diff --git a/grouper-midpoint/README.md b/grouper-midpoint/README.md index 4f474d6..1a1a632 100644 --- a/grouper-midpoint/README.md +++ b/grouper-midpoint/README.md @@ -12,12 +12,20 @@ There are the following containers: - `m-server`: midPoint application (GUI, REST, tasks, etc); it reads from `s-data`, updates its own repository and pushes data to Grouper via `i-data` - `m-data`: midPoint repository (MySQL) - `i-data`: intermediate repository for communication from midPoint to Grouper (LDAP) -- `g-ui`, `g-daemon`, `g-ws`: Grouper containers +- `g-ui`, `g-daemon`, `g-ws`, `gsh`: Grouper containers - `g-data`: the Grouper repository (MySQL) - `idp`: Shibboleth identity provider; it uses `i-data` as the auhentication source +- `t-data`: target(s) where identities should be provisioned (currently LDAP) All files needed to build and compose these containers are in `mp-gr` directory. TODO ... -TODO: how to initialize things +TODO: + - grouper loader jobs + - grouper -> midPoint connection + - add banderson to sysadmin group (via midPoint) + - user passwords in i-data (via midPoint) + - groups for courses are not created automatically on first import (why?) + - grouper loader jobs should be created at initialization + - fix hardcoded password for grouper loader LDAP diff --git a/grouper-midpoint/mp-gr/configs-and-secrets/grouper/grouper-loader.properties b/grouper-midpoint/mp-gr/configs-and-secrets/grouper/grouper-loader.properties index 67ffba7..ab1fe5d 100644 --- a/grouper-midpoint/mp-gr/configs-and-secrets/grouper/grouper-loader.properties +++ b/grouper-midpoint/mp-gr/configs-and-secrets/grouper/grouper-loader.properties @@ -8,13 +8,15 @@ #note the URL should start with ldap: or ldaps: if it is SSL. #It should contain the server and port (optional if not default), and baseDn, #e.g. ldaps://ldapserver.school.edu:636/dc=school,dc=edu -ldap.demo.url = ldap://i-data:389/dc=example,dc=edu +#ldap.demo.url = ldap://i-data:389/dc=internet2,dc=edu +ldap.demo.url = ldap://i-data:389 #optional, if authenticated ldap.demo.user = cn=admin,dc=internet2,dc=edu #optional, if authenticated note the password can be stored encrypted in an external file -ldap.demo.pass = ${java.lang.System.getenv().get('SUBJECT_SOURCE_LDAP_PASSWORD_FILE') != null ? org.apache.commons.io.FileUtils.readFileToString(java.lang.System.getenv().get('SUBJECT_SOURCE_LDAP_PASSWORD_FILE'), "utf-8") : java.lang.System.getenv().get('SUBJECT_SOURCE_LDAP_PASSWORD')} +#ldap.demo.pass = ${java.lang.System.getenv().get('SUBJECT_SOURCE_LDAP_PASSWORD_FILE') != null ? org.apache.commons.io.FileUtils.readFileToString(java.lang.System.getenv().get('SUBJECT_SOURCE_LDAP_PASSWORD_FILE'), "utf-8") : java.lang.System.getenv().get('SUBJECT_SOURCE_LDAP_PASSWORD')} +ldap.demo.pass=password #optional, if you are using tls, set this to true. Generally you will not be using an SSL URL to use TLS... ldap.demo.tls = false diff --git a/grouper-midpoint/mp-gr/docker-compose.yml b/grouper-midpoint/mp-gr/docker-compose.yml index 224f153..d9391cb 100644 --- a/grouper-midpoint/mp-gr/docker-compose.yml +++ b/grouper-midpoint/mp-gr/docker-compose.yml @@ -191,6 +191,17 @@ services: - source_mysql:/var/lib/mysql - source_ldap:/var/lib/dirsrv + t-data: + build: ./t-data/ + expose: + - "389" + ports: + - "2389:389" + networks: + - back + volumes: + - target_ldap:/var/lib/dirsrv + m-data: build: ./m-data/ expose: @@ -275,6 +286,7 @@ volumes: grouper_mysql: source_mysql: source_ldap: + target_ldap: intermediate_ldap: midpoint_mysql: midpoint_home: diff --git a/grouper-midpoint/mp-gr/g-data/container_files/demo.gsh b/grouper-midpoint/mp-gr/g-data/container_files/demo.gsh new file mode 100644 index 0000000..276bd22 --- /dev/null +++ b/grouper-midpoint/mp-gr/g-data/container_files/demo.gsh @@ -0,0 +1,274 @@ +gs = GrouperSession.startRootSession(); +#addRootStem("basis", "basis"); +addRootStem("ref", "ref"); +#addRootStem("bundle", "bundle"); +#addRootStem("app", "app"); +#addRootStem("org", "org"); +#testStem = addRootStem("test", "test"); + +addStem("ref", "course", "course") + +#addGroup("etc","coursesLoader", "coursesLoader"); +#groupAddType("etc:coursesLoader", "grouperLoader"); +#setGroupAttr("etc:coursesLoader", "grouperLoaderDbName", "grouper"); +#setGroupAttr("etc:coursesLoader", "grouperLoaderType", "SQL_GROUP_LIST"); +#setGroupAttr("etc:coursesLoader", "grouperLoaderScheduleType", "CRON"); +#setGroupAttr("etc:coursesLoader", "grouperLoaderQuartzCron", "0 * * * * ?"); +#setGroupAttr("etc:coursesLoader", "grouperLoaderQuartzCron", "0 * * * * ?"); +#setGroupAttr("etc:coursesLoader", "grouperLoaderQuery", "select distinct id as SUBJECT_IDENTIFIER, 'ldap' as SUBJECT_SOURCE_ID, CONCAT('ref:course:', courseID) as GROUP_NAME from SIS_Courses"); + +addStem("ref", "affiliation", "affiliation") +#folder = StemFinder.findByName(gs, "ref:affiliation"); +#AttributeAssign attributeAssign = folder.getAttributeDelegate().addAttribute(RuleUtils.ruleAttributeDefName()).getAttributeAssign(); +#AttributeValueDelegate attributeValueDelegate = attributeAssign.getAttributeValueDelegate(); +#attributeValueDelegate.assignValue(RuleUtils.ruleActAsSubjectSourceIdName(), "g:isa"); +#attributeValueDelegate.assignValue(RuleUtils.ruleActAsSubjectIdName(), "GrouperSystem"); +#attributeValueDelegate.assignValue(RuleUtils.ruleCheckTypeName(), RuleCheckType.groupCreate.name()); +#attributeValueDelegate.assignValue(RuleUtils.ruleCheckStemScopeName(), Stem.Scope.SUB.name()); +#attributeValueDelegate.assignValue(RuleUtils.ruleThenElName(),'${ruleElUtils.assignGroupPrivilege(groupId, "g:gsa", groupId, null, "read")}'); + +group = new GroupSave(gs).assignName("etc:affiliationLoader").assignCreateParentStemsIfNotExist(true).save(); +group.getAttributeDelegate().assignAttribute(LoaderLdapUtils.grouperLoaderLdapAttributeDefName()).getAttributeAssign(); +attributeAssign = group.getAttributeDelegate().retrieveAssignment(null, LoaderLdapUtils.grouperLoaderLdapAttributeDefName(), false, true); +attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapQuartzCronName(), "0 * * * * ?"); +attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapTypeName(), "LDAP_GROUPS_FROM_ATTRIBUTES"); +attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapServerIdName(), "demo"); +attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapFilterName(), "(eduPersonAffiliation=*)"); +attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSearchDnName(), "ou=People,dc=internet2,dc=edu"); +attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSubjectAttributeName(), "uid"); +attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSourceIdName(), "ldap"); +attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapGroupAttributeName(), "eduPersonAffiliation"); +attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSubjectIdTypeName(), "subjectId"); +#attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSubjectExpressionName(), '${subjectAttributes["subjectId"]}'); +attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapGroupNameExpressionName(), 'ref:affiliation:${groupAttribute}_systemOfRecord'); +attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapGroupDisplayNameExpressionName(), '${groupAttribute} system of record'); +attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapGroupTypesName(), "addIncludeExclude"); + +group = new GroupSave(gs).assignName("etc:deptLoader").assignCreateParentStemsIfNotExist(true).save(); +group.getAttributeDelegate().assignAttribute(LoaderLdapUtils.grouperLoaderLdapAttributeDefName()).getAttributeAssign(); +attributeAssign = group.getAttributeDelegate().retrieveAssignment(null, LoaderLdapUtils.grouperLoaderLdapAttributeDefName(), false, true); +attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapQuartzCronName(), "0 * * * * ?"); +attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapTypeName(), "LDAP_GROUPS_FROM_ATTRIBUTES"); +attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapServerIdName(), "demo"); +attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapFilterName(), "(businessCategory=*)"); +attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSearchDnName(), "ou=People,dc=internet2,dc=edu"); +attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSubjectAttributeName(), "uid"); +attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSourceIdName(), "ldap"); +attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapGroupAttributeName(), "businessCategory"); +attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSubjectIdTypeName(), "subjectId"); +#attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSubjectExpressionName(), '${subjectAttributes["subjectId"]}'); +attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapGroupNameExpressionName(), 'ref:dept:${groupAttribute}'); +attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapGroupDisplayNameExpressionName(), '${groupAttribute}'); + +group = new GroupSave(gs).assignName("etc:coursesLoader").assignCreateParentStemsIfNotExist(true).save(); +group.getAttributeDelegate().assignAttribute(LoaderLdapUtils.grouperLoaderLdapAttributeDefName()).getAttributeAssign(); +attributeAssign = group.getAttributeDelegate().retrieveAssignment(null, LoaderLdapUtils.grouperLoaderLdapAttributeDefName(), false, true); +attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapQuartzCronName(), "0 * * * * ?"); +attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapTypeName(), "LDAP_GROUP_LIST"); +attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapFilterName(), "(cn=*)"); +attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSearchDnName(), "ou=Courses,ou=Groups,dc=internet2,dc=edu"); +attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapServerIdName(), "demo"); +attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSourceIdName(), "ldap"); +attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSubjectExpressionName(), '${loaderLdapElUtils.convertDnToSpecificValue(subjectId)}'); +attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSubjectAttributeName(), "uniqueMember"); +attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSubjectIdTypeName(), "subjectId"); +attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapExtraAttributesName(), "cn"); +attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapGroupNameExpressionName(), 'ref:course:${groupAttributes["cn"]}'); + +group = GroupFinder.findByName(gs, "etc:sysadmingroup", true); +group.getAttributeDelegate().assignAttribute(LoaderLdapUtils.grouperLoaderLdapAttributeDefName()).getAttributeAssign(); +attributeAssign = group.getAttributeDelegate().retrieveAssignment(null, LoaderLdapUtils.grouperLoaderLdapAttributeDefName(), false, true); +attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapQuartzCronName(), "0 * * * * ?"); +attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapTypeName(), "LDAP_SIMPLE"); +attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapFilterName(), "(cn=sysadmingroup)"); +attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSearchDnName(), "ou=Groups,dc=internet2,dc=edu"); +attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapServerIdName(), "demo"); +attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSourceIdName(), "ldap"); +attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSubjectExpressionName(), '${loaderLdapElUtils.convertDnToSpecificValue(subjectId)}'); +attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSubjectAttributeName(), "uniqueMember"); +attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSubjectIdTypeName(), "subjectId"); + + +#addGroup("bundle", "default_services", "default_services"); +#addGroup("bundle", "student_services", "student_services"); +#addGroup("bundle", "employee_services", "employee_services"); + +#addStem("ref", "student", "student"); +#addStem("ref:student", "class", "class"); +#addGroup("ref:student:class", "freshmen", "freshmen"); +#addGroup("ref:student:class", "sophomore", "sophomore"); +#addGroup("ref:student:class", "junior", "junior"); +#addGroup("ref:student:class", "senior", "senior"); +#addGroup("ref:student:class", "graduate", "graduate"); +#addGroup("ref:student:class", "doctorate", "doctorate"); + +#addGroup("ref:student", "finaid", "finaid"); +#addStem("ref:student", "athlete", "athlete"); +#addGroup("ref:student:athlete", "baseball", "baseball"); +#addGroup("ref:student:athlete", "basketball", "basketball"); +#addGroup("ref:student:athlete", "football", "football"); +#addGroup("ref:student:athlete", "soccer", "soccer"); +#addGroup("ref:student:athlete", "volleyball", "volleyball"); + +#addStem("ref", "employee", "employee"); +#addGroup("ref:employee", "fulltime", "fulltime"); +#addGroup("ref:employee", "parttime", "parttime"); +#addGroup("ref:employee", "tenured", "tenured"); +#addGroup("ref:employee", "emeritus", "emeritus"); + +#addStem("ref", "alumni", "alumni"); + +#addStem("ref", "role", "role"); +#addGroup("ref:role", "president", "president"); +#addGroup("ref:role", "provost", "provost"); +#addGroup("ref:role", "deptSecretary", "deptSecretary"); +#addGroup("ref:role", "dean", "dean"); +#addGroup("ref:role", "director", "director"); +#addGroup("ref:role", "custodian", "custodian"); +#addGroup("ref:role", "deptChair", "deptChair"); +#addGroup("ref:role", "faculty", "faculty"); +#addGroup("ref:role", "programmer", "programmer"); +#addGroup("ref:role", "programSpecialist", "programSpecialist"); +#addGroup("ref:role", "recruiter", "recruiter"); +#addGroup("ref:role", "coach", "coach"); +#addGroup("ref:role", "vicePresident", "vicePresident"); + +#addMember("bundle:student_services", "ref:student:class:freshmen"); +#addMember("bundle:student_services", "ref:student:class:sophomore"); +#addMember("bundle:student_services", "ref:student:class:junior"); +#addMember("bundle:student_services", "ref:student:class:senior"); +#addMember("bundle:student_services", "ref:student:class:graduate"); +#addMember("bundle:student_services", "ref:student:class:doctorate"); + +#addStem("org", "admissions", "admissions"); +#addStem("org:admissions", "etc", "etc"); +#addGroup("org:admissions:etc", "admissions_admin", "admissions_admin"); +#grantPriv("org:admissions", "org:admissions:etc:admissions_admin", NamingPrivilege.STEM); +#addStem("org:admissions", "ref", "ref"); +#addStem("org:admissions", "app", "app"); + +#addStem("org", "bursar", "bursar"); +#addStem("org:bursar", "etc", "etc"); +#addGroup("org:bursar:etc", "bursar_admin", "bursar_admin"); +#grantPriv("org:bursar", "org:bursar:etc:bursar_admin", NamingPrivilege.STEM); +#addStem("org:bursar", "ref", "ref"); +#addStem("org:bursar", "app", "app"); + +#addStem("org", "business", "business"); +#addStem("org:business", "etc", "etc"); +#addGroup("org:business:etc", "business_admin", "business_admin"); +#grantPriv("org:business", "org:business:etc:business_admin", NamingPrivilege.STEM); +#addStem("org:business", "ref", "ref"); +#addStem("org:business", "app", "app"); + +#addStem("org", "computerscience", "computerscience"); +#addStem("org:computerscience", "etc", "etc"); +#addGroup("org:computerscience:etc", "computerscience_admin", "computerscience_admin"); +#grantPriv("org:computerscience", "org:computerscience:etc:computerscience_admin", NamingPrivilege.STEM); +#addStem("org:computerscience", "ref", "ref"); +#addStem("org:computerscience", "app", "app"); + +#addStem("org", "education", "education"); +#addStem("org:education", "etc", "etc"); +#addGroup("org:education:etc", "education_admin", "education_admin"); +#grantPriv("org:education", "org:education:etc:education_admin", NamingPrivilege.STEM); +#addStem("org:education", "ref", "ref"); +#addStem("org:education", "app", "app"); + +#addStem("org", "psychology", "psychology"); +#addStem("org:psychology", "etc", "etc"); +#addGroup("org:psychology:etc", "psychology_admin", "psychology_admin"); +#grantPriv("org:psychology", "org:psychology:etc:psychology_admin", NamingPrivilege.STEM); +#addStem("org:psychology", "ref", "ref"); +#addStem("org:psychology", "app", "app"); + +#addStem("org", "physicaleducation", "physicaleducation"); +#addStem("org:physicaleducation", "etc", "etc"); +#addGroup("org:physicaleducation:etc", "physicaleducation_admin", "physicaleducation_admin"); +#grantPriv("org:physicaleducation", "org:physicaleducation:etc:physicaleducation_admin", NamingPrivilege.STEM); +#addStem("org:physicaleducation", "ref", "ref"); +#2addStem("org:physicaleducation", "app", "app"); + +#addStem("org", "humanresources", "humanresources"); +#addStem("org:humanresources", "etc", "etc"); +#addGroup("org:humanresources:etc", "humanresources_admin", "humanresources_admin"); +#grantPriv("org:humanresources", "org:humanresources:etc:humanresources_admin", NamingPrivilege.STEM); +#addStem("org:humanresources", "ref", "ref"); +#addStem("org:humanresources", "app", "app"); + + + +#banner=addStem("app", "banner", "banner"); +#addStem("app:banner", "etc", "etc"); +#addGroup("app:banner:etc", "banner_admin", "banner_admin"); +#grantPriv("app:banner", "app:banner:etc:banner_admin", NamingPrivilege.STEM); +#addGroup("app:banner", "banner_user_allow", "banner_user_allow"); +#addGroup("app:banner", "banner_user_deny", "banner_user_deny"); +#addGroup("app:banner", "banner_user", "banner_user"); +#addComposite("app:banner:banner_user", CompositeType.UNION, "app:banner:banner_user_allow", "app:banner:banner_user_deny") + +#portal = addStem("app", "portal", "portal"); +#addStem("app:portal", "etc", "etc"); +#addGroup("app:portal:etc", "portal_admin", "portal_admin"); +#grantPriv("app:portal", "app:portal:etc:portal_admin", NamingPrivilege.STEM); +#addGroup("app:portal", "portal_user_allow", "portal_user_allow"); +#addGroup("app:portal", "portal_user_deny", "portal_user_deny"); +#addGroup("app:portal", "portal_user", "portal_user"); +#addComposite("app:portal:portal_user", CompositeType.UNION, "app:portal:portal_user_allow", "app:portal:portal_user_deny") + +#addStem("app", "vpn", "vpn"); +#addStem("app:vpn", "etc", "etc"); +#addGroup("app:vpn:etc", "vpn_admin", "vpn_admin"); +#grantPriv("app:vpn", "app:vpn:etc:vpn_admin", NamingPrivilege.STEM); +#addGroup("app:vpn", "vpn_user_allow", "vpn_user_allow"); +#addGroup("app:vpn", "vpn_user_deny", "vpn_user_deny"); +#addGroup("app:vpn", "vpn_user", "vpn_user"); +#addComposite("app:vpn:vpn_user", CompositeType.UNION, "app:vpn:vpn_user_allow", "app:vpn:vpn_user_deny") + + +## Setup some user favorites +#subject = SubjectFinder.findById("banderson"); +#group = GroupFinder.findByName(gs, "etc:sysadmingroup", true); +#GrouperUserDataApi.favoriteGroupAdd("etc:grouperUi:grouperUiUserData", subject, group); +# +#stem = StemFinder.findByName(gs, "org:computerscience", true); +#GrouperUserDataApi.favoriteStemAdd("etc:grouperUi:grouperUiUserData", subject, stem); + + +##Set up service definitions +#AttributeDef appServiceDef = new AttributeDefSave(gs).assignCreateParentStemsIfNotExist(true).assignAttributeDefType(AttributeDefType.service).assignName("etc:apps:appsServiceDefinition").assignToStem(true).save(); +# +#AttributeDefName appService = new AttributeDefNameSave(gs, appServiceDef).assignCreateParentStemsIfNotExist(true).assignName("etc:apps:appsService").assignDisplayExtension("Central IT production Apps").save(); +# +#banner.getAttributeDelegate().assignAttribute(appService); +#portal.getAttributeDelegate().assignAttribute(appService); +# +#addMember("app:banner:banner_user_allow", "banderson"); + + +## Auto create the PSPNG attributes +#edu.internet2.middleware.grouper.pspng.FullSyncProvisionerFactory.getFullSyncer("pspng_groupOfUniqueNames"); +# +# +#AttributeDef pspngAttributeDef = AttributeDefFinder.findByName("etc:pspng:provision_to_def", true); +#AttributeDefName pspngAttribute = AttributeDefNameFinder.findByName("etc:pspng:provision_to", true); +#AttributeAssignSave attributeAssignSave = new AttributeAssignSave(gs).assignPrintChangesToSystemOut(true); +# +##Assign the PSPNG attribute for the standard groups +#attributeAssignSave.assignAttributeDefName(pspngAttribute); +#attributeAssignSave.assignOwnerStem(testStem); +#attributeAssignSave.addValue("pspng_groupOfUniqueNames"); +#attributeAssignSave.save(); +# +##Assign the PSPNG attribute for the entitlements +#AttributeAssignSave attributeAssignSave2 = new AttributeAssignSave(gs).assignPrintChangesToSystemOut(true); +#attributeAssignSave2.assignAttributeDefName(pspngAttribute); +#attributeAssignSave2.assignOwnerGroup(GroupFinder.findByName(gs, "app:vpn:vpn_user", true)); +#attributeAssignSave2.addValue("pspng_entitlements"); +#attributeAssignSave2.save(); +# +#attributeAssignSave2 = new AttributeAssignSave(gs).assignPrintChangesToSystemOut(true); +#attributeAssignSave2.assignAttributeDefName(pspngAttribute); +#attributeAssignSave2.assignOwnerGroup(GroupFinder.findByName(gs, "app:banner:banner_user", true)); +#attributeAssignSave2.addValue("pspng_entitlements"); +#attributeAssignSave2.save(); diff --git a/grouper-midpoint/mp-gr/i-data/Dockerfile b/grouper-midpoint/mp-gr/i-data/Dockerfile index 829939d..6e87782 100644 --- a/grouper-midpoint/mp-gr/i-data/Dockerfile +++ b/grouper-midpoint/mp-gr/i-data/Dockerfile @@ -1,7 +1,7 @@ FROM centos:centos7 LABEL author="tier-packaging@internet2.edu " - + RUN yum install -y epel-release \ && yum update -y \ && yum install -y 389-ds-base 389-admin 389-adminutil \ @@ -25,4 +25,6 @@ RUN useradd ldapadmin \ EXPOSE 389 -CMD /usr/sbin/ns-slapd -D /etc/dirsrv/slapd-dir && sleep 100000000 +# temporary! + +CMD rm -rf /var/lock/dirsrv/slapd-dir/server/* && /usr/sbin/ns-slapd -D /etc/dirsrv/slapd-dir && sleep 100000000 diff --git a/grouper-midpoint/mp-gr/i-data/container_files/seed-data/ds-setup.inf b/grouper-midpoint/mp-gr/i-data/container_files/seed-data/ds-setup.inf index 9eef33c..96c29a1 100644 --- a/grouper-midpoint/mp-gr/i-data/container_files/seed-data/ds-setup.inf +++ b/grouper-midpoint/mp-gr/i-data/container_files/seed-data/ds-setup.inf @@ -16,7 +16,7 @@ ServerIpAddress = 0.0.0.0 SysUser = nobody [slapd] -AddOrgEntries = Yes +AddOrgEntries = No AddSampleEntries = No InstallLdifFile = suggest RootDN = cn=Directory Manager diff --git a/grouper-midpoint/mp-gr/i-data/container_files/seed-data/users.ldif b/grouper-midpoint/mp-gr/i-data/container_files/seed-data/users.ldif index 91360a9..5381f7d 100644 --- a/grouper-midpoint/mp-gr/i-data/container_files/seed-data/users.ldif +++ b/grouper-midpoint/mp-gr/i-data/container_files/seed-data/users.ldif @@ -5,20 +5,16 @@ cn: admin userPassword: password description: LDAP administrator -dn: uid=banderson,ou=People,dc=internet2,dc=edu -objectClass: organizationalPerson -objectClass: person -objectClass: top -objectClass: inetOrgPerson -givenName: Bob -uid: banderson -sn: Anderson -cn: Bob Anderson -userPassword: password - dn: cn=users,ou=Groups,dc=internet2,dc=edu objectClass: groupOfUniqueNames objectClass: top uniqueMember: uid=banderson,ou=People,dc=internet2,dc=edu uniqueMember: uid=jsmith,ou=People,dc=internet2,dc=edu cn: users + +dn: ou=Courses,ou=Groups,dc=internet2,dc=edu +objectClass: top +objectClass: organizationalUnit +ou: Courses + + diff --git a/grouper-midpoint/mp-gr/m-server/Dockerfile b/grouper-midpoint/mp-gr/m-server/Dockerfile index 98894cc..bd728a2 100644 --- a/grouper-midpoint/mp-gr/m-server/Dockerfile +++ b/grouper-midpoint/mp-gr/m-server/Dockerfile @@ -29,6 +29,7 @@ ENV MP_DIR /opt/midpoint RUN mkdir -p ${MP_DIR}/var COPY ${MP_DIST_FILE} ${MP_DIR} +COPY container_files/ ${MP_DIR}/var/ RUN echo 'Extracting midPoint archive...' \ && tar xzf ${MP_DIR}/midpoint-${MP_VERSION}-dist.tar.gz -C ${MP_DIR} --strip-components=1 diff --git a/grouper-midpoint/mp-gr/m-server/container_files/icf-connectors/net.tirasa.connid.bundles.db.scriptedsql-2.2.6-SNAPSHOT.jar b/grouper-midpoint/mp-gr/m-server/container_files/icf-connectors/net.tirasa.connid.bundles.db.scriptedsql-2.2.6-SNAPSHOT.jar new file mode 100644 index 0000000..88fcb54 Binary files /dev/null and b/grouper-midpoint/mp-gr/m-server/container_files/icf-connectors/net.tirasa.connid.bundles.db.scriptedsql-2.2.6-SNAPSHOT.jar differ diff --git a/grouper-midpoint/mp-gr/m-server/container_files/res/grouper/SchemaScript.groovy b/grouper-midpoint/mp-gr/m-server/container_files/res/grouper/SchemaScript.groovy new file mode 100644 index 0000000..857e6c1 --- /dev/null +++ b/grouper-midpoint/mp-gr/m-server/container_files/res/grouper/SchemaScript.groovy @@ -0,0 +1,91 @@ +/* + * ==================== + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. + * + * Copyright 2013 ForgeRock. All rights reserved. + * + * The contents of this file are subject to the terms of the Common Development + * and Distribution License("CDDL") (the "License"). You may not use this file + * except in compliance with the License. + * + * You can obtain a copy of the License at + * http://opensource.org/licenses/cddl1.php + * See the License for the specific language governing permissions and limitations + * under the License. + * + * When distributing the Covered Code, include this CDDL Header Notice in each file + * and include the License file at http://opensource.org/licenses/cddl1.php. + * If applicable, add the following below this CDDL Header, with the fields + * enclosed by brackets [] replaced by your own identifying information: + * "Portions Copyrighted [year] [name of copyright owner]" + * ==================== + * Portions Copyrighted 2013 ConnId. + */ +import org.identityconnectors.framework.common.objects.AttributeInfo; +import org.identityconnectors.framework.common.objects.AttributeInfo.Flags; +import org.identityconnectors.framework.common.objects.AttributeInfoBuilder; +import org.identityconnectors.framework.common.objects.ObjectClassInfo; +import org.identityconnectors.framework.common.objects.ObjectClassInfoBuilder; + +// Parameters: +// The connector sends the following: +// action: a string describing the action ("SCHEMA" here) +// log: a handler to the Log facility +// builder: SchemaBuilder instance for the connector +// +// The connector will make the final call to builder.build() +// so the scipt just need to declare the different object types. + +// This sample shows how to create 3 basic ObjectTypes: __ACCOUNT__, __GROUP__ and organization. +// Each of them contains one required attribute and normal String attributes + + +log.info("Entering "+action+" Script"); + +// Declare the __ACCOUNT__ attributes +// Make the uid required +uidAIB = new AttributeInfoBuilder("uid",String.class); +uidAIB.setRequired(true); + +accAttrsInfo = new HashSet(); +accAttrsInfo.add(uidAIB.build()); +accAttrsInfo.add(AttributeInfoBuilder.build("subject_id", String.class)); +accAttrsInfo.add(AttributeInfoBuilder.build("subject_identifier0", String.class)); +accAttrsInfo.add(AttributeInfoBuilder.build("sort_string0", String.class)); +accAttrsInfo.add(AttributeInfoBuilder.build("search_string0", String.class)); +accAttrsInfo.add(AttributeInfoBuilder.build("name", String.class)); +accAttrsInfo.add(AttributeInfoBuilder.build("description", String.class)); +accAttrsInfo.add(AttributeInfoBuilder.build("group", String.class, [Flags.MULTIVALUED] as Set)); +// Create the __ACCOUNT__ Object class +final ObjectClassInfo ociAccount = new ObjectClassInfoBuilder().setType("__ACCOUNT__").addAllAttributeInfo(accAttrsInfo).build(); +builder.defineObjectClass(ociAccount); + +/* +// Declare the __GROUP__ attributes +// Make the gid required +gidAIB = new AttributeInfoBuilder("gid",String.class); +gidAIB.setRequired(true); + +grpAttrsInfo = new HashSet(); +grpAttrsInfo.add(gidAIB.build()); +grpAttrsInfo.add(AttributeInfoBuilder.build("name", String.class)); +grpAttrsInfo.add(AttributeInfoBuilder.build("description", String.class)); +// Create the __GROUP__ Object class +final ObjectClassInfo ociGroup = new ObjectClassInfoBuilder().setType("__GROUP__").addAllAttributeInfo(grpAttrsInfo).build(); +builder.defineObjectClass(ociGroup); + + +// Declare the organization attributes +// Make the name required +nAIB = new AttributeInfoBuilder("name",String.class); +nAIB.setRequired(true); + +orgAttrsInfo = new HashSet(); +orgAttrsInfo.add(nAIB.build()); +orgAttrsInfo.add(AttributeInfoBuilder.build("description", String.class)); +// Create the organization Object class +final ObjectClassInfo ociOrg = new ObjectClassInfoBuilder().setType("organization").addAllAttributeInfo(orgAttrsInfo).build(); +builder.defineObjectClass(ociOrg); +*/ + +log.info("Schema script done"); diff --git a/grouper-midpoint/mp-gr/m-server/container_files/res/grouper/SearchScript.groovy b/grouper-midpoint/mp-gr/m-server/container_files/res/grouper/SearchScript.groovy new file mode 100644 index 0000000..801bfe1 --- /dev/null +++ b/grouper-midpoint/mp-gr/m-server/container_files/res/grouper/SearchScript.groovy @@ -0,0 +1,101 @@ +/* + * ==================== + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. + * + * Copyright 2013 ForgeRock. All rights reserved. + * + * The contents of this file are subject to the terms of the Common Development + * and Distribution License("CDDL") (the "License"). You may not use this file + * except in compliance with the License. + * + * You can obtain a copy of the License at + * http://opensource.org/licenses/cddl1.php + * See the License for the specific language governing permissions and limitations + * under the License. + * + * When distributing the Covered Code, include this CDDL Header Notice in each file + * and include the License file at http://opensource.org/licenses/cddl1.php. + * If applicable, add the following below this CDDL Header, with the fields + * enclosed by brackets [] replaced by your own identifying information: + * "Portions Copyrighted [year] [name of copyright owner]" + * ==================== + * Portions Copyrighted 2013 ConnId. + */ +import groovy.sql.Sql; +import groovy.sql.DataSet; + +// Parameters: +// The connector sends the following: +// connection: handler to the SQL connection +// objectClass: a String describing the Object class (__ACCOUNT__ / __GROUP__ / other) +// action: a string describing the action ("SEARCH" here) +// log: a handler to the Log facility +// options: a handler to the OperationOptions Map +// query: a handler to the Query Map +// +// The Query map describes the filter used. +// +// query = [ operation: "CONTAINS", left: attribute, right: "value", not: true/false ] +// query = [ operation: "ENDSWITH", left: attribute, right: "value", not: true/false ] +// query = [ operation: "STARTSWITH", left: attribute, right: "value", not: true/false ] +// query = [ operation: "EQUALS", left: attribute, right: "value", not: true/false ] +// query = [ operation: "GREATERTHAN", left: attribute, right: "value", not: true/false ] +// query = [ operation: "GREATERTHANOREQUAL", left: attribute, right: "value", not: true/false ] +// query = [ operation: "LESSTHAN", left: attribute, right: "value", not: true/false ] +// query = [ operation: "LESSTHANOREQUAL", left: attribute, right: "value", not: true/false ] +// query = null : then we assume we fetch everything +// +// AND and OR filter just embed a left/right couple of queries. +// query = [ operation: "AND", left: query1, right: query2 ] +// query = [ operation: "OR", left: query1, right: query2 ] +// +// Returns: A list of Maps. Each map describing one row. +// !!!! Each Map must contain a '__UID__' and '__NAME__' attribute. +// This is required to build a ConnectorObject. + +log.info("Entering "+action+" Script"); + +def sql = new Sql(connection); +def result = [] +def where = ""; + +switch ( objectClass ) { + case "__ACCOUNT__": + sql.eachRow("\ +select m.id, m.name, m.subject_id, m.subject_identifier0, m.sort_string0, m.search_string0, m.description, m.subject_source, group_concat(distinct g.name) as groups \ +from \ + grouper_members m \ + left join grouper_memberships_all_v gm on m.id=gm.member_id and gm.owner_id in \ + (select m.subject_id \ + from grouper_memberships gm join grouper_members m on gm.member_id=m.id \ + where gm.owner_id = (select subject_id from grouper_members where name='etc:exportedGroups' and subject_type='group')) \ + left join grouper_groups g on gm.owner_id=g.id \ +group by m.id \ +having \ + subject_source = 'ldap';", + {result.add( + [__UID__:it.id, + __NAME__:it.subject_id, + uid:it.id, + subject_id:it.subject_id, + subject_identifier0:it.subject_identifier0, + sort_string0:it.sort_string0, + search_string0:it.search_string0, + name:it.name, + description:it.description, + group:it.groups?.tokenize(',')])} ); + break + +/* case "__GROUP__": + sql.eachRow("SELECT * FROM Groups" + where, {result.add([__UID__:it.name, __NAME__:it.name, gid:it.gid, ,description:it.description])} ); + break + + case "organization": + sql.eachRow("SELECT * FROM Organizations" + where, {result.add([__UID__:it.name, __NAME__:it.name, description:it.description])} ); + break */ + + default: + result; +} + +return result; diff --git a/grouper-midpoint/mp-gr/m-server/container_files/res/grouper/TestScript.groovy b/grouper-midpoint/mp-gr/m-server/container_files/res/grouper/TestScript.groovy new file mode 100644 index 0000000..a232c15 --- /dev/null +++ b/grouper-midpoint/mp-gr/m-server/container_files/res/grouper/TestScript.groovy @@ -0,0 +1,38 @@ +/* + * ==================== + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. + * + * Copyright 2013 ForgeRock. All rights reserved. + * + * The contents of this file are subject to the terms of the Common Development + * and Distribution License("CDDL") (the "License"). You may not use this file + * except in compliance with the License. + * + * You can obtain a copy of the License at + * http://opensource.org/licenses/cddl1.php + * See the License for the specific language governing permissions and limitations + * under the License. + * + * When distributing the Covered Code, include this CDDL Header Notice in each file + * and include the License file at http://opensource.org/licenses/cddl1.php. + * If applicable, add the following below this CDDL Header, with the fields + * enclosed by brackets [] replaced by your own identifying information: + * "Portions Copyrighted [year] [name of copyright owner]" + * ==================== + * Portions Copyrighted 2013 ConnId. + */ +import groovy.sql.Sql; +import groovy.sql.DataSet; + +// Parameters: +// The connector sends the following: +// connection: handler to the SQL connection +// action: a string describing the action ("TEST" here) +// log: a handler to the Log facility + +log.info("Entering "+action+" Script"); +def sql = new Sql(connection); + +sql.eachRow("select * from grouper_members limit 10", { println it.subject_id } ); + + diff --git a/grouper-midpoint/mp-gr/m-server/container_files/res/sis/SchemaScript.groovy b/grouper-midpoint/mp-gr/m-server/container_files/res/sis/SchemaScript.groovy new file mode 100644 index 0000000..6cbee2d --- /dev/null +++ b/grouper-midpoint/mp-gr/m-server/container_files/res/sis/SchemaScript.groovy @@ -0,0 +1,54 @@ +/* + * ==================== + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. + * + * Copyright 2013 ForgeRock. All rights reserved. + * + * The contents of this file are subject to the terms of the Common Development + * and Distribution License("CDDL") (the "License"). You may not use this file + * except in compliance with the License. + * + * You can obtain a copy of the License at + * http://opensource.org/licenses/cddl1.php + * See the License for the specific language governing permissions and limitations + * under the License. + * + * When distributing the Covered Code, include this CDDL Header Notice in each file + * and include the License file at http://opensource.org/licenses/cddl1.php. + * If applicable, add the following below this CDDL Header, with the fields + * enclosed by brackets [] replaced by your own identifying information: + * "Portions Copyrighted [year] [name of copyright owner]" + * ==================== + * Portions Copyrighted 2013 ConnId. + */ +import org.identityconnectors.framework.common.objects.AttributeInfo; +import org.identityconnectors.framework.common.objects.AttributeInfo.Flags; +import org.identityconnectors.framework.common.objects.AttributeInfoBuilder; +import org.identityconnectors.framework.common.objects.ObjectClassInfo; +import org.identityconnectors.framework.common.objects.ObjectClassInfoBuilder; + +// Parameters: +// The connector sends the following: +// action: a string describing the action ("SCHEMA" here) +// log: a handler to the Log facility +// builder: SchemaBuilder instance for the connector +// +// The connector will make the final call to builder.build() +// so the scipt just need to declare the different object types. + +// This sample shows how to create 3 basic ObjectTypes: __ACCOUNT__, __GROUP__ and organization. +// Each of them contains one required attribute and normal String attributes + + +log.info("Entering "+action+" Script"); + +uidAIB = new AttributeInfoBuilder("uid",String.class); +uidAIB.setRequired(true); + +accAttrsInfo = new HashSet(); +accAttrsInfo.add(uidAIB.build()); +accAttrsInfo.add(AttributeInfoBuilder.build("courseId", String.class, [Flags.MULTIVALUED] as Set)); +ociAccount = new ObjectClassInfoBuilder().setType("__ACCOUNT__").addAllAttributeInfo(accAttrsInfo).build(); +builder.defineObjectClass(ociAccount); + +log.info("Schema script done"); diff --git a/grouper-midpoint/mp-gr/m-server/container_files/res/sis/SearchScript.groovy b/grouper-midpoint/mp-gr/m-server/container_files/res/sis/SearchScript.groovy new file mode 100644 index 0000000..026ef8d --- /dev/null +++ b/grouper-midpoint/mp-gr/m-server/container_files/res/sis/SearchScript.groovy @@ -0,0 +1,71 @@ +/* + * ==================== + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. + * + * Copyright 2013 ForgeRock. All rights reserved. + * + * The contents of this file are subject to the terms of the Common Development + * and Distribution License("CDDL") (the "License"). You may not use this file + * except in compliance with the License. + * + * You can obtain a copy of the License at + * http://opensource.org/licenses/cddl1.php + * See the License for the specific language governing permissions and limitations + * under the License. + * + * When distributing the Covered Code, include this CDDL Header Notice in each file + * and include the License file at http://opensource.org/licenses/cddl1.php. + * If applicable, add the following below this CDDL Header, with the fields + * enclosed by brackets [] replaced by your own identifying information: + * "Portions Copyrighted [year] [name of copyright owner]" + * ==================== + * Portions Copyrighted 2013 ConnId. + */ +import groovy.sql.Sql; +import groovy.sql.DataSet; + +// Parameters: +// The connector sends the following: +// connection: handler to the SQL connection +// objectClass: a String describing the Object class (__ACCOUNT__ / __GROUP__ / other) +// action: a string describing the action ("SEARCH" here) +// log: a handler to the Log facility +// options: a handler to the OperationOptions Map +// query: a handler to the Query Map +// +// The Query map describes the filter used. +// +// query = [ operation: "CONTAINS", left: attribute, right: "value", not: true/false ] +// query = [ operation: "ENDSWITH", left: attribute, right: "value", not: true/false ] +// query = [ operation: "STARTSWITH", left: attribute, right: "value", not: true/false ] +// query = [ operation: "EQUALS", left: attribute, right: "value", not: true/false ] +// query = [ operation: "GREATERTHAN", left: attribute, right: "value", not: true/false ] +// query = [ operation: "GREATERTHANOREQUAL", left: attribute, right: "value", not: true/false ] +// query = [ operation: "LESSTHAN", left: attribute, right: "value", not: true/false ] +// query = [ operation: "LESSTHANOREQUAL", left: attribute, right: "value", not: true/false ] +// query = null : then we assume we fetch everything +// +// AND and OR filter just embed a left/right couple of queries. +// query = [ operation: "AND", left: query1, right: query2 ] +// query = [ operation: "OR", left: query1, right: query2 ] +// +// Returns: A list of Maps. Each map describing one row. +// !!!! Each Map must contain a '__UID__' and '__NAME__' attribute. +// This is required to build a ConnectorObject. + +log.info("Entering "+action+" Script"); + +def sql = new Sql(connection); +def result = [] +def where = ""; + +switch ( objectClass ) { + case "__ACCOUNT__": + sql.eachRow("select uid, concat(surname, ', ', givenName, ' (', uid, ')') as name, group_concat(courseId) as courses from SIS_COURSES group by uid", {result.add([__UID__:it.uid, __NAME__:it.name, uid:it.uid, courseId:it.courses?.tokenize(',')])} ); + break + + default: + result; +} + +return result; diff --git a/grouper-midpoint/mp-gr/m-server/container_files/res/sis/TestScript.groovy b/grouper-midpoint/mp-gr/m-server/container_files/res/sis/TestScript.groovy new file mode 100644 index 0000000..95f87ad --- /dev/null +++ b/grouper-midpoint/mp-gr/m-server/container_files/res/sis/TestScript.groovy @@ -0,0 +1,38 @@ +/* + * ==================== + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. + * + * Copyright 2013 ForgeRock. All rights reserved. + * + * The contents of this file are subject to the terms of the Common Development + * and Distribution License("CDDL") (the "License"). You may not use this file + * except in compliance with the License. + * + * You can obtain a copy of the License at + * http://opensource.org/licenses/cddl1.php + * See the License for the specific language governing permissions and limitations + * under the License. + * + * When distributing the Covered Code, include this CDDL Header Notice in each file + * and include the License file at http://opensource.org/licenses/cddl1.php. + * If applicable, add the following below this CDDL Header, with the fields + * enclosed by brackets [] replaced by your own identifying information: + * "Portions Copyrighted [year] [name of copyright owner]" + * ==================== + * Portions Copyrighted 2013 ConnId. + */ +import groovy.sql.Sql; +import groovy.sql.DataSet; + +// Parameters: +// The connector sends the following: +// connection: handler to the SQL connection +// action: a string describing the action ("TEST" here) +// log: a handler to the Log facility + +log.info("Entering "+action+" Script"); +def sql = new Sql(connection); + +sql.eachRow("select * from SIS_COURSES limit 10", { println it.uid } ); + + diff --git a/grouper-midpoint/mp-gr/m-server/container_files/schema/user-schema.xsd b/grouper-midpoint/mp-gr/m-server/container_files/schema/user-schema.xsd new file mode 100644 index 0000000..d7b2f86 --- /dev/null +++ b/grouper-midpoint/mp-gr/m-server/container_files/schema/user-schema.xsd @@ -0,0 +1,21 @@ + + + + + + + + + + + + + + + + diff --git a/grouper-midpoint/mp-gr/s-data/Dockerfile b/grouper-midpoint/mp-gr/s-data/Dockerfile index e19ee69..f21df4f 100644 --- a/grouper-midpoint/mp-gr/s-data/Dockerfile +++ b/grouper-midpoint/mp-gr/s-data/Dockerfile @@ -41,4 +41,4 @@ RUN useradd ldapadmin \ EXPOSE 389 3306 -CMD /usr/sbin/ns-slapd -D /etc/dirsrv/slapd-dir && mysqld_safe +CMD rm -rf /var/lock/dirsrv/slapd-dir/server/* && /usr/sbin/ns-slapd -D /etc/dirsrv/slapd-dir && mysqld_safe diff --git a/grouper-midpoint/mp-gr/t-data/Dockerfile b/grouper-midpoint/mp-gr/t-data/Dockerfile new file mode 100644 index 0000000..6e87782 --- /dev/null +++ b/grouper-midpoint/mp-gr/t-data/Dockerfile @@ -0,0 +1,30 @@ +FROM centos:centos7 + +LABEL author="tier-packaging@internet2.edu " + +RUN yum install -y epel-release \ + && yum update -y \ + && yum install -y 389-ds-base 389-admin 389-adminutil \ + && yum clean all \ + && rm -rf /var/cache/yum + +COPY container_files/seed-data/ /seed-data/ + +RUN useradd ldapadmin \ + && rm -fr /var/lock /usr/lib/systemd/system \ + # The 389-ds setup will fail because the hostname can't reliable be determined, so we'll bypass it and then install. \ + && sed -i 's/checkHostname {/checkHostname {\nreturn();/g' /usr/lib64/dirsrv/perl/DSUtil.pm \ + # Not doing SELinux \ + && sed -i 's/updateSelinuxPolicy($inf);//g' /usr/lib64/dirsrv/perl/* \ + # Do not restart at the end \ + && sed -i '/if (@errs = startServer($inf))/,/}/d' /usr/lib64/dirsrv/perl/* \ + && setup-ds.pl --silent --file /seed-data/ds-setup.inf \ + && /usr/sbin/ns-slapd -D /etc/dirsrv/slapd-dir \ + && while ! curl -s ldap://localhost:389 > /dev/null; do echo waiting for ldap to start; sleep 1; done; \ + ldapadd -H ldap:/// -f /seed-data/users.ldif -x -D "cn=Directory Manager" -w password + +EXPOSE 389 + +# temporary! + +CMD rm -rf /var/lock/dirsrv/slapd-dir/server/* && /usr/sbin/ns-slapd -D /etc/dirsrv/slapd-dir && sleep 100000000 diff --git a/grouper-midpoint/mp-gr/t-data/container_files/seed-data/ds-setup.inf b/grouper-midpoint/mp-gr/t-data/container_files/seed-data/ds-setup.inf new file mode 100644 index 0000000..96c29a1 --- /dev/null +++ b/grouper-midpoint/mp-gr/t-data/container_files/seed-data/ds-setup.inf @@ -0,0 +1,28 @@ +[General] +AdminDomain = internet2.edu +ConfigDirectoryAdminID = admin +ConfigDirectoryAdminPwd = admin +ConfigDirectoryLdapURL = ldap://localhost:389/o=NetscapeRoot +FullMachineName = localhost +ServerRoot = /usr/lib64/dirsrv +SuiteSpotGroup = nobody +SuiteSpotUserID = nobody + +[admin] +Port = 9830 +ServerAdminID = admin +ServerAdminPwd = admin +ServerIpAddress = 0.0.0.0 +SysUser = nobody + +[slapd] +AddOrgEntries = No +AddSampleEntries = No +InstallLdifFile = suggest +RootDN = cn=Directory Manager +RootDNPwd = password +ServerIdentifier = dir +ServerPort = 389 +SlapdConfigForMC = yes +Suffix = dc=internet2,dc=edu +UseExistingMC = No diff --git a/grouper-midpoint/mp-gr/t-data/container_files/seed-data/users.ldif b/grouper-midpoint/mp-gr/t-data/container_files/seed-data/users.ldif new file mode 100644 index 0000000..8b13789 --- /dev/null +++ b/grouper-midpoint/mp-gr/t-data/container_files/seed-data/users.ldif @@ -0,0 +1 @@ +