http://git-wip-us.apache.org/repos/asf/airavata/blob/89e0fdc8/modules/group-manager/src/main/resources/grouper.client.properties ---------------------------------------------------------------------- diff --git a/modules/group-manager/src/main/resources/grouper.client.properties b/modules/group-manager/src/main/resources/grouper.client.properties new file mode 100755 index 0000000..cf78604 --- /dev/null +++ b/modules/group-manager/src/main/resources/grouper.client.properties @@ -0,0 +1,552 @@ +# +# Copyright 2014 Internet2 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +# +# Grouper client configuration +# $Id: grouper.client.base.properties,v 1.24 2009-12-30 04:23:02 mchyzer Exp $ +# + +# The grouper client uses Grouper Configuration Overlays (documented on wiki) +# By default the configuration is read from grouper.client.base.properties +# (which should not be edited), and the grouper.client.properties overlays +# the base settings. See the grouper.client.base.properties for the possible +# settings that can be applied to the grouper.client.properties + +######################################## +## LDAP connection settings +######################################## + +# url of directory, including the base DN (distinguished name) +# e.g. ldap://server.school.edu/dc=school,dc=edu +# e.g. ldaps://server.school.edu/dc=school,dc=edu +grouperClient.ldap.url = + +# kerberos principal used to connect to ldap +grouperClient.ldap.login = + +# password for shared secret authentication to ldap +# or you can put a filename with an encrypted password +grouperClient.ldap.password = + +######################################## +## Web service Connection settings +######################################## + +# url of web service, should include everything up to the first resource to access +# e.g. http://groups.school.edu:8090/grouper-ws/servicesRest +# e.g. https://groups.school.edu/grouper-ws/servicesRest +grouperClient.webService.url = + +# kerberos principal used to connect to web service +grouperClient.webService.login = + +# password for shared secret authentication to web service +# or you can put a filename with an encrypted password +grouperClient.webService.password = + +######################################## +## Config chaining hierarchy +######################################## + +# comma separated config files that override each other (files on the right override the left) +# each should start with file: or classpath: +# e.g. classpath:grouper.client.example.properties, file:c:/something/myconfig.properties +grouperClient.config.hierarchy = classpath:grouper.client.base.properties, classpath:grouper.client.properties + +# seconds between checking to see if the config files are updated +grouperClient.config.secondsBetweenUpdateChecks = 60 + +######################################## +## Misc settings +######################################## + +# path of a writable directory where files can be created or stored +# for example, cache of discovery configuration, or failover state +# dot is the current directory... note, this directory must exist +# or it will be created (attempted) +# if this is blank, none of these features will be used, and +# no files will be saved +grouperClient.cacheDirectory = . + +######################################## +## Encrypted password settings +######################################## + +# Put a random alphanumeric string (Case sensitive) for the password encryption. e.g. fh43IRJ4Nf5 +# or put a filename where the random alphanumeric string is. +# e.g. c:/whatever/key.txt +# e.g. sdfklj24lkj34lk34 +encrypt.key = + +# set this to true if you have slashes in your passwords and dont want to look in external files or unencrypt +encrypt.disableExternalFileLookup = false + +# pre grouper 2.0, the client encrypted passwords differently than the server. Now that the client is part of the server, +# there are more reasons to be consistent. Change to false for pre-2.0 password encryption behavior +encrypt.encryptLikeServer = true + +######################################## +## Logging +######################################## + +# For java.util.logging, only for the grouperClient package (not below) +# from java java.util.logging.Level class: ALL, CONFIG, FINE, FINER, FINEST, OFF, SEVERE, WARNING +grouperClient.logging.grouperClientOnly.logLevel = WARNING + +# If you are not using log4j (will use java.util.logging, you can turn logging on which will go to stderr +# (if no file specified below). This is default log level +# from java java.util.logging.Level class: ALL, CONFIG, FINE, FINER, FINEST, OFF, SEVERE, WARNING +grouperClient.logging.logLevel = WARNING + +# If you dont want the logging to go to stderr, then put a log file location here: e.g. f:/temp/grouperClient.log +grouperClient.logging.logFile = + +# if you want ws requests and responses being logged to files, put the directory here. +# The grouper client will create subdirs +grouperClient.logging.webService.documentDir = + +# try to indent the xml. If this fails for some reason, or you want the raw xml, +# set to false +grouperClient.logging.webService.indent = true + +# if the masked password should be logged (if false, dont log anything about password) +# the masked password will show how many chars the password is (helpful for diagnosing +# password encryption issues) +grouperClient.logging.logMaskedPassword = false + +######################################## +## Service discovery settings +######################################## + +# number of minutes to remember that a connection had errors +grouperClient.minutesToKeepErrors = 2 + +# if you are using a discovery service, but a discovery properties +# at a URL (preferably SSL with valid certificate) +# you should have multiple discovery URLs hosted at independent locations +# to add more, increment the integer +grouperClient.urlOfDiscovery.0 = +grouperClient.urlOfDiscovery.1 = + +# if your app has a slow startup time, and the initial connections are timing out +# esp if you arent just using the command line client (e.g. if using it as a jar), +# then add more time here +grouperClient.secondsForClassesToLoad = 20 + +# this will save the failover state to a file so if the JVM is stopped, it +# will be there when it starts again. +# Set to 0 to store on every use (recommended if used command line) +# or set to -1 to not store or read ever +# grouperClient.cacheDirectory must be set +grouperClient.saveFailoverStateEverySeconds = 60 + +# if the failover client should use threads. If it doesnt then you cant detect timeouts +grouperClient.failoverClientUseThreads = true + +# this will cache the discovery properties in memory or on disk +# if you want to cache the discovery properties locally, put a directory here: +# this is recommended especially if you are using the grouper client as a command +# line application and the process is constantly restarting +# note, this will be used for a failsafe cache if all discovery servers are unavailable +# grouperClient.cacheDirectory must be set +# set to 0 or -1 to not cache +grouperClient.cacheDiscoveryPropertiesForSeconds = 120 + +# this is the path in the discovery server there the grouper.client.discovery.properties is +grouperClient.discoveryGrouperClientPropertiesDirectory = + +#### +## Below here are default values and override values for the discovery +## properties at your institution. Note: if the override keys are there +## with no value then it will blank out the discovery service value +#### + +# default urls of directory, including the base DN (distinguished name) +# add more properties and increment the integer (.1, .2, etc) +# e.g. ldap://server.school.edu/dc=school,dc=edu +# e.g. ldaps://server.school.edu/dc=school,dc=edu +grouperClient.discoveryDefault.ldap.0.url = +#grouperClient.discoveryOverride.ldap.0.url = + +# default active/active or active/standby +# active/active will pick a server randomly, +# and will stick with it for as long as the affinity is set +# active/standby will always use the first connection +# if no errors, then try the second one etc. +# if a connection has more errors and has a higher priority, +# then it will not be tried again until the +# takeConnectionOutOfPoolOnErrorForSeconds timeout +# passes +grouperClient.discoveryDefault.ldap.loadBalancing = active/active +#grouperClient.discoveryOverride.ldap.loadBalancing = active/active + +# if we are active/active, then the same connection will +# be used for a certain number of seconds. If this is -1, then +# always keep the same server (unless errors) +grouperClient.discoveryDefault.ldap.affinitySeconds = 28800 +#grouperClient.discoveryOverride.ldap.affinitySeconds = 28800 + +# if a connection has more errors than another, it will not be +# used until this error timeout passes (unless the other is throwing errors +# too) +grouperClient.discoveryDefault.ldap.lowerConnectionPriorityOnErrorForMinutes = 3 +#grouperClient.discoveryOverride.ldap.lowerConnectionPriorityOnErrorForMinutes = 3 + +# when a connection is attempted, this is the timeout that it will use before trying +# another connection +grouperClient.discoveryDefault.ldap.timeoutSeconds = 30 +#grouperClient.discoveryOverride.ldap.timeoutSeconds = 30 + +# after all connections have been attempted, it will wait for this long +# to see if any finish +grouperClient.discoveryDefault.ldap.extraTimeoutSeconds = 15 +#grouperClient.discoveryOverride.ldap.extraTimeoutSeconds = 15 + +# urls of web service, should include everything up to the first resource to access +# this is for read or write operations +# add more properties and increment the integer (.1, .2, etc) +# e.g. http://groups.school.edu:8090/grouper-ws/servicesRest +# e.g. https://groups.school.edu/grouper-ws/servicesRest +grouperClient.discoveryDefault.webService.readWrite.0.url = +#grouperClient.discoveryOverride.webService.readWrite.0.url = + +# url of web service, should include everything up to the first resource to access +# this is for only read operations +# add more properties and increment the integer (.1, .2, etc) +# e.g. http://groups.school.edu:8090/grouper-ws/servicesRest +# e.g. https://groups.school.edu/grouper-ws/servicesRest +grouperClient.discoveryDefault.webService.readOnly.0.url = +#grouperClient.discoveryOverride.webService.readOnly.0.url = + +# active/active or active/standby +# active/active will pick a server randomly, +# and will stick with it for as long as the affinity is set +# active/standby will always use the first connection +# if no errors, then try the second one etc. +# if a connection has more errors and has a higher priority, +# then it will not be tried again until the +# takeConnectionOutOfPoolOnErrorForSeconds timeout +# passes +grouperClient.discoveryDefault.webService.loadBalancing = active/active +#grouperClient.discoveryOverride.webService.loadBalancing = active/active + +# if you want to always try read/write before readOnly (i.e. if you are +# worried about if you make a write and read right after each other) +grouperClient.discoveryDefault.webService.preferReadWrite = true +#grouperClient.discoveryOverride.webService.preferReadWrite = true + +# if we are active/active, then the same connection will +# be used for a certain number of seconds. If this is -1, then +# always keep the same server (unless errors) +grouperClient.discoveryDefault.webService.affinitySeconds = 28800 +#grouperClient.discoveryOverride.webService.affinitySeconds = 28800 + +# if a connection has more errors than another, it will not be +# used until this error timeout passes (unless the other is throwing errors +# too) +grouperClient.discoveryDefault.webService.lowerConnectionPriorityOnErrorForMinutes = 3 +#grouperClient.discoveryOverride.webService.lowerConnectionPriorityOnErrorForMinutes = 3 + +# when a connection is attempted, this is the timeout that it will use before trying +# another connection +grouperClient.discoveryDefault.webService.timeoutSeconds = 60 +#grouperClient.discoveryOverride.webService.timeoutSeconds = 60 + +# after all connections have been attempted, it will wait for this long +# to see if any finish +grouperClient.discoveryDefault.webService.extraTimeoutSeconds = 30 +#grouperClient.discoveryOverride.webService.extraTimeoutSeconds = 30 + + + +#################################################################################### +#################################################################################### +#### Institutional and advanced settings +#################################################################################### +#################################################################################### + +####################################### +## output templates +####################################### + +webService.addMember.output = Index ${index}: success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: ${wsSubject.id}$newline$ +webService.getMembers.output = GroupIndex ${groupIndex}: success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: group: ${wsGroup.name}: subjectIndex: ${subjectIndex}: ${wsSubject.id}$newline$ +webService.deleteMember.output = Index ${index}: success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: ${wsSubject.id}$newline$ +webService.hasMember.output = Index ${index}: success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: ${wsSubject.id}: ${hasMember}$newline$ +webService.getGroups.output = SubjectIndex ${subjectIndex}: success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: subject: ${wsSubject.id}: groupIndex: ${groupIndex}: ${wsGroup.name}$newline$ +webService.groupSave.output = Success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: ${wsGroup.name}$newline$ +webService.stemSave.output = Success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: ${wsStem.name}$newline$ +webService.groupDelete.output = Index ${index}: success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: ${wsGroup.name}$newline$ +webService.stemDelete.output = Index ${index}: success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: ${wsStem.name}$newline$ +webService.getGrouperPrivilegesLite.output = Index ${index}: success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: ${objectType}: ${objectName}: subject: ${wsSubject.id}: ${wsGrouperPrivilegeResult.privilegeType}: ${wsGrouperPrivilegeResult.privilegeName}$newline$ +webService.assignGrouperPrivileges.output = Index: ${index}, success: ${resultMetadata.success}, code: ${resultMetadata.resultCode}, ${objectType}: ${objectName}, subject: ${wsSubject.id}, ${wsAssignGrouperPrivilegesResult.privilegeType}: ${wsAssignGrouperPrivilegesResult.privilegeName}$newline$ +webService.assignGrouperPrivilegesLite.output = Success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: ${objectType}: ${objectName}: subject: ${wsSubject.id}: ${wsAssignGrouperPrivilegesLiteResult.privilegeType}: ${wsAssignGrouperPrivilegesLiteResult.privilegeName}$newline$ +webService.findGroups.output = Index ${index}: name: ${wsGroup.name}, displayName: ${wsGroup.displayName}$newline$ +webService.findStems.output = Index ${index}: name: ${wsStem.name}, displayName: ${wsStem.displayName}$newline$ +webService.memberChangeSubject.output = Success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: oldSubject: ${wsSubjectOld.id}, newSubject: ${wsSubjectNew.id}$newline$ +webService.getMemberships.output = Index: ${index}: ${type}: ${ownerName}, subject: ${wsSubject.id}, list: ${wsMembership.listName}, type: ${wsMembership.membershipType}, enabled: ${wsMembership.enabled}$newline$ +webService.getSubjects.output = Index: ${index}: success: ${success}, code: ${wsSubject.resultCode}, subject: ${wsSubject.id}$newline$ +webService.getAttributeAssignments.output = Index: ${index}: attributeAssignType: ${wsAttributeAssign.attributeAssignType}, owner: ${ownerName}, attributeDefNameName: ${wsAttributeDefName.name}, action: ${wsAttributeAssign.attributeAssignActionName}, values: ${valuesString}, enabled: ${wsAttributeAssign.enabled}, id: ${wsAttributeAssign.id}$newline$ +webService.getAttributeAssignActions.output = Index: ${index}: nameOfAttributeDef: ${wsAttributeAssignActionTuple.nameOfAttributeDef}, action: ${wsAttributeAssignActionTuple.action}$newline$ +webService.assignAttributes.output = Index: ${index}: attributeAssignType: ${wsAttributeAssign.attributeAssignType}, owner: ${ownerName}, attributeDefNameName: ${wsAttributeDefName.name}, action: ${wsAttributeAssign.attributeAssignActionName}, values: ${valuesString}, enabled: ${wsAttributeAssign.enabled}, id: ${wsAttributeAssign.id}, changed: ${wsAssignAttributeResult.changed}, deleted: ${wsAssignAttributeResult.deleted}, valuesChanged: ${wsAssignAttributeResult.valuesChanged}$newline$ +webService.assignAttributesBatch.output = Index: ${assignIndex}, itemIndex: ${assignItemIndex}: attributeAssignType: ${wsAttributeAssign.attributeAssignType}, owner: ${ownerName}, attributeDefNameName: ${wsAttributeDefName.name}, action: ${wsAttributeAssign.attributeAssignActionName}, values: ${valuesString}, enabled: ${wsAttributeAssign.enabled}, id: ${wsAttributeAssign.id}, changed: ${wsAssignAttributeBatchResult.changed}, deleted: ${wsAssignAttributeBatchResult.deleted}, valuesChanged: ${wsAssignAttributeBatchResult.valuesChanged}$newline$ +webService.getPermissionAssignments.output = Index: ${index}: permissionType: ${wsPermissionAssign.permissionType}, role: ${wsPermissionAssign.roleName}, subject: ${wsPermissionAssign.sourceId} - ${wsPermissionAssign.subjectId}, attributeDefNameName: ${wsPermissionAssign.attributeDefNameName}, action: ${wsPermissionAssign.action}, allowedOverall: ${wsPermissionAssign.allowedOverall}, enabled: ${wsPermissionAssign.enabled}$newline$ +webService.assignPermissions.output = Index: ${index}: permissionType: ${permissionType}, owner: ${ownerName}, permissionDefNameName: ${wsAttributeDefName.name}, action: ${wsAttributeAssign.attributeAssignActionName}, disallowed: ${wsAttributeAssign.disallowed}, enabled: ${wsAttributeAssign.enabled}, attributeAssignId: ${wsAttributeAssign.id}, changed: ${wsAssignPermissionResult.changed}, deleted: ${wsAssignPermissionResult.deleted}$newline$ +webService.assignAttributeDefNameInheritance.output = Success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}, message: ${resultMetadata.resultMessage}$newline$ +webService.attributeDefNameSave.output = Success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: ${wsAttributeDefName.name}$newline$ +webService.attributeDefNameDelete.output = Index ${index}: success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: ${wsAttributeDefName.name}$newline$ +webService.findAttributeDefNames.output = Index ${index}: name: ${wsAttributeDefName.name}, displayName: ${wsAttributeDefName.displayName}$newline$ +webService.assignAttributeDefActions.output=Index ${index}: nameOfAttributeDef: ${nameOfAttributeDef}, action: ${actionWithOperation.action}, status: ${actionWithOperation.status}$newline$ + +####################################### +## ldap queries +####################################### + +# operation name +ldapSearchAttribute.operationName.0 = pennnameToPennid +ldapSearchAttribute.ldapName.0 = ou=pennnames +ldapSearchAttribute.matchingAttributes.0 = pennname +ldapSearchAttribute.matchingAttributeLabels.0 = pennnameToDecode +ldapSearchAttribute.returningAttributes.0 = pennid +ldapSearchAttribute.outputTemplate.0 = pennid: ${pennid} +ldapSearchAttribute.resultType.0 = STRING + +ldapSearchAttribute.operationName.1 = pennidToPennname +ldapSearchAttribute.ldapName.1 = ou=pennnames +ldapSearchAttribute.matchingAttributes.1 = pennid +ldapSearchAttribute.matchingAttributeLabels.1 = pennidToDecode +ldapSearchAttribute.returningAttributes.1 = pennname +ldapSearchAttribute.outputTemplate.1 = pennname: ${pennname} +ldapSearchAttribute.resultType.1 = STRING + +ldapSearchAttribute.operationName.2 = hasMemberLdap +ldapSearchAttribute.ldapName.2 = ou=groups +ldapSearchAttribute.matchingAttributes.2 = cn, hasMember +ldapSearchAttribute.matchingAttributeLabels.2 = groupName, pennnameToCheck +ldapSearchAttribute.returningAttributes.2 = cn +ldapSearchAttribute.outputTemplate.2 = hasMember: ${resultBoolean} +ldapSearchAttribute.resultType.2 = BOOLEAN + +ldapSearchAttribute.operationName.3 = getMembersLdap +ldapSearchAttribute.ldapName.3 = ou=groups +ldapSearchAttribute.matchingAttributes.3 = cn +ldapSearchAttribute.matchingAttributeLabels.3 = groupName +ldapSearchAttribute.returningAttributes.3 = hasMember +ldapSearchAttribute.outputTemplate.3 = ${resultString}$newline$ +ldapSearchAttribute.resultType.3 = STRING_LIST + +######################################## +## Custom operations +## Implement the interface ClientOperation, put it in the jar +## Increment the int index for multiples (must be in order) +######################################## + +#customOperation.name.0 = cosignLikeWebsec +#customOperation.class.0 = edu.upenn.isc.grouperClient.CosignLikeWebsecOperation + + +######################################## +## Authentication settings +######################################## + +# user prefix +grouperClient.ldap.user.prefix = uid= + +# user suffix +grouperClient.ldap.user.suffix = ,ou=entities,dc=upenn,dc=edu + +# config name for the ldap user name between prefix and suffix +grouperClient.ldap.user.label = login + +# config name for the webService user name between prefix and suffix +grouperClient.webService.user.label = login + +######################################## +## Web service settings +######################################## + +# web service client version +grouperClient.webService.client.version = v2_2_000 + +# socket timeout +grouperClient.webService.httpSocketTimeoutMillis = 90000 + +# connection manager timeout +grouperClient.webService.httpConnectionManagerTimeoutMillis = 90000 + +# ignore extraneous xml fields from server (e.g. on server upgrade, when the client isnt upgraded) +# if you dont ignore, and there is an extraneous field which is not omitted (below), then an exception +# will be thrown +grouperClient.webService.ignoreExtraneousXmlFields = true + +# register fields to be ignored with xstream. this is useful if you are not +# ignoring extraneous fields (above), but know that there are a few to be ignored +# place them here with fully qualified classname dont property name, comma separated +# e.g. edu.internet2.middleware.grouperClient.ws.beans.WsResponseMeta.millis, edu.internet2.middleware.grouperClient.ws.beans.WsResponseMeta.millis2 +grouper.webService.omitXmlProperties = + +######################################## +## Misc +######################################## + +# if there are extra command line args, should we fail or just log? +grouperClient.failOnExtraCommandLineArgs = true + +# you can have aliases for subjectId and subjectIdentifer in command line args +# (though subjectId will still be allowed, but you cant pass both) +# if this value is pennIds, then e.g. for addMemberWs, you can use --pennIds=123,234 +# instead of --subjectIds=123,345 +grouperClient.alias.subjectIds = + +# if this value is pennKeys, then e.g. for addMemberWs, you can use --pennKeys=abc,bcd +# instead of --subjectIdentifiers=abc,bcd +grouperClient.alias.subjectIdentifiers = + +# if this value is pennId, then e.g. for getGrouperPrivilegesLite, you can use --pennId=123 +# instead of --subjectId=123 +grouperClient.alias.subjectId = + +# if this value is pennKey, then e.g. for getGrouperPrivilegesLite, you can use --pennKey=abc +# instead of --subjectIdentifiers=abc +grouperClient.alias.subjectIdentifier = + +# if this value is PennId, then e.g. for addMemberWs, you can use --actAsPennId=123 +# instead of --actAsSubjectId=abc,bcd +grouperClient.alias.SubjectId = + +# if this value is PennKey, then e.g. for addMemberWs, you can use --actAsPennKey=abc +# instead of --actAsSubjectIdentifier=abc +grouperClient.alias.SubjectIdentifier = + +# the encoding used to read config files +grouperClient.config.encoding = UTF-8 + +# this should probably be changed to UTF-8 for international charsets... for US it can be: ISO-8859-1 +grouperClient.default.fileEncoding = UTF-8 + +# to not require valid SSL, use: edu.internet2.middleware.grouperClient.ssl.EasySslSocketFactory +grouperClient.https.customSocketFactory = + +# to not require valid SSL, use: edu.internet2.middleware.grouperClient.ssl.BlindSslSocketFactory +grouperClient.ldaps.customSocketFactory = + + +############################## +## Kuali Identity settings +############################## + +kuali.identity.source.0 = jdbc +kuali.identity.nameAttribute.0 = name +kuali.identity.identifierAttribute.0 = loginid + +# separate a sourceId from a subjectId or sourceId +kuali.identity.sourceSeparator = :::: + + +######################################## +## JDBC settings +######################################## + +# default database connection name +grouperClient.jdbc.defaultName = default + +# the part between jdbc. and the last . is the name of the connection, in this case "default" +# e.g. mysql: com.mysql.jdbc.Driver +# e.g. p6spy (log sql): com.p6spy.engine.spy.P6SpyDriver +# for p6spy, put the underlying driver in spy.properties +# e.g. oracle: oracle.jdbc.driver.OracleDriver +# e.g. hsqldb: org.hsqldb.jdbcDriver +# e.g. postgres: org.postgresql.Driver +# e.g. mssql: com.microsoft.sqlserver.jdbc.SQLServerDriver +grouperClient.jdbc.default.driver = oracle.jdbc.driver.OracleDriver + +# e.g. mysql: jdbc:mysql://localhost:3306/grouper +# e.g. p6spy (log sql): [use the URL that your DB requires] +# e.g. oracle: jdbc:oracle:thin:@server.school.edu:1521:sid +# e.g. hsqldb (a): jdbc:hsqldb:dist/run/grouper;create=true +# e.g. hsqldb (b): jdbc:hsqldb:hsql://localhost:9001/grouper +# e.g. postgres: jdbc:postgresql://localhost:5432/database +# e.g. mssql: jdbc:sqlserver://localhost:3280 +grouperClient.jdbc.default.url = jdbc:oracle:thin:@server.school.edu:1521:sid +grouperClient.jdbc.default.user = some_schema +grouperClient.jdbc.default.pass = abc123 + + + +################################ +## AWS settings +################################ + +# sqs settings +grouperClient.awsAccessKey = ABC123 +grouperClient.awsSecretKey = xyz789 +grouperClient.awsSqsQueueUrl = https://sqs.region.amazonaws.com/1234/queue_name + + +################################ +## ESB settings +################################ + +## if you want to encrypt messages, set this to an implementation of edu.internet2.middleware.grouperClient.encryption.GcEncryptionInterface +esb.consumer.encryptionImplementation = edu.internet2.middleware.grouperClient.encryption.GcSymmetricEncryptAesCbcPkcs5Padding +## this is a key or could be encrypted in a file as well like other passwords +## generate a key with: java -cp grouperClient.jar edu.internet2.middleware.grouperClient.encryption.GcGenerateKey +## number these if there are multiple +#esb.consumer.encryptionKey.0 = abc123 + + +################################ +## XMPP client settings +## Note: you need the smack.jar in your classpath, see the grouper xmpp wiki for usage +## https://spaces.internet2.edu/display/Grouper/Grouper+XMPP+notifications+v1.6.0 +################################ + + +## general xmpp configuration +grouperClient.xmpp.server.host = jabber.school.edu +grouperClient.xmpp.server.port = 5222 +grouperClient.xmpp.user = username +# note, pass can be in an external file with morphstring +grouperClient.xmpp.pass = +grouperClient.xmpp.resource = grouperClient +# note, you need the exact id and resource here or it wont match +grouperClient.xmpp.trustedMessagesFromJabberIds = [email protected]/resource, [email protected]/resource2 + +# if true, then each quartz trigger name will be unique +# do this for atlassian since it doesnt do quartz right, and wont delete or reuse old triggers +grouperClient.xmpp.uniqueQuartzTriggerNames = false + +# if true, send this to smack, if we should debug. not sure if it does anything +grouperClient.xmpp.debuggerEnabled = false + +grouperClient.xmpp.job.myJobName.groupNames = test:xmppGroups:test1 +grouperClient.xmpp.job.myJobName.allowIncrementalNotInGroupNamesList = false +grouperClient.xmpp.job.myJobName.handlerClass = edu.internet2.middleware.grouperClientExt.xmpp.GrouperClientXmppFileHandler +# set this to reload_group or incremental if not reload on each event +grouperClient.xmpp.job.myJobName.eventAction = incremental +# how often a full refresh should occur regardless of events +grouperClient.xmpp.job.myJobName.fullRefreshQuartzCronString = 0 0 5 * * ? +grouperClient.xmpp.job.myJobName.fileHandler.targetFile = c:/temp/targetFile.txt +grouperClient.xmpp.job.myJobName.fileHandler.filePrefix = c:/temp/filePrefix.txt +grouperClient.xmpp.job.myJobName.fileHandler.iteratorEl = ${subject.attribute['pennname']}$space$ +grouperClient.xmpp.job.myJobName.fileHandler.fileSuffix = c:/temp/fileSuffix.txt +grouperClient.xmpp.job.myJobName.subjectAttributeNames = pennname +# subjects wont notify in not in these sources, comma separated, or blank for all +grouperClient.xmpp.job.myJobName.requireSources = pennperson +# subjects wont notify if they dont have a non blank value for these attributes, or blank for all +grouperClient.xmpp.job.myJobName.requireAttributes = pennname + +
http://git-wip-us.apache.org/repos/asf/airavata/blob/89e0fdc8/modules/group-manager/src/main/resources/grouper.hibernate.base.properties ---------------------------------------------------------------------- diff --git a/modules/group-manager/src/main/resources/grouper.hibernate.base.properties b/modules/group-manager/src/main/resources/grouper.hibernate.base.properties new file mode 100755 index 0000000..7070b17 --- /dev/null +++ b/modules/group-manager/src/main/resources/grouper.hibernate.base.properties @@ -0,0 +1,120 @@ +# +# Copyright 2014 Internet2 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +# +# Grouper Hibernate Configuration +# $Id: grouper.hibernate.example.properties,v 1.9 2009-08-11 20:18:09 mchyzer Exp $ +# + +# The grouper hibernate config uses Grouper Configuration Overlays (documented on wiki) +# By default the configuration is read from grouper.hibernate.base.properties +# (which should not be edited), and the grouper.hibernate.properties overlays +# the base settings. See the grouper.hibernate.base.properties for the possible +# settings that can be applied to the grouper.hibernate.properties + +######################################## +## Config chaining hierarchy +######################################## + +# comma separated config files that override each other (files on the right override the left) +# each should start with file: or classpath: +# e.g. classpath:grouper.hibernate.base.properties, file:c:/temp/myFile.properties +grouper.hibernate.config.hierarchy = classpath:grouper.hibernate.base.properties, classpath:grouper.hibernate.properties + +# seconds between checking to see if the config files are updated +grouper.hibernate.config.secondsBetweenUpdateChecks = 60 + +######################################## +## DB settings +######################################## + +# e.g. mysql: jdbc:mysql://localhost:3306/grouper +# e.g. p6spy (log sql): [use the URL that your DB requires] +# e.g. oracle: jdbc:oracle:thin:@server.school.edu:1521:sid +# e.g. hsqldb (a): jdbc:hsqldb:dist/run/grouper;create=true +# e.g. hsqldb (b): jdbc:hsqldb:hsql://localhost:9001/grouper +# e.g. postgres: jdbc:postgresql://localhost:5432/database +# e.g. mssql: jdbc:sqlserver://localhost:3280;databaseName=grouper +hibernate.connection.url = jdbc:hsqldb:hsql://localhost:9001/grouper + +hibernate.connection.username = sa +# If you are using an empty password, depending upon your version of +# Java and Ant you may need to specify a password of "". +# Note: you can keep passwords external and encrypted: https://bugs.internet2.edu/jira/browse/GRP-122 +hibernate.connection.password = + +################ BELOW HERE YOU GENERALLY DO NOT NEED TO CHANGE #################### + +# Leave blank to autodetect based on URL, or specify +# Hibernate3. +# e.g. org.hibernate.dialect.Oracle10gDialect, org.hibernate.dialect.HSQLDialect +# e.g. org.hibernate.dialect.PostgreSQLDialect ,org.hibernate.dialect.MySQL5Dialect +# e.g. org.hibernate.dialect.SQLServerDialect +hibernate.dialect = + +# see http://ehcache.org/documentation/user-guide/hibernate#Configure-Ehcache-as-the-Second-Level-Cache-Provider +# Hibernate 3.0 - 3.2 +# hibernate.cache.provider_class = org.hibernate.cache.EhCacheProvider +# Hibernate 3.3+ +hibernate.cache.region.factory_class = net.sf.ehcache.hibernate.EhCacheRegionFactory + + +# +# Generic Hibernate Configuration +# + +hibernate.cache.use_query_cache = true + +# leave blank to autodetect based on URL +# e.g. mysql: com.mysql.jdbc.Driver +# e.g. p6spy (log sql): com.p6spy.engine.spy.P6SpyDriver +# for p6spy, put the underlying driver in spy.properties +# e.g. oracle: oracle.jdbc.driver.OracleDriver +# e.g. hsqldb: org.hsqldb.jdbcDriver +# e.g. postgres: org.postgresql.Driver +# e.g. mssql: com.microsoft.sqlserver.jdbc.SQLServerDriver +hibernate.connection.driver_class = + + +hibernate.connection.autocommit = false + +# Use c3p0 connection pooling (since dbcp not supported in hibernate anymore) +# http://www.hibernate.org/214.html, http://www.hibernate.org/hib_docs/reference/en/html/session-configuration.html +hibernate.c3p0.max_size 16 +hibernate.c3p0.min_size 0 +#seconds +hibernate.c3p0.timeout 100 +hibernate.c3p0.max_statements 0 +hibernate.c3p0.idle_test_period 100 +hibernate.c3p0.acquire_increment 1 +hibernate.c3p0.validate false + +#What to do if there are connection problems - see http://www.mchange.com/projects/c3p0/index.html#configuration_properties +#These settings are designed to cause exceptions sooner rather than later so end users are not left with a hanging UI. Once the database +#is available again a connection will be made witout further intervention +#If tou get intermittent connection problems in the UI even though the database is OK try increasing the max_size setting above and +#tune the settings below +hibernate.c3p0.acquireRetryAttempts=2 +hibernate.c3p0.acquireRetryDelay=500 +hibernate.c3p0.checkoutTimeout=30000 + +hibernate.jdbc.use_streams_for_binary = true + +hibernate.max_fetch_depth = 1 + +hibernate.show_sql = false + +hibernate.jdbc.batch_size 20 http://git-wip-us.apache.org/repos/asf/airavata/blob/89e0fdc8/modules/group-manager/src/main/resources/grouper.hibernate.properties ---------------------------------------------------------------------- diff --git a/modules/group-manager/src/main/resources/grouper.hibernate.properties b/modules/group-manager/src/main/resources/grouper.hibernate.properties new file mode 100755 index 0000000..36fa66d --- /dev/null +++ b/modules/group-manager/src/main/resources/grouper.hibernate.properties @@ -0,0 +1,10 @@ +hibernate.connection.url = jdbc:mysql://gw62.iu.xsede.org:3306/grouper + +hibernate.connection.username =airavata_grouper_client +# If you are using an empty password, depending upon your version of +# Java and Ant you may need to specify a password of "". +# Note: you can keep passwords external and encrypted: https://bugs.internet2.edu/jira/browse/GRP-122 +hibernate.connection.password =airavata_grouper_client + +hibernate.cache.use_second_level_cache=true +hibernate.cache.region.factory_class=org.hibernate.cache.ehcache.EhCacheRegionFactory \ No newline at end of file http://git-wip-us.apache.org/repos/asf/airavata/blob/89e0fdc8/modules/group-manager/src/main/resources/grouper.properties ---------------------------------------------------------------------- diff --git a/modules/group-manager/src/main/resources/grouper.properties b/modules/group-manager/src/main/resources/grouper.properties new file mode 100755 index 0000000..1cc0805 --- /dev/null +++ b/modules/group-manager/src/main/resources/grouper.properties @@ -0,0 +1,1017 @@ +# +# Copyright 2014 Internet2 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +# +# Grouper Configuration +# $Id: grouper.example.properties,v 1.48 2009-12-16 06:02:30 mchyzer Exp $ +# + +# Grouper uses Grouper Configuration Overlays (documented on wiki) +# By default the configuration is read from grouper.base.properties +# (which should not be edited), and the grouper.properties overlays +# the base settings. See the grouper.base.properties for the possible +# settings that can be applied to the grouper.properties + + +######################################## +## Config chaining hierarchy +######################################## + +# comma separated config files that override each other (files on the right override the left) +# each should start with file: or classpath: +# e.g. classpath:grouper.example.properties, file:c:/something/myconfig.properties +grouper.config.hierarchy = classpath:grouper.base.properties, classpath:grouper.properties + +# seconds between checking to see if the config files are updated +grouper.config.secondsBetweenUpdateChecks = 60 + + +######################################## +## General settings +######################################## + +# in cases where grouper is logging or emailing, it will use this to differentiate test vs dev vs prod +grouper.env.name = + +#put the URL which will be used e.g. in emails to users. include the webappname at the end, and nothing after that. +#e.g. https://server.school.edu/grouper/ +grouper.ui.url = + +# tmp dir to use, will set this to the env var for tmp dir during cache operations... +# note, if you are using a backslash, you need to escape it with another, e.g. c:\\temp +# see the temp dir in logs with this in log4j.properties +# log4j.logger.edu.internet2.middleware.grouper.util.GrouperUtil = INFO +grouper.tmp.dir = + +# main stem for grouper built in objects +# Note: there are more locations to change than just this +grouper.rootStemForBuiltinObjects = etc + +####################################### +## inititalization and configuration settings +####################################### + +#if grouper should auto init the registry if not initted (i.e. insert the root stem, built in fields, etc) +#defaults to true +registry.autoinit = true + +#if grouper should try and detect and log configuration errors on startup +#in general this should be true, unless the output is too annoying or if it is causing a problem +configuration.detect.errors = true + +#if the startup message should display +configuration.display.startup.message = true + +#if groups like the wheel group should be auto-created for convenience (note: check config needs to be on) +configuration.autocreate.system.groups = false + +#auto-create groups (increment the integer index), and auto-populate with users +#(comma separated subject ids) to bootstrap the registry on startup +#(note: check config needs to be on) +#configuration.autocreate.group.name.0 = etc:uiUsers +#configuration.autocreate.group.description.0 = users allowed to log in to the UI +#configuration.autocreate.group.subjects.0 = johnsmith + +# if should check java version and make sure ok +configuration.checkJavaVersion = true + +# if should check database and utf in new thread +configuration.checkDatabaseAndUtf.inNewThread = true + +# if grouper should check to see if the database has case sensitive selects +configuration.detect.db.caseSensitive.problems = true +configuration.display.db.caseSensitive.success.message = false + +# if grouper should check to see if utf-8 works on startup in files +configuration.detect.utf8.file.problems = true +# if grouper should check to see if utf-8 works on startup in the database +configuration.detect.utf8.problems = true +configuration.display.utf8.success.message = false + +# if grouper in the utf8 check will check to see if grouper supports transaction +configuration.detect.db.transaction.problems = true +configuration.display.transaction.success.message = false + +################################### +## security settings +################################### + +# If set to _true_, the ALL subject will be granted that privilege on +# each new group that is created. Note, you can override the default +# checkboxes on screen of UI in media.properties. +groups.create.grant.all.optin = false +groups.create.grant.all.optout = false +groups.create.grant.all.read = false +groups.create.grant.all.view = false +groups.create.grant.all.groupAttrRead = false + +# If set to _true_, the ALL subject will be granted that privilege on +# each new stem that is created. +stems.create.grant.all.create = false +stems.create.grant.all.stemAdmin = false +stems.create.grant.all.stemAttrRead = false +stems.create.grant.all.stemAttrUpdate = false + +# If set to _true_, the ALL subject will be granted that privilege on +# each new attributeDef that is created. +attributeDefs.create.grant.all.attrAdmin = false +attributeDefs.create.grant.all.attrOptin = false +attributeDefs.create.grant.all.attrOptout = false +attributeDefs.create.grant.all.attrRead = false +attributeDefs.create.grant.all.attrUpdate = false +attributeDefs.create.grant.all.attrView = false +attributeDefs.create.grant.all.attrDefAttrRead = false +attributeDefs.create.grant.all.attrDefAttrUpdate = false + +# if set to true, then the ALL subject will be granted view on new entities +entities.create.grant.all.view = false + + +# A wheel group allows you to enable non-GrouperSystem subjects to act +# like a root user when interacting with the registry. +groups.wheel.use = false + +# Set to the name of the group you want to treat as the wheel group. +# The members of this group will be treated as root-like users. +groups.wheel.group = etc:sysadmingroup + +# A viewonly wheel group allows you to enable non-GrouperSystem subjects to act +# like a root user when viewing the registry. +groups.wheel.viewonly.use = false + +# Set to the name of the group you want to treat as the viewonly wheel group. +# The members of this group will be treated as root-like users when viewing objects. +groups.wheel.viewonly.group = etc:sysadminViewersGroup + +# A readonly wheel group allows you to enable non-GrouperSystem subjects to act +# like a root user when reading the registry. +groups.wheel.readonly.use = false + +# Set to the name of the group you want to treat as the readonly wheel group. +# The members of this group will be treated as root-like users when reading objects. +groups.wheel.readonly.group = etc:sysadminReadersGroup + + +# To change the internal names for GrouperAll and GrouperSystem +# uncomment and change. Review UI nav.properties to ensure consistency +subject.internal.grouperall.name = EveryEntity +subject.internal.groupersystem.name = GrouperSysAdmin + +# Search and sort strings for internal users +internalSubjects.searchAttribute0.el = ${subject.name},${subject.id} +internalSubjects.sortAttribute0.el = ${subject.name} + + +#by default, anyone with admin rights on a group can edit the types or attributes +#specify types (related attributes will also be protected) which are wheel only, or restricted to a certain group +#security.types.typeName.wheelOnly = true +security.types.grouperLoader.wheelOnly = true +security.types.grouperGroupMembershipSettings.wheelOnly = true + +#security.types.typeName.allowOnlyGroup = etc:someAdminGroup + + +# If this property is set, then to move a stem, in addition to having the appropriate stem privileges for the stem being moved and the destination stem, +# a user must also be a member of the defined group. Note that users in the wheel group will have access regardless of this property. +#security.stem.groupAllowedToMoveStem = etc:someAdminGroup + +# If this property is set, then to rename a stem, in addition to having the appropriate stem privilege for the stem being renamed, +# a user must also be a member of the defined group. Note that users in the wheel group will have access regardless of this property. +#security.stem.groupAllowedToRenameStem = etc:someAdminGroup + +# If this property is set, then to copy a stem, a user must be a member of the defined group. Note that users in the wheel group will have access regardless of this property. +#security.stem.groupAllowedToCopyStem = etc:someAdminGroup + +# By default, all users have access to sort using any of the sort strings in the member table and search using any of the search strings in the member table. +# You can restrict to wheel only or to a certain group. +#security.member.sort.string0.allowOnlyGroup = etc:someGroup +#security.member.sort.string1.allowOnlyGroup = etc:someGroup +#security.member.sort.string2.wheelOnly = true +#security.member.sort.string3.wheelOnly = true +#security.member.sort.string4.wheelOnly = true +#security.member.search.string0.allowOnlyGroup = etc:someGroup +#security.member.search.string1.allowOnlyGroup = etc:someGroup +#security.member.search.string2.wheelOnly = true +#security.member.search.string3.wheelOnly = true +#security.member.search.string4.wheelOnly = true + + +################################### +## Member sort and search +################################### + +# Attributes of members are kept in the grouper_members table to allow easy sorting and searching (for instance when listing group members). +# When performing a sort or search and an index is not specified, then a default index will be used as configured below. The value is comma-separated, +# so that if the user does not have access to the first index, then next will be tried and so forth. +# Note: all sources should have attributes configured for all default indexes. +member.search.defaultIndexOrder=0 +member.sort.defaultIndexOrder=0 + + +################################### +## whitelist (allow) and blacklist (deny) for db/ldap data or object deletes, without prompting the user to confirm +## if a listing is in the whitelist (allow), it will be allowed to delete db/ldap +## if a listing is in the blacklist (deny), it will be denied from deleting db/ldap +## multiple inputs can be entered with .0, .1, .2, etc. These numbers must be sequential, starting with 0 +################################### + +db.change.allow.user.0=sa +db.change.allow.url.0=jdbc:hsqldb:hsql://localhost:9001/grouper +db.change.allow.user.1=grouper1 +db.change.allow.url.1=jdbc:mysql://localhost:3306/grouper1 + +db.change.deny.user.0=grouper2 +db.change.deny.url.0=jdbc:mysql://localhost:3306/grouper2 + +# db.change.allow.user.2=uid=admin,ou=system +# db.change.allow.url.2=ldap://localhost:10389 + +# if should give error when detect driver mismatch (set to false if using an +# unknown driver, and tell the grouper team so we can add to list) +db.log.driver.mismatch = true + +################################### +## Grouper include / exclude and requireGroups +## If enabled, will make sure the Type is installed, and when that type is +## applied to a group, it will auto-create the other groups needed to manage the include and exclude lists +## see: https://bugs.internet2.edu/jira/browse/GRP-178 +## the naming settings below are only used when the type is applied to a group, will not affect +## existing include/exclude groups +################################### + +#if the addIncludeExclude and requireInGroups should be enabled, and if the type(s) should be +#auto-created, and used to auto create groups to facilitate include and exclude lists, and require lists +grouperIncludeExclude.use = false +grouperIncludeExclude.requireGroups.use = false + +#for requireGroups (groups that the members must be to be in the overall group). name is the name of the attribute or type +#attributeOrType is either attribute for an attribute underneath the requireInGroups type, or type to be a top level type +#group is the group to be anded in. note attributes are a global namespace, so you might want to use a naming convention, +#e.g. prefix with "require". description is the tooltip. add as many as you like. +#grouperIncludeExclude.requireGroup.name.0 = requireActiveEmployee +#grouperIncludeExclude.requireGroup.attributeOrType.0 = type +#grouperIncludeExclude.requireGroup.group.0 = school:community:activeEmployee +#grouperIncludeExclude.requireGroup.description.0 = If value is true, members of the overall group must be an active employee (in the school:community:activeEmployee group). Otherwise, leave this value not filled in. + +#grouperIncludeExclude.requireGroup.name.1 = requireActiveStudent +#grouperIncludeExclude.requireGroup.attributeOrType.1 = attribute +#grouperIncludeExclude.requireGroup.group.1 = school:community:activeStudent +#grouperIncludeExclude.requireGroup.description.1 = If value is true, members of the overall group must be an active student (in the school:community:activeStudent group). Otherwise leave this value not filled in. + + +# set some names and tooltips +grouperIncludeExclude.type.name = addIncludeExclude +grouperIncludeExclude.tooltip = Select this type to auto-create other groups which facilitate having include and exclude list + +grouperIncludeExclude.requireGroups.type.name = requireInGroups +grouperIncludeExclude.requireGroups.tooltip = Select this type to auto-create other groups which set up group math so that other groups can be required for membership (e.g. activeEmployee) + +#leave grouperIncludeExclude.andGroups.attributeName blank if you dont want to use this attribute... +#though if you were using it, it wont remove already configured groups +grouperIncludeExclude.requireGroups.attributeName = requireAlsoInGroups +grouperIncludeExclude.requireGroups.attribute.tooltip = Enter in comma separated group path(s). An entity must be in these groups for it to be in the overall group. e.g. stem1:stem2:group1, stem1:stem3:group2 + +#suffixes for various include/exclude groups (can use ${space} for space). +#note, these should uniquely identify various parts of the include/exclude. +#i.e. if the grouperIncludeExclude type is applied to a group with a suffix of the include suffix, +#the other groups will not be created... +grouperIncludeExclude.systemOfRecord.extension.suffix = _systemOfRecord +grouperIncludeExclude.include.extension.suffix = _includes +grouperIncludeExclude.exclude.extension.suffix = _excludes +grouperIncludeExclude.systemOfRecordAndIncludes.extension.suffix = _systemOfRecordAndIncludes +grouperIncludeExclude.includesMinusExcludes.extension.suffix = _includesMinusExcludes +#note, put a ${i} in there for where the 1 based index will go +grouperIncludeExclude.requireGroups.extension.suffix = _requireGroups${i} + +#suffixes for various include/exclude groups (can use ${space} for space) +grouperIncludeExclude.systemOfRecord.displayExtension.suffix = ${space}system of record +grouperIncludeExclude.include.displayExtension.suffix = ${space}includes +grouperIncludeExclude.exclude.displayExtension.suffix = ${space}excludes +grouperIncludeExclude.systemOfRecordAndIncludes.displayExtension.suffix = ${space}system of record and includes +grouperIncludeExclude.includesMinusExcludes.displayExtension.suffix = ${space}includes minus excludes +#note, put a ${i} in there for where the 1 based index will go +grouperIncludeExclude.requireGroups.displayExtension.suffix = ${space}requireGroups ${i} + +#can use ${extension} as the group extension, or ${displayExtension} for group display extension +grouperIncludeExclude.overall.description = Group containing list of ${displayExtension} after adding the includes and subtracting the excludes +grouperIncludeExclude.systemOfRecord.description = Group containing list of ${displayExtension} (generally straight from the system of record) without yet considering manual include or exclude lists +grouperIncludeExclude.include.description = Group containing manual list of includes for group ${displayExtension} which will be added to the system of record list (unless the subject is also in the excludes group) +grouperIncludeExclude.exclude.description = Group containing manual list of excludes for group ${displayExtension} which will not be in the overall group +grouperIncludeExclude.systemOfRecordAndIncludes.description = Internal utility group for group ${displayExtension} which facilitates the group math for the include and exclude lists +grouperIncludeExclude.includesMinusExclude.description = Internal utility group for group ${displayExtension} which facilitates includes, excludes, and required groups (e.g. activeEmployee) +#note, put a ${i} in there for where the 1 based index will go +grouperIncludeExclude.requireGroups.description = Internal utility group for group ${displayExtension} which facilitates required groups (e.g. activeEmployee) + + +################################### +## Subject settings +################################### + +# if finding across multiple threadable sources, use threads to do the work faster +subjects.allPage.useThreadForkJoin = false + +# if finding across multiple threadable sources, use threads to do the work faster +subjects.idOrIdentifier.useThreadForkJoin = false + +# if the creator and last updater should be group subject attributes (you get +# a performance gain if you set to false, but if true you can see subject id from UI in 2.0 +subjects.group.useCreatorAndModifierAsSubjectAttributes = true + +# customize subjects by implementing this interface: edu.internet2.middleware.grouper.subj.SubjectCustomizer +# or extending this class: edu.internet2.middleware.grouper.subj.SubjectCustomizerBase (recommended) +# note the instance will be reused to make sure it is threadsafe +subjects.customizer.className = + +# if we should use a root session if one isnt started for subject lookups (behavior in v2.0- +subjects.startRootSessionIfOneIsntStarted = false + +################################### +## Hooks +## You can register multiple classes for one hook base class by comma separating the hooks implementations +## You can also register hooks at runtime with: +## GrouperHookType.addHookManual("hooks.group.class", YourSchoolGroupHooks2.class); +################################### + +#implement a group attribute hook by extending edu.internet2.middleware.grouper.hooks.AttributeHooks +#hooks.attribute.class=edu.yourSchool.it.YourSchoolGroupHooks,edu.yourSchool.it.YourSchoolGroupHooks2 + +#implement an attribute def hook by extending edu.internet2.middleware.grouper.hooks.AttributeDefHooks +#hooks.attributeDef.class=edu.yourSchool.it.YourSchoolAttributeDefHooks,edu.yourSchool.it.YourSchoolAttributeDefHooks2 + +#implement an attribute def name hook by extending edu.internet2.middleware.grouper.hooks.AttributeDefNameHooks +#hooks.attributeDefName.class=edu.yourSchool.it.YourSchoolAttributeDefNameHooks,edu.yourSchool.it.YourSchoolAttributeDefNameHooks2 + +#implement an attribute assign hook by extending edu.internet2.middleware.grouper.hooks.AttributeAssignHooks +#hooks.attributeAssign.class=edu.yourSchool.it.YourSchoolAttributeAssignHooks,edu.yourSchool.it.YourSchoolAttributeAssignHooks2 + +#implement an attribute assign hook by extending edu.internet2.middleware.grouper.hooks.AttributeAssignValueHooks +#hooks.attributeAssignValue.class=edu.yourSchool.it.YourSchoolAttributeAssignValueHooks,edu.yourSchool.it.YourSchoolAttributeAssignValueHooks2 + +#implement a group hook by extending edu.internet2.middleware.grouper.hooks.GroupHooks +#hooks.group.class=edu.yourSchool.it.YourSchoolGroupHooks,edu.yourSchool.it.YourSchoolGroupHooks2 + +#implement a grouper lifecycle hook by extending edu.internet2.middleware.grouper.hooks.LifecycleHooks +#hooks.lifecycle.class=edu.yourSchool.it.YourSchoolLifecycleHooks + +#implement a membership hook by extending edu.internet2.middleware.grouper.hooks.MembershipHooks +#hooks.membership.class=edu.yourSchool.it.YourSchoolMembershipHooks + +#implement a member hook by extending edu.internet2.middleware.grouper.hooks.MemberHooks +#hooks.member.class=edu.yourSchool.it.YourSchoolMemberHooks + +#implement a stem hook by extending edu.internet2.middleware.grouper.hooks.StemHooks +#hooks.stem.class=edu.yourSchool.it.YourSchoolStemHooks + +#implement a composite hook by extending edu.internet2.middleware.grouper.hooks.CompositeHooks +#hooks.composite.class=edu.yourSchool.it.YourSchoolCompositeHooks + +#implement a field hook by extending edu.internet2.middleware.grouper.hooks.FieldHooks +#hooks.field.class=edu.yourSchool.it.YourSchoolFieldHooks + +#implement a grouperSession hook by extending edu.internet2.middleware.grouper.hooks.GrouperSessionHooks +#hooks.grouperSession.class=edu.yourSchool.it.YourSchoolGrouperSessionHooks + +#implement a groupType hook by extending edu.internet2.middleware.grouper.hooks.GroupTypeHooks +#hooks.groupType.class=edu.yourSchool.it.YourSchoolGroupTypeHooks + +#implement a groupTypeTuple hook by extending edu.internet2.middleware.grouper.hooks.GroupTypeTupleHooks +#hooks.groupTypeTuple.class=edu.yourSchool.it.YourSchoolGroupTypeTupleHooks + +#implement a loader hook by extending edu.internet2.middleware.grouper.hooks.LoaderHooks +#hooks.loader.class=edu.yourSchool.it.YourSchoolLoaderHooks + +#implement an external subject hook by extending edu.internet2.middleware.grouper.hooks.ExternalSubjectHooks +#hooks.externalSubject.class=edu.yourSchool.it.YourSchoolExternalSubjectHooks + +################################### +## Rules +################################### + +# Rules users who are in the following group can use the actAs field to act as someone else +# You can put multiple groups separated by commas. e.g. a:b:c, e:f:g +# You can put a single entry as the group the calling user has to be in, and the grouper the actAs has to be in +# separated by 4 colons +# e.g. if the configured values is: a:b:c, e:f:d :::: r:e:w, x:e:w +# then if the calling user is in a:b:c or x:e:w, then the actAs can be anyone +# if not, then if the calling user is in e:f:d, then the actAs must be in r:e:w. If multiple rules, then +# if one passes, then it is a success, if they all fail, then fail. +rules.act.as.group = + +# any actAs subject in this group has access to more objects when the EL fires on +# the IF or THEN EL clause +rules.accessToApiInEl.group = + +# cache the decision to allow a user to actAs another, so it doesnt have to be calculated each time +# defaults to 30 minutes +rules.act.as.cache.minutes = 30 + +# uuids (comma separated) of the attribute assign record which is the rule type to the owner object +# e.g. SELECT gaagv.attribute_assign_id FROM grouper_attr_asn_group_v gaagv WHERE gaagv.attribute_def_name_name LIKE '%:rule' AND gaagv.group_name = 'stem:a' +# make sure log info level is set for RuleEngine +# log4j.logger.edu.internet2.middleware.grouper.rules.RuleEngine = INFO +rules.attributeAssignTypeIdsToLog = abc1234abc123, def456def345 + +# if this is true, then log a lot of info about why rules do or do not fire... only turn on temporarily +# since it takes a lot of resources... note you need log DEBUG set for the rules engine in log4j.properties too e.g. +# log4j.logger.edu.internet2.middleware.grouper.rules = DEBUG +rules.logWhyRulesDontFire = false + +# put in fully qualified classes to add to the EL context. Note that they need a default constructor +# comma separated. The alias will be the simple class name without a first cap. +# e.g. if the class is test.Test the alias is "test" +rules.customElClasses = + +# If the CHECK, IF, and THEN are all exactly what is needed for managing inherited stem privileges +# Then allow an actAs GrouperSystem in source g:isa +rules.allowActAsGrouperSystemForInheritedStemPrivileges = + +# If not blank, then keep email templates in this folder instead of classpath +# If in classpath, it is classpath: grouperRulesEmailTemplates/someTemplate.txt +rules.emailTemplatesFolder = + + +################################### +## Group attribute validation via regex +## You can attach a regex to an attribute name (including built ins) +## If none are registered, the built in hook will not be enabled +## The built ins are description, displayName, extension, displayExtension, name +## Configure a group.attribute.validator.attributeName.X for attribute name +## group.attribute.validator.regex.X for the regex +## group.attribute.validator.vetoMessage.X for the veto message (can contain the variable $attributeValue$ which will substitute) +## the X must be a sequential integer which groups the config entries together. +## do not repeat two config entries +################################### + +#Attach a regex validator by attribute name +#group.attribute.validator.attributeName.0=extension +#group.attribute.validator.regex.0=^[a-zA-Z0-9]+$ +#group.attribute.validator.vetoMessage.0=Group ID '$attributeValue$' is invalid since it must contain only alpha-numerics +# +#group.attribute.validator.attributeName.1=displayExtension +#group.attribute.validator.regex.1=^[a-zA-Z0-9 ]+$ +#group.attribute.validator.vetoMessage.1=Group name '$attributeValue$' is invalid since it must contain only alpha-numerics or spaces + +##################################### +## Audit settings +##################################### + +# if set to true, then exceptions will be thrown if any actions are not audited... exceptions +# should not be thrown since everything should be audited, so this is a switch to make it absorb +# errors if there is a problem (will be logged instead if second param is true) +audit.requireAuditsForAllActions = false +audit.logAuditsForMissingActions = false + +##################################### +## Change log settings +##################################### + +# if we should insert records into grouper_change_log_temp when events happen +# defaults to true. Note, it is not currently supported to set this to false... +changeLog.enabled = true + + +##################################### +## Settings to track last membership changes for groups and stems. +##################################### + +# If true, when an immediate membership changes for a group (either a privilege or a list member), +# then an update will be made to the lastImmediateMembershipChange property for the group. +groups.updateLastImmediateMembershipTime = false + +# If true, when an immediate, composite, or effective membership changes for a group (either a privilege or a list member), +# then an update will be made to the lastMembershipChange property for the group. +groups.updateLastMembershipTime = false + +# If true, when an immediate or effective membership changes for a stem (this would be a naming privilege), +# then an update will be made to the lastMembershipChange property for the stem. +stems.updateLastMembershipTime = false + + +##################################### +## Database structure data definition language (DDL) settings +##################################### + +# Grouper DOES NOT WORK WITHOUT NESTED TRANSACTIONS! This config parameter doesnt exist +#ddlutils.use.nestedTransactions = true + +# ddlutils db name will be set by default, you can override it here, it must be one of: +# axion, cloudscape, db2, db2v8, derby, firebird, hsqldb, interbase, maxdb, mckoi, +# mssql, mysql, mysql5, oracle, oracle10, oracle9, postgresql, sapdb, sybase, sybasease15, +# +#ddlutils.dbname.override = oracle10 + +# if you want to not create the subject tables (grouper examples for unit testing), +# then set this to true +ddlutils.exclude.subject.tables = false + +# set the path where ddl scripts are generated (they will be uniquely named in this directory). +# if blank, the directory used will be the current directory +ddlutils.directory.for.scripts = ddlScripts + +# during schema export, should it install grouper data also or not. e.g. insert the root stem, default true +ddlutils.schemaexport.installGrouperData = true + +# when grouper starts, should it shut down if not right version? +ddlutils.failIfNotRightVersion = true + +# after you have converted id's, and are happy with the conversion of removing the uuid col, +# this will remove the backup uuid cols when running the gsh command: gsh -registry -deep +ddlutils.dropBackupUuidCols = false + +# after you have converted field id foreign keys, and are happy with the conversion of removing the attribute name, +# membership list name, and type cols, +# this will remove the backup field name/type cols when running the gsh command: gsh -registry -deep +ddlutils.dropBackupFieldNameTypeCols = false + +# before the group name etc was moved to the grouper_groups table, the attributes table +# was backed up. If it should not be backed up, or if the upgrade is done and works, then it can +# be removed, set to true, run: gsh -registry -deep +ddlutils.dropAttributeBackupTableFromGroupUpgrade = false + +# Since grouper_memberships no longer has effective memberships, that table doesn't need via_id, +# depth and parent_membership. If they were converted, this will drop the backup of those cols with: gsh -registry -deep +ddlutils.dropMembershipBackupColsFromOwnerViaUpgrade = false + +# After legacy attributes are converted, the backed up tables can be dropped with: gsh -registry -deep +ddlutils.dropLegacyAttributes = false + +# this is the schema ddlutils uses to query metadata with jdbc. usually this can be omitted, +# and it defaults to your database loginid, however, in postgres, it can be different, so enter here +# in sql server, it might need to be: dbo +#ddlutils.schema = public + +#if you are running a DB that supports them, but you dont want them, disable