http://git-wip-us.apache.org/repos/asf/airavata/blob/82e57526/modules/group-manager/src/main/resources/grouper.client.properties ---------------------------------------------------------------------- diff --git a/modules/group-manager/src/main/resources/grouper.client.properties b/modules/group-manager/src/main/resources/grouper.client.properties deleted file mode 100755 index cf78604..0000000 --- a/modules/group-manager/src/main/resources/grouper.client.properties +++ /dev/null @@ -1,552 +0,0 @@ -# -# Copyright 2014 Internet2 -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -# -# Grouper client configuration -# $Id: grouper.client.base.properties,v 1.24 2009-12-30 04:23:02 mchyzer Exp $ -# - -# The grouper client uses Grouper Configuration Overlays (documented on wiki) -# By default the configuration is read from grouper.client.base.properties -# (which should not be edited), and the grouper.client.properties overlays -# the base settings. See the grouper.client.base.properties for the possible -# settings that can be applied to the grouper.client.properties - -######################################## -## LDAP connection settings -######################################## - -# url of directory, including the base DN (distinguished name) -# e.g. ldap://server.school.edu/dc=school,dc=edu -# e.g. ldaps://server.school.edu/dc=school,dc=edu -grouperClient.ldap.url = - -# kerberos principal used to connect to ldap -grouperClient.ldap.login = - -# password for shared secret authentication to ldap -# or you can put a filename with an encrypted password -grouperClient.ldap.password = - -######################################## -## Web service Connection settings -######################################## - -# url of web service, should include everything up to the first resource to access -# e.g. http://groups.school.edu:8090/grouper-ws/servicesRest -# e.g. https://groups.school.edu/grouper-ws/servicesRest -grouperClient.webService.url = - -# kerberos principal used to connect to web service -grouperClient.webService.login = - -# password for shared secret authentication to web service -# or you can put a filename with an encrypted password -grouperClient.webService.password = - -######################################## -## Config chaining hierarchy -######################################## - -# comma separated config files that override each other (files on the right override the left) -# each should start with file: or classpath: -# e.g. classpath:grouper.client.example.properties, file:c:/something/myconfig.properties -grouperClient.config.hierarchy = classpath:grouper.client.base.properties, classpath:grouper.client.properties - -# seconds between checking to see if the config files are updated -grouperClient.config.secondsBetweenUpdateChecks = 60 - -######################################## -## Misc settings -######################################## - -# path of a writable directory where files can be created or stored -# for example, cache of discovery configuration, or failover state -# dot is the current directory... note, this directory must exist -# or it will be created (attempted) -# if this is blank, none of these features will be used, and -# no files will be saved -grouperClient.cacheDirectory = . - -######################################## -## Encrypted password settings -######################################## - -# Put a random alphanumeric string (Case sensitive) for the password encryption. e.g. fh43IRJ4Nf5 -# or put a filename where the random alphanumeric string is. -# e.g. c:/whatever/key.txt -# e.g. sdfklj24lkj34lk34 -encrypt.key = - -# set this to true if you have slashes in your passwords and dont want to look in external files or unencrypt -encrypt.disableExternalFileLookup = false - -# pre grouper 2.0, the client encrypted passwords differently than the server. Now that the client is part of the server, -# there are more reasons to be consistent. Change to false for pre-2.0 password encryption behavior -encrypt.encryptLikeServer = true - -######################################## -## Logging -######################################## - -# For java.util.logging, only for the grouperClient package (not below) -# from java java.util.logging.Level class: ALL, CONFIG, FINE, FINER, FINEST, OFF, SEVERE, WARNING -grouperClient.logging.grouperClientOnly.logLevel = WARNING - -# If you are not using log4j (will use java.util.logging, you can turn logging on which will go to stderr -# (if no file specified below). This is default log level -# from java java.util.logging.Level class: ALL, CONFIG, FINE, FINER, FINEST, OFF, SEVERE, WARNING -grouperClient.logging.logLevel = WARNING - -# If you dont want the logging to go to stderr, then put a log file location here: e.g. f:/temp/grouperClient.log -grouperClient.logging.logFile = - -# if you want ws requests and responses being logged to files, put the directory here. -# The grouper client will create subdirs -grouperClient.logging.webService.documentDir = - -# try to indent the xml. If this fails for some reason, or you want the raw xml, -# set to false -grouperClient.logging.webService.indent = true - -# if the masked password should be logged (if false, dont log anything about password) -# the masked password will show how many chars the password is (helpful for diagnosing -# password encryption issues) -grouperClient.logging.logMaskedPassword = false - -######################################## -## Service discovery settings -######################################## - -# number of minutes to remember that a connection had errors -grouperClient.minutesToKeepErrors = 2 - -# if you are using a discovery service, but a discovery properties -# at a URL (preferably SSL with valid certificate) -# you should have multiple discovery URLs hosted at independent locations -# to add more, increment the integer -grouperClient.urlOfDiscovery.0 = -grouperClient.urlOfDiscovery.1 = - -# if your app has a slow startup time, and the initial connections are timing out -# esp if you arent just using the command line client (e.g. if using it as a jar), -# then add more time here -grouperClient.secondsForClassesToLoad = 20 - -# this will save the failover state to a file so if the JVM is stopped, it -# will be there when it starts again. -# Set to 0 to store on every use (recommended if used command line) -# or set to -1 to not store or read ever -# grouperClient.cacheDirectory must be set -grouperClient.saveFailoverStateEverySeconds = 60 - -# if the failover client should use threads. If it doesnt then you cant detect timeouts -grouperClient.failoverClientUseThreads = true - -# this will cache the discovery properties in memory or on disk -# if you want to cache the discovery properties locally, put a directory here: -# this is recommended especially if you are using the grouper client as a command -# line application and the process is constantly restarting -# note, this will be used for a failsafe cache if all discovery servers are unavailable -# grouperClient.cacheDirectory must be set -# set to 0 or -1 to not cache -grouperClient.cacheDiscoveryPropertiesForSeconds = 120 - -# this is the path in the discovery server there the grouper.client.discovery.properties is -grouperClient.discoveryGrouperClientPropertiesDirectory = - -#### -## Below here are default values and override values for the discovery -## properties at your institution. Note: if the override keys are there -## with no value then it will blank out the discovery service value -#### - -# default urls of directory, including the base DN (distinguished name) -# add more properties and increment the integer (.1, .2, etc) -# e.g. ldap://server.school.edu/dc=school,dc=edu -# e.g. ldaps://server.school.edu/dc=school,dc=edu -grouperClient.discoveryDefault.ldap.0.url = -#grouperClient.discoveryOverride.ldap.0.url = - -# default active/active or active/standby -# active/active will pick a server randomly, -# and will stick with it for as long as the affinity is set -# active/standby will always use the first connection -# if no errors, then try the second one etc. -# if a connection has more errors and has a higher priority, -# then it will not be tried again until the -# takeConnectionOutOfPoolOnErrorForSeconds timeout -# passes -grouperClient.discoveryDefault.ldap.loadBalancing = active/active -#grouperClient.discoveryOverride.ldap.loadBalancing = active/active - -# if we are active/active, then the same connection will -# be used for a certain number of seconds. If this is -1, then -# always keep the same server (unless errors) -grouperClient.discoveryDefault.ldap.affinitySeconds = 28800 -#grouperClient.discoveryOverride.ldap.affinitySeconds = 28800 - -# if a connection has more errors than another, it will not be -# used until this error timeout passes (unless the other is throwing errors -# too) -grouperClient.discoveryDefault.ldap.lowerConnectionPriorityOnErrorForMinutes = 3 -#grouperClient.discoveryOverride.ldap.lowerConnectionPriorityOnErrorForMinutes = 3 - -# when a connection is attempted, this is the timeout that it will use before trying -# another connection -grouperClient.discoveryDefault.ldap.timeoutSeconds = 30 -#grouperClient.discoveryOverride.ldap.timeoutSeconds = 30 - -# after all connections have been attempted, it will wait for this long -# to see if any finish -grouperClient.discoveryDefault.ldap.extraTimeoutSeconds = 15 -#grouperClient.discoveryOverride.ldap.extraTimeoutSeconds = 15 - -# urls of web service, should include everything up to the first resource to access -# this is for read or write operations -# add more properties and increment the integer (.1, .2, etc) -# e.g. http://groups.school.edu:8090/grouper-ws/servicesRest -# e.g. https://groups.school.edu/grouper-ws/servicesRest -grouperClient.discoveryDefault.webService.readWrite.0.url = -#grouperClient.discoveryOverride.webService.readWrite.0.url = - -# url of web service, should include everything up to the first resource to access -# this is for only read operations -# add more properties and increment the integer (.1, .2, etc) -# e.g. http://groups.school.edu:8090/grouper-ws/servicesRest -# e.g. https://groups.school.edu/grouper-ws/servicesRest -grouperClient.discoveryDefault.webService.readOnly.0.url = -#grouperClient.discoveryOverride.webService.readOnly.0.url = - -# active/active or active/standby -# active/active will pick a server randomly, -# and will stick with it for as long as the affinity is set -# active/standby will always use the first connection -# if no errors, then try the second one etc. -# if a connection has more errors and has a higher priority, -# then it will not be tried again until the -# takeConnectionOutOfPoolOnErrorForSeconds timeout -# passes -grouperClient.discoveryDefault.webService.loadBalancing = active/active -#grouperClient.discoveryOverride.webService.loadBalancing = active/active - -# if you want to always try read/write before readOnly (i.e. if you are -# worried about if you make a write and read right after each other) -grouperClient.discoveryDefault.webService.preferReadWrite = true -#grouperClient.discoveryOverride.webService.preferReadWrite = true - -# if we are active/active, then the same connection will -# be used for a certain number of seconds. If this is -1, then -# always keep the same server (unless errors) -grouperClient.discoveryDefault.webService.affinitySeconds = 28800 -#grouperClient.discoveryOverride.webService.affinitySeconds = 28800 - -# if a connection has more errors than another, it will not be -# used until this error timeout passes (unless the other is throwing errors -# too) -grouperClient.discoveryDefault.webService.lowerConnectionPriorityOnErrorForMinutes = 3 -#grouperClient.discoveryOverride.webService.lowerConnectionPriorityOnErrorForMinutes = 3 - -# when a connection is attempted, this is the timeout that it will use before trying -# another connection -grouperClient.discoveryDefault.webService.timeoutSeconds = 60 -#grouperClient.discoveryOverride.webService.timeoutSeconds = 60 - -# after all connections have been attempted, it will wait for this long -# to see if any finish -grouperClient.discoveryDefault.webService.extraTimeoutSeconds = 30 -#grouperClient.discoveryOverride.webService.extraTimeoutSeconds = 30 - - - -#################################################################################### -#################################################################################### -#### Institutional and advanced settings -#################################################################################### -#################################################################################### - -####################################### -## output templates -####################################### - -webService.addMember.output = Index ${index}: success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: ${wsSubject.id}$newline$ -webService.getMembers.output = GroupIndex ${groupIndex}: success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: group: ${wsGroup.name}: subjectIndex: ${subjectIndex}: ${wsSubject.id}$newline$ -webService.deleteMember.output = Index ${index}: success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: ${wsSubject.id}$newline$ -webService.hasMember.output = Index ${index}: success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: ${wsSubject.id}: ${hasMember}$newline$ -webService.getGroups.output = SubjectIndex ${subjectIndex}: success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: subject: ${wsSubject.id}: groupIndex: ${groupIndex}: ${wsGroup.name}$newline$ -webService.groupSave.output = Success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: ${wsGroup.name}$newline$ -webService.stemSave.output = Success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: ${wsStem.name}$newline$ -webService.groupDelete.output = Index ${index}: success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: ${wsGroup.name}$newline$ -webService.stemDelete.output = Index ${index}: success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: ${wsStem.name}$newline$ -webService.getGrouperPrivilegesLite.output = Index ${index}: success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: ${objectType}: ${objectName}: subject: ${wsSubject.id}: ${wsGrouperPrivilegeResult.privilegeType}: ${wsGrouperPrivilegeResult.privilegeName}$newline$ -webService.assignGrouperPrivileges.output = Index: ${index}, success: ${resultMetadata.success}, code: ${resultMetadata.resultCode}, ${objectType}: ${objectName}, subject: ${wsSubject.id}, ${wsAssignGrouperPrivilegesResult.privilegeType}: ${wsAssignGrouperPrivilegesResult.privilegeName}$newline$ -webService.assignGrouperPrivilegesLite.output = Success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: ${objectType}: ${objectName}: subject: ${wsSubject.id}: ${wsAssignGrouperPrivilegesLiteResult.privilegeType}: ${wsAssignGrouperPrivilegesLiteResult.privilegeName}$newline$ -webService.findGroups.output = Index ${index}: name: ${wsGroup.name}, displayName: ${wsGroup.displayName}$newline$ -webService.findStems.output = Index ${index}: name: ${wsStem.name}, displayName: ${wsStem.displayName}$newline$ -webService.memberChangeSubject.output = Success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: oldSubject: ${wsSubjectOld.id}, newSubject: ${wsSubjectNew.id}$newline$ -webService.getMemberships.output = Index: ${index}: ${type}: ${ownerName}, subject: ${wsSubject.id}, list: ${wsMembership.listName}, type: ${wsMembership.membershipType}, enabled: ${wsMembership.enabled}$newline$ -webService.getSubjects.output = Index: ${index}: success: ${success}, code: ${wsSubject.resultCode}, subject: ${wsSubject.id}$newline$ -webService.getAttributeAssignments.output = Index: ${index}: attributeAssignType: ${wsAttributeAssign.attributeAssignType}, owner: ${ownerName}, attributeDefNameName: ${wsAttributeDefName.name}, action: ${wsAttributeAssign.attributeAssignActionName}, values: ${valuesString}, enabled: ${wsAttributeAssign.enabled}, id: ${wsAttributeAssign.id}$newline$ -webService.getAttributeAssignActions.output = Index: ${index}: nameOfAttributeDef: ${wsAttributeAssignActionTuple.nameOfAttributeDef}, action: ${wsAttributeAssignActionTuple.action}$newline$ -webService.assignAttributes.output = Index: ${index}: attributeAssignType: ${wsAttributeAssign.attributeAssignType}, owner: ${ownerName}, attributeDefNameName: ${wsAttributeDefName.name}, action: ${wsAttributeAssign.attributeAssignActionName}, values: ${valuesString}, enabled: ${wsAttributeAssign.enabled}, id: ${wsAttributeAssign.id}, changed: ${wsAssignAttributeResult.changed}, deleted: ${wsAssignAttributeResult.deleted}, valuesChanged: ${wsAssignAttributeResult.valuesChanged}$newline$ -webService.assignAttributesBatch.output = Index: ${assignIndex}, itemIndex: ${assignItemIndex}: attributeAssignType: ${wsAttributeAssign.attributeAssignType}, owner: ${ownerName}, attributeDefNameName: ${wsAttributeDefName.name}, action: ${wsAttributeAssign.attributeAssignActionName}, values: ${valuesString}, enabled: ${wsAttributeAssