_PASSWORD_FILE'), "utf-8") : java.lang.System.getenv().get('SUBJECT_SOURCE_LDAP_PASSWORD')} +#subjectApi.source.ldap.param.VTLDAP_VALIDATOR.value = ConnectLdapValidator + subjectApi.source.ldap.param.SubjectID_AttributeType.value = uid subjectApi.source.ldap.param.SubjectID_formatToLowerCase.value = false subjectApi.source.ldap.param.Name_AttributeType.value = cn subjectApi.source.ldap.param.Description_AttributeType.value = cn -subjectApi.source.ldap.param.VTLDAP_VALIDATOR.value = ConnectLdapValidator subjectApi.source.ldap.param.subjectVirtualAttribute_0_searchAttribute0.value = ${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('uid'), "")},${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('cn'), "")},${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('exampleEduRegId'), "")} subjectApi.source.ldap.param.sortAttribute0.value = cn subjectApi.source.ldap.param.searchAttribute0.value = searchAttribute0 @@ -55,7 +58,7 @@ subjectApi.source.ldap.param.searchAttribute0.value = searchAttribute0 # Each subject has one and only on ID. Returns one result when searching for one ID. subjectApi.source.ldap.search.searchSubject.param.filter.value = (&(uid=%TERM%)(objectclass=person)) subjectApi.source.ldap.search.searchSubject.param.scope.value = SUBTREE_SCOPE -subjectApi.source.ldap.search.searchSubject.param.base.value = ou=people,dc=internet2,dc=edu +subjectApi.source.ldap.search.searchSubject.param.base.value = ou=people #searchSubjectByIdentifier: find a subject by identifier. Identifier is anything that uniquely # identifies the user, e.g. jsmith or jsmith@institution.edu. @@ -63,13 +66,13 @@ subjectApi.source.ldap.search.searchSubject.param.base.value = ou=people,dc=inte # even across sources. Returns one result when searching for one identifier. subjectApi.source.ldap.search.searchSubjectByIdentifier.param.filter.value = (&(|(uid=%TERM%)(employeeNumber=%TERM%))(objectclass=person)) subjectApi.source.ldap.search.searchSubjectByIdentifier.param.scope.value = SUBTREE_SCOPE -subjectApi.source.ldap.search.searchSubjectByIdentifier.param.base.value = ou=people,dc=internet2,dc=edu +subjectApi.source.ldap.search.searchSubjectByIdentifier.param.base.value = ou=people # search: find subjects by free form search. Returns multiple results. subjectApi.source.ldap.search.search.param.filter.value = (&(|(|(uid=%TERM%)(cn=*%TERM%*))(uid=%TERM%*))(objectclass=person)) subjectApi.source.ldap.search.search.param.scope.value = SUBTREE_SCOPE -subjectApi.source.ldap.search.search.param.base.value = ou=people,dc=internet2,dc=edu +subjectApi.source.ldap.search.search.param.base.value = ou=people subjectApi.source.ldap.attributes = givenName, sn, uid, mail, employeeNumber subjectApi.source.ldap.internalAttributes = searchAttribute0 diff --git a/demo/complex/grouper_daemon/Dockerfile b/demo/complex/grouper_daemon/Dockerfile index 55151f3..4ed3dc7 100644 --- a/demo/complex/grouper_daemon/Dockerfile +++ b/demo/complex/grouper_daemon/Dockerfile @@ -1,4 +1,4 @@ -FROM tier/grouper:2.3.0-a109-u47-w12-p21 +FROM tier/grouper:2.4.0-a2-u1-w0-p0 LABEL author="tier-packaging@internet2.edu " diff --git a/demo/complex/grouper_data/Dockerfile b/demo/complex/grouper_data/Dockerfile index dda3442..15d196a 100644 --- a/demo/complex/grouper_data/Dockerfile +++ b/demo/complex/grouper_data/Dockerfile @@ -1,4 +1,4 @@ -FROM tier/grouper:2.3.0-a109-u47-w12-p21 +FROM tier/grouper:2.4.0-a2-u1-w0-p0 LABEL author="tier-packaging@internet2.edu " diff --git a/demo/complex/grouper_data/container_files/conf/grouper-loader.properties b/demo/complex/grouper_data/container_files/conf/grouper-loader.properties new file mode 100644 index 0000000..777376c --- /dev/null +++ b/demo/complex/grouper_data/container_files/conf/grouper-loader.properties @@ -0,0 +1,64 @@ +################################# +## LDAP connections +################################# +# specify the ldap connection with user, pass, url +# the string after "ldap." is the ID of the connection, and it should not have +# spaces or other special chars in it. In this case is it "personLdap" + +#note the URL should start with ldap: or ldaps: if it is SSL. +#It should contain the server and port (optional if not default), and baseDn, +#e.g. ldaps://ldapserver.school.edu:636/dc=school,dc=edu +ldap.demo.url = ldap://directory:389/dc=internet2,dc=edu + +#optional, if authenticated +ldap.demo.user = cn=admin,dc=internet2,dc=edu +#ldap.demo.user = cn=admin + +#optional, if authenticated note the password can be stored encrypted in an external file +#ldap.demo.pass = ${java.lang.System.getenv().get('SUBJECT_SOURCE_LDAP_PASSWORD_FILE') != null ? org.apache.commons.io.FileUtils.readFileToString(java.lang.System.getenv().get('SUBJECT_SOURCE_LDAP_PASSWORD_FILE'), "utf-8") : java.lang.System.getenv().get('SUBJECT_SOURCE_LDAP_PASSWORD')} +ldap.demo.pass = password + +#optional, if you are using tls, set this to true. Generally you will not be using an SSL URL to use TLS... +ldap.demo.tls = false + +#optional, if using sasl +#ldap.personLdap.saslAuthorizationId = +#ldap.personLdap.saslRealm = + +#optional (note, time limit is for search operations, timeout is for connection timeouts), +#most of these default to vt-ldap defaults. times are in millis +#validateOnCheckout defaults to true if all other validate methods are false +#ldap.personLdap.batchSize = +#ldap.personLdap.countLimit = +#ldap.personLdap.timeLimit = +#ldap.personLdap.timeout = +#ldap.personLdap.minPoolSize = +#ldap.personLdap.maxPoolSize = +#ldap.personLdap.validateOnCheckIn = +#ldap.personLdap.validateOnCheckOut = +#ldap.personLdap.validatePeriodically = +#ldap.personLdap.validateTimerPeriod = +#ldap.personLdap.pruneTimerPeriod = +#if connections expire after a certain amount of time, this is it, in millis, defaults to 300000 (5 minutes) +#ldap.personLdap.expirationTime = + +#make the paths fully qualified and not relative to the loader group. +loader.ldap.requireTopStemAsStemFromConfigGroup=false + +##################################### +## Messaging integration with change log +##################################### +changeLog.consumer.rabbitMqMessagingSample.quartzCron = 0 * * * * ? + +# note, change "messagingSample" in key to be the name of the consumer. e.g. changeLog.consumer.someNameAnyName.class +changeLog.consumer.rabbitMqMessagingSample.class = edu.internet2.middleware.grouper.changeLog.esb.consumer.EsbConsumer + +changeLog.consumer.rabbitMqMessagingSample.publisher.class = edu.internet2.middleware.grouper.changeLog.esb.consumer.EsbMessagingPublisher +changeLog.consumer.rabbitMqMessagingSample.publisher.messagingSystemName = rabbitmq +# note, routingKey property is valid only for rabbitmq. For other messaging systems, it is ignored. +changeLog.consumer.rabbitMqMessagingSample.publisher.routingKey = +## queue or topic +changeLog.consumer.rabbitMqMessagingSample.publisher.messageQueueType = queue +changeLog.consumer.rabbitMqMessagingSample.publisher.queueOrTopicName = sampleQueue +## this is optional if not using "id" for subjectId, need to be a subject attribute in the sources.xml +#changeLog.consumer.rabbitMqMessagingSample.publisher.addSubjectAttributes = email diff --git a/demo/complex/grouper_data/container_files/conf/subject.properties b/demo/complex/grouper_data/container_files/conf/subject.properties index a823191..4a31712 100644 --- a/demo/complex/grouper_data/container_files/conf/subject.properties +++ b/demo/complex/grouper_data/container_files/conf/subject.properties @@ -1,19 +1,22 @@ -subject.sources.xml.location = +#subject.sources.xml.location = + +subjectApi.source.ldap.param.ldapServerId.value = demo subjectApi.source.ldap.id = ldap subjectApi.source.ldap.name = EDU Ldap subjectApi.source.ldap.types = person subjectApi.source.ldap.adapterClass = edu.internet2.middleware.grouper.subj.GrouperJndiSourceAdapter -subjectApi.source.ldap.param.INITIAL_CONTEXT_FACTORY.value = com.sun.jndi.ldap.LdapCtxFactory -subjectApi.source.ldap.param.PROVIDER_URL.value = ldap://localhost:389 -subjectApi.source.ldap.param.SECURITY_AUTHENTICATION.value = simple -subjectApi.source.ldap.param.SECURITY_PRINCIPAL.value = cn=admin,dc=internet2,dc=edu -subjectApi.source.ldap.param.SECURITY_CREDENTIALS.value = password +#subjectApi.source.ldap.param.INITIAL_CONTEXT_FACTORY.value = com.sun.jndi.ldap.LdapCtxFactory +#subjectApi.source.ldap.param.PROVIDER_URL.value = ldap://localhost:389 +#subjectApi.source.ldap.param.SECURITY_AUTHENTICATION.value = simple +#subjectApi.source.ldap.param.SECURITY_PRINCIPAL.value = cn=admin,dc=internet2,dc=edu +#subjectApi.source.ldap.param.SECURITY_CREDENTIALS.value = password +#subjectApi.source.ldap.param.VTLDAP_VALIDATOR.value = ConnectLdapValidator + subjectApi.source.ldap.param.SubjectID_AttributeType.value = uid subjectApi.source.ldap.param.SubjectID_formatToLowerCase.value = false subjectApi.source.ldap.param.Name_AttributeType.value = cn subjectApi.source.ldap.param.Description_AttributeType.value = cn -subjectApi.source.ldap.param.VTLDAP_VALIDATOR.value = ConnectLdapValidator subjectApi.source.ldap.param.subjectVirtualAttribute_0_searchAttribute0.value = ${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('uid'), "")},${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('cn'), "")},${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('exampleEduRegId'), "")} subjectApi.source.ldap.param.sortAttribute0.value = cn subjectApi.source.ldap.param.searchAttribute0.value = searchAttribute0 @@ -55,7 +58,7 @@ subjectApi.source.ldap.param.searchAttribute0.value = searchAttribute0 # Each subject has one and only on ID. Returns one result when searching for one ID. subjectApi.source.ldap.search.searchSubject.param.filter.value = (&(uid=%TERM%)(objectclass=person)) subjectApi.source.ldap.search.searchSubject.param.scope.value = SUBTREE_SCOPE -subjectApi.source.ldap.search.searchSubject.param.base.value = ou=people,dc=internet2,dc=edu +subjectApi.source.ldap.search.searchSubject.param.base.value = ou=people #searchSubjectByIdentifier: find a subject by identifier. Identifier is anything that uniquely # identifies the user, e.g. jsmith or jsmith@institution.edu. @@ -63,13 +66,13 @@ subjectApi.source.ldap.search.searchSubject.param.base.value = ou=people,dc=inte # even across sources. Returns one result when searching for one identifier. subjectApi.source.ldap.search.searchSubjectByIdentifier.param.filter.value = (&(|(uid=%TERM%)(employeeNumber=%TERM%))(objectclass=person)) subjectApi.source.ldap.search.searchSubjectByIdentifier.param.scope.value = SUBTREE_SCOPE -subjectApi.source.ldap.search.searchSubjectByIdentifier.param.base.value = ou=people,dc=internet2,dc=edu +subjectApi.source.ldap.search.searchSubjectByIdentifier.param.base.value = ou=people # search: find subjects by free form search. Returns multiple results. subjectApi.source.ldap.search.search.param.filter.value = (&(|(|(uid=%TERM%)(cn=*%TERM%*))(uid=%TERM%*))(objectclass=person)) subjectApi.source.ldap.search.search.param.scope.value = SUBTREE_SCOPE -subjectApi.source.ldap.search.search.param.base.value = ou=people,dc=internet2,dc=edu +subjectApi.source.ldap.search.search.param.base.value = ou=people subjectApi.source.ldap.attributes = givenName, sn, uid, mail, employeeNumber subjectApi.source.ldap.internalAttributes = searchAttribute0 diff --git a/demo/complex/grouper_data/container_files/seed-data/demo.gsh b/demo/complex/grouper_data/container_files/seed-data/demo.gsh index 6e3c239..61bfd08 100644 --- a/demo/complex/grouper_data/container_files/seed-data/demo.gsh +++ b/demo/complex/grouper_data/container_files/seed-data/demo.gsh @@ -1,7 +1,14 @@ System.out.println("************** demo.gsh starting..."); gs = GrouperSession.startRootSession(); -addRootStem("ref", "ref"); + +addStem("", "app", "app") +addStem("", "basis", "basis") +addStem("", "bundle", "bundle") +addStem("", "org", "org") +addStem("", "test", "test") + +addRootStem("ref", "ref") addStem("ref", "course", "course") addStem("ref", "affiliation", "affiliation") @@ -12,7 +19,7 @@ attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperL attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapTypeName(), "LDAP_GROUPS_FROM_ATTRIBUTES"); attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapServerIdName(), "demo"); attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapFilterName(), "(eduPersonAffiliation=*)"); -attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSearchDnName(), "ou=People,dc=internet2,dc=edu"); +attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSearchDnName(), "ou=People"); attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSubjectAttributeName(), "uid"); attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSourceIdName(), "ldap"); attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapGroupAttributeName(), "eduPersonAffiliation"); @@ -28,7 +35,7 @@ attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperL attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapTypeName(), "LDAP_GROUPS_FROM_ATTRIBUTES"); attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapServerIdName(), "demo"); attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapFilterName(), "(businessCategory=*)"); -attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSearchDnName(), "ou=People,dc=internet2,dc=edu"); +attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSearchDnName(), "ou=People"); attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSubjectAttributeName(), "uid"); attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSourceIdName(), "ldap"); attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapGroupAttributeName(), "businessCategory"); @@ -42,7 +49,7 @@ attributeAssign = group.getAttributeDelegate().retrieveAssignment(null, LoaderLd attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapQuartzCronName(), "0 * * * * ?"); attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapTypeName(), "LDAP_GROUP_LIST"); attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapFilterName(), "(cn=*)"); -attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSearchDnName(), "ou=Courses,ou=Groups,dc=internet2,dc=edu"); +attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSearchDnName(), "ou=Courses,ou=Groups"); attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapServerIdName(), "demo"); attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSourceIdName(), "ldap"); attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSubjectExpressionName(), '${loaderLdapElUtils.convertDnToSpecificValue(subjectId)}'); @@ -57,7 +64,7 @@ attributeAssign = group.getAttributeDelegate().retrieveAssignment(null, LoaderLd attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapQuartzCronName(), "0 * * * * ?"); attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapTypeName(), "LDAP_SIMPLE"); attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapFilterName(), "(cn=sysadmingroup)"); -attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSearchDnName(), "ou=Groups,dc=internet2,dc=edu"); +attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSearchDnName(), "ou=Groups"); attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapServerIdName(), "demo"); attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSourceIdName(), "ldap"); attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSubjectExpressionName(), '${loaderLdapElUtils.convertDnToSpecificValue(subjectId)}'); diff --git a/demo/complex/grouper_ui/Dockerfile b/demo/complex/grouper_ui/Dockerfile index bfec7b9..3551f04 100644 --- a/demo/complex/grouper_ui/Dockerfile +++ b/demo/complex/grouper_ui/Dockerfile @@ -1,4 +1,4 @@ -FROM tier/grouper:2.3.0-a109-u47-w12-p21 +FROM tier/grouper:2.4.0-a2-u1-w0-p0 LABEL author="tier-packaging@internet2.edu "