comments here (defaults to false) +ddlutils.disableComments = false + +#set to true and we wont subsitute varchar 4000 for text in mysql (wont work in innodb utf-8 databases +ddlutils.dontSubstituteVarchar4000forTextMysql = false + +##################################### +## mail settings (optional, e.g. for daily report form loader) +##################################### + +#smtp server is a domain name or dns name. set to "testing" if you want to log instead of send (e.g. for testing) +#mail.smtp.server = whatever.school.edu + +#leave blank if unauthenticated +#mail.smtp.user = + +#leave blank if unauthenticated +#mail.smtp.pass = + +#leave blank or false for no ssl, true for ssl +#mail.smtp.ssl = + +#leave blank for default (probably 25), if ssl is true, default is 465, else specify +#mail.smtp.port = + +#this is the default email address where mail from grouper will come from +#mail.from.address = [email protected] + +#this is the subject prefix of emails, which will help differentiate prod vs test vs dev etc +#mail.subject.prefix = TEST: + +#when running junit tests, this is the address that will be used +#mail.test.address = [email protected] + +##################################### +## misc settings which probably dont need to be changed +##################################### + +dao.factory = edu.internet2.middleware.grouper.internal.dao.hib3.Hib3DAOFactory + +# if tables that are hibernated should have optimistic locking or not (assumes the data layer supports this, hibernate does) +dao.optimisticLocking = true + +# set the API as readonly (e.g. during upgrades). Any updates will throw an exception +grouper.api.readonly = false + +# When searching for memberships using the getMemberships WS (or underlying API call), limit the number of memberships +# which can be returned, else throws exception. -1 means dont check. +ws.getMemberships.maxResultSize = 30000 + +# When searching for attribute assignments using the getAttributeAssignments WS (or underlying API call), limit the number of assignments +# which can be returned, else throws exception. -1 means dont check. +ws.findAttrAssignments.maxResultSize = 30000 + +# When searching attribute def names, this is max size +findAllAttributeDefNames.maxResultSize = 30000 + +# create the type and attribuute for membership lite ui config by group +membershipUpdateLiteTypeAutoCreate = false + +grouper.tableIndex.group.minIndex = 10000 +grouper.tableIndex.stem.minIndex = 10000 +grouper.tableIndex.attributeDef.minIndex = 10000 +grouper.tableIndex.attributeDefName.minIndex = 10000 + +# verify that table indexes are set and the pointers are ok, incurs a bit of overhead to grouper startup +grouper.tableIndex.verifyOnStartup = true + +# in different circumstances, retrieve a different number of IDs at once. +# if it is a system where the JVM is starting and stopping (e.g. GSH), then +# dont reserve that many at once +grouper.tableIndex.reserveIdsGsh = 1 +grouper.tableIndex.reserveIdsDefault = 10 +grouper.tableIndex.reserveIdsLoader = 10 +grouper.tableIndex.reserveIdsWs = 10 +grouper.tableIndex.reserveIdsUi = 10 + +# group who can assign id index cols (also, wheel or root is allowed) +grouper.tableIndex.groupWhoCanAssignIdIndex = etc:canAssignIdIndex + +# number of bytes in DB that a non ascii char takes +grouper.nonAsciiCharDbBytesLength = 3 + +# cache size for jexl expressions +jexl.cacheSize = 1024 + +# when reading writing files from util classes, this is encoding (was ISO-8859-1) +grouper.default.fileEncoding = UTF-8 + + +##################################### +## testing settings +##################################### + +# if the ldappc tests should be included when running all tests (default false) +junit.test.ldappc = false + +# if the loader tests should be included when running all tests (default true) +junit.test.loader = true + +# if the ddl tests should be included when running all tests (default true) +junit.test.ddl = true + +# if the gsh tests should be included when running all tests (default false) +junit.test.gsh = false + +# if the stress tests should be included when running all tests (default false) +junit.test.stress = false + +# if the external subject tests should be included when running all tests, note you need the jabber attribute in the view (default false) +junit.test.externalSubjects = false + +# if the group sync should be tested... note you need the demo server available to test this, or change some settings... +junit.test.groupSync = false +junit.test.groupSync.url = https://grouperdemo.internet2.edu/grouper-ws_v2_0_0/servicesRest +junit.test.groupSync.user = remoteUser +junit.test.groupSync.password = R:/pass/grouperDemoRemoteUser.pass +#folder where the user can create/stem which the user can use to run tests +junit.test.groupSync.folder = test2:whateverFolder +#this is true unless testing to an older grouper which doesnt support this +junit.test.groupSync.pushAddExternalSubjectIfNotExist = true +junit.test.groupSync.createRemoteFolderIfNotExist = true +junit.test.groupSync.remoteSourceId = grouperExternal +junit.test.groupSync.remoteReadSubjectId = identifier +junit.test.groupSync.remoteWriteSubjectId = identifier + + +##################################### +## attribute framework +##################################### + +# root stem in grouper where built in attributes are put +grouper.attribute.rootStem = etc:attribute + +# comma separated names of attribute defs will not be audited or change log or point in time +grouper.attribute.namesOfAttributeDefsToIgnoreAuditsChangeLogPit.elConfig = ${edu.internet2.middleware.grouper.cfg.GrouperConfig.retrieveConfig().propertyValueStringRequired('grouper.attribute.rootStem')}:userData:grouperUserDataValueDef + +# if the attribute loader attributes, and other attributes should be autoconfigured (created, etc) +grouper.attribute.loader.autoconfigure = true + +##################################### +## centrally managed permissions +##################################### + +# if the permissions limits should be readable and updatable by GrouperAll (set when created)... +grouper.permissions.limits.builtin.createAs.public = true + +# if the permissions limits should be readable and updatable by GrouperAll (set when created)... +grouper.permissions.limits.builtin.displayExtension.limitAmountLessThan = amount less than +grouper.permissions.limits.builtin.displayExtension.limitAmountLessThanOrEqual = amount less than or equal to +grouper.permissions.limits.builtin.displayExtension.limitExpression = Expression +grouper.permissions.limits.builtin.displayExtension.limitIpOnNetworkRealm = ipAddress on network realm +grouper.permissions.limits.builtin.displayExtension.limitIpOnNetworks = ipAddress on networks +grouper.permissions.limits.builtin.displayExtension.limitLabelsContain = labels contains +grouper.permissions.limits.builtin.displayExtension.limitWeekday9to5 = Weekday 9 to 5 + + +# el classes to add to the el context for a limitExpression. Comma-separated fully qualified classnames +grouper.permissions.limits.el.classes = + +# permission limits linked to subclasses of edu.internet2.middleware.grouper.permissions.limits.PermissionLimitBase +#grouper.permissions.limits.logic.someName.limitName = +#grouper.permissions.limits.logic.someName.logicClass = + +# if you are doing ip address limits, you can put realms here +# grouper.permissions.limits.realm.someName = 1.2.3.4/24, 2.3.4.5/16 + +##################################### +## External subjects +##################################### + +#manages the description of a user automatically +externalSubjects.desc.el = ${grouperUtil.appendPrefixIfStringNotBlank('[unverifiedInfo]', ' ', grouperUtil.appendIfNotBlankString(externalSubject.name, ' - ', externalSubject.institution))} [externalUserID] ${externalSubject.identifier} + +#search and sort strings added to member objects +externalSubjects.searchAttribute0.el = ${subject.name},${subjectUtils.defaultIfBlank(subject.getAttributeValue("institution"), "")},${subjectUtils.defaultIfBlank(subject.getAttributeValue("identifier"), "")},${subject.id},${subjectUtils.defaultIfBlank(subject.getAttributeValue("email"), "")} +externalSubjects.sortAttribute0.el = ${subject.name} +externalSubjects.sortAttribute1.el = ${subjectUtils.defaultIfBlank(subject.getAttributeValue("identifier"), "")} +externalSubjects.sortAttribute2.el = ${subjectUtils.defaultIfBlank(subject.getAttributeValue("institution"), "")} + +# false if the description should be managed via EL (config above) +externalSubjects.desc.manual = false + +# quartz cron where subjects are recalculated if necessary (empty means dont run), e.g. everyday at 3am +externalSubjects.calc.fields.cron = 0 0 3 * * ? + +externalSubjects.name.required = true +externalSubjects.email.required = false +externalSubjects.email.enabled = true + +# these field names (uuid, institution, identifier, uuid, email, name) or attribute names +# will be toLowered, and appended with comma separators. e.g. if you add attributes, add them here too +externalSubjects.searchStringFields = name, institution, identifier, uuid, email + +externalSubjects.institution.required = false +externalSubjects.institution.enabled = true + +# note, this must be only alphanumeric lower case or underscore +# (valid db column name, subject attribute name) +#externalSubjects.attributes.jabber.systemName = jabber +#externalSubjects.attributes.jabber.required = false +# comment on column in DB (no special characters allowed) +#externalSubjects.attributes.jabber.comment = The jabber ID of the user + +# if wheel or root can edit external users +externalSubjects.wheelOrRootCanEdit = true + +# group which is allowed to edit external users +externalSubjects.groupAllowedForEdit = + +# if the view on the external subjects should be created. +# turn this off if it doesnt compile, othrewise should be fine +externalSubjects.createView = true + +#name of external subject source, defaults to grouperExternal +externalSubject.sourceId = grouperExternal +externalSubject.sourceName = External Users + +# grouper can auto create a jdbc2 source for the external subjects +externalSubjects.autoCreateSource = true + +# put in fully qualified classes to add to the EL context. Note that they need a default constructor +# comma separated. The alias will be the simple class name without a first cap. +# e.g. if the class is test.Test the alias is "test" +externalSubjects.customElClasses = + +# change these to affect the storage where external subjects live (e.g. to store in ldap), +# must implement each respective storable interface +externalSubjects.storage.ExternalSubjectStorable.class = edu.internet2.middleware.grouper.externalSubjects.ExternalSubjectDbStorage +externalSubjects.storage.ExternalSubjectAttributeStorable.class = edu.internet2.middleware.grouper.externalSubjects.ExternalSubjectAttributeDbStorage + +# you can use the variables $newline$, $inviteLink$. Note, you need to change this default message... +externalSubjectsInviteDefaultEmail = Hello,$newline$$newline$This is an invitation to register at our site to be able to access our applications. This invitation expires in 7 days. Click on the link below and sign in with your InCommon credentials. If you do not have InCommon credentials you can register at a site like protectnetwork.org and use those credentials.$newline$$newline$$inviteLink$$newline$$newline$Regards. +# default subject for email +externalSubjectsInviteDefaultEmailSubject = Register to access applications + +# you can use the variables $newline$, $inviteeIdentifier$, $inviteeEmailAddress$. Note, you need to change this default message... +externalSubjectsNotifyInviterEmail = Hello,$newline$$newline$This is a notification that user $inviteeIdentifier$ from email address $inviteeEmailAddress$ has registered with the identity management service. They can now use applications at this institution.$newline$$newline$Regards. +externalSubjectsNotifyInviterSubject = $inviteeIdentifier$ has registered + +# numner of days after which this request will expire. If -1, then will not expire +externalSubjectsInviteExpireAfterDays = 7 + +#put some group names comma separated for groups to auto add subjects to +externalSubjects.autoaddGroups= +#should be insert, or update, or insert,update +externalSubjects.autoaddGroupActions=insert,update +#if a number is here, expire the group assignment after a certain number of days +externalSubjects.autoaddGroupExpireAfterDays= + +# add multiple group assignment actions by URL param: externalSubjectInviteName +#externalSubjects.autoadd.testingLibrary.externalSubjectInviteName=library + +# comma separated groups to add for this type of invite +#externalSubjects.autoadd.testingLibrary.groups= + +# should be insert, update, or insert,update +#externalSubjects.autoadd.testingLibrary.actions=insert,update + +# should be insert, update, or insert,update +#externalSubjects.autoadd.testingLibrary.expireAfterDays= + +#if registrations are only allowed if invited or existing... +externalSubjects.registerRequiresInvite=true + +#make sure the identifier when logging in is like an email address or eppn, e.g. [email protected] +externalSubjects.validateIndentiferLikeEmail=true + +#put regexes here, increment the 0 for multiple entries, e.g. restrict your own institution +#note, the extensions must be sequential (dont skip), regex e.g. ^.*@myschool\\.edu$ +externalSubjects.regexForInvalidIdentifier.0= + +##################################### +## org management +##################################### + +# if the orgs table(s) should be included in the DDL (includes the hierarchical table +orgs.includePocOrgsTablesInDdl = false + +# loader connection of the database where orgs are (grouper means the grouper db in grouper.hibernate.properties) +orgs.databaseName = grouper + +#table name of the org table (can prefix by schema name if you like) +orgs.orgTableName = grouperorgs_poc_orgs + +#column names of this table +orgs.orgIdCol = id +orgs.orgNameCol = org_name +orgs.orgDisplayNameCol = org_display_name +orgs.orgParentIdCol = parent_id + +#stem where the orgs are, e.g. poc:orgs +orgs.parentStemName = poc:orgs + +#org config name +orgs.configGroupName = poc:orgs:orgsConfig + +###################################### +## Grouper client connections +## if this grouper needs to talk to another grouper, this is the client connection information +###################################### + + +# id of the source, should match the part in the property name +#grouperClient.someOtherSchool.id = someOtherSchool + +# url of web service, should include everything up to the first resource to access +# e.g. https://groups.school.edu/grouperWs/servicesRest +#grouperClient.someOtherSchool.properties.grouperClient.webService.url = https://some.other.school.edu/grouperWs/servicesRest + +# login ID +#grouperClient.someOtherSchool.properties.grouperClient.webService.login = someRemoteLogin + +# password for shared secret authentication to web service +# or you can put a filename with an encrypted password +#grouperClient.someOtherSchool.properties.grouperClient.webService.password = ********* + +# client version should match or be related to the server on the other end... +#grouperClient.someOtherSchool.properties.grouperClient.webService.client.version = v2_0_000 + +# this is the subject to act as local, if blank, act as GrouperSystem, specify with SubjectFinder packed string, e.g. +# subjectIdOrIdentifier or sourceId::::subjectId or ::::subjectId or sourceId::::::subjectIdentifier or ::::::subjectIdentifier +# sourceId::::::::subjectIdOrIdentifier or ::::::::subjectIdOrIdentifier +#grouperClient.someOtherSchool.localActAsSubject = + +# the id of this source, generally the same as the name in the property name. This is mandatory +#grouperClient.someOtherSchool.source.jdbc.id = jdbc + +# the part between "grouperClient.someOtherSchool.source." and ".id" links up the configs, +# in this case, "jdbc", make sure it has no special chars. sourceId can be blank if you dont want to specify +#grouperClient.someOtherSchool.source.jdbc.local.sourceId = jdbc + +# this is the identifier that goes between them, it is "id" or an attribute name. subjects without this attribute will not be processed +#grouperClient.someOtherSchool.source.jdbc.local.read.subjectId = identifier + +# this is the identifier to lookup to add a subject, should be "id" or "identifier" or "idOrIdentifier" +#grouperClient.someOtherSchool.source.jdbc.local.write.subjectId = identifier + +# sourceId of the remote system, can be blank +#grouperClient.someOtherSchool.source.jdbc.remote.sourceId = jdbc + +# this is the identifier that goes between them, it is "id" or an attribute name. subjects without this attribute will not be processed +#grouperClient.someOtherSchool.source.jdbc.remote.read.subjectId = + +# this is the identifier to lookup to add a subject, should be "id" or "identifier" or "idOrIdentifier" +#grouperClient.someOtherSchool.source.jdbc.remote.write.subjectId = + + + + +###################################### +## Sync to/from another grouper +## Only sync one group to one other group, do not sync one group to +## two report groupers. If you need to do this, add the group to another group +###################################### + +# we need to know where our +# connection name in grouper client connections above +#syncAnotherGrouper.testGroup0.connectionName = someOtherSchool + +# incremental or push or pull or incremental_push. Note, incremental push is cron'ed and incremental (to make sure no discrepancies arise) +#syncAnotherGrouper.testGroup0.syncType = incremental_push + +# quartz cron to schedule the pull or push (incremental is automatic as events happen) (e.g. 5am daily) +#syncAnotherGrouper.testGroup0.cron = 0 0 5 * * ? + +# local group which is being synced +#syncAnotherGrouper.testGroup0.local.groupName = test:testGroup + +# remote group at another grouper which is being synced +#syncAnotherGrouper.testGroup0.remote.groupName = test2:testGroup2 + +# if subjects are external and should be created if not exist +#syncAnotherGrouper.testGroup0.addExternalSubjectIfNotFound = true + + + +################################### +## user data settings +################################### + +# amount of time to cache groups in use +grouperUserData.group.cache.seconds = 120 + + +###################################### +## Legacy attributes +###################################### +legacyAttribute.baseStem=etc:legacy:attribute +legacyAttribute.groupTypeDef.prefix=legacyGroupTypeDef_ +legacyAttribute.attributeDef.prefix=legacyAttributeDef_ +legacyAttribute.customListDef.prefix=legacyCustomListDef_ +legacyAttribute.groupType.prefix=legacyGroupType_ +legacyAttribute.attribute.prefix=legacyAttribute_ +legacyAttribute.customList.prefix=legacyCustomList_ +legacyAttributeMigration.useThreads = true +legacyAttributeMigration.threadPoolSize = 20 + + +###################################### +## Point in time audit +###################################### +pit.sync.useThreads = true +pit.sync.threadPoolSize = 20 + + +###################################### +## Stem sets +###################################### +stemSet.sync.useThreads = true +stemSet.sync.threadPoolSize = 20 + + +###################################### +## Group sets +###################################### +groupSet.sync.useThreads = true +groupSet.sync.threadPoolSize = 20 + +######################## +## LDAPProvisioningHook +######################## +#LDAPProvisioningHook.exclude.regex.0=.*_excludes$ +#LDAPProvisioningHook.exclude.regex.1=.*_includes$ +#LDAPProvisioningHook.exclude.regex.2=.*_systemOfRecord$ +#LDAPProvisioningHook.exclude.regex.3=.*_systemOfRecordAndIncludes$ + +######################################### +## Unresolvable Subject Deletion Utility +######################################### + +# Don't do anything if more than this number of unresolvable subjects are found +usdu.failsafe.maxUnresolvableSubjects = 200 + + +################# DIAGNOSTICS ################## +# In UI and WS + +#if ignore tests. Note, in job names, invalid chars need to be replaced with underscore (e.g. colon) +#anything in this regex: [^a-zA-Z0-9._-] +ws.diagnostic.ignore.memoryTest = false +ws.diagnostic.ignore.dbTest_grouper = false +ws.diagnostic.ignore.source_jdbc = false +ws.diagnostic.ignore.loader_CHANGE_LOG_changeLogTempToChangeLog = false + +#this is 52 hours... 48 for 2 days, and 4 more for the job to run. So if the warehouse is down for updates, +#then the daily job will not give an error +ws.diagnostic.defaultMinutesSinceLastSuccess = 3120 + +#change log can only for 30 minutes of failing before diagnostics fails +ws.diagnostic.defaultMinutesChangeLog = 30 + +#number of minute that can go by without a success before an error is thrown +ws.diagnostic.minutesSinceLastSuccess.loader_SQL_GROUP_LIST__aStem_aGroup2 = 60 + +#list groups which should check the size, in this case, "employee" or "students" in the key name is a variable +#ws.diagnostic.checkGroupSize.employees.groupName = community:employees +#ws.diagnostic.checkGroupSize.employees.minSize = 28000 + +#ws.diagnostic.checkGroupSize.students.groupName = community:students +#ws.diagnostic.checkGroupSize.students.minSize = 18000 + http://git-wip-us.apache.org/repos/asf/airavata/blob/89e0fdc8/modules/group-manager/src/main/resources/grouperUtf8.txt ---------------------------------------------------------------------- diff --git a/modules/group-manager/src/main/resources/grouperUtf8.txt b/modules/group-manager/src/main/resources/grouperUtf8.txt new file mode 100755 index 0000000..526f696 --- /dev/null +++ b/modules/group-manager/src/main/resources/grouperUtf8.txt @@ -0,0 +1 @@ +ٹٺٻټÙÙÙ \ No newline at end of file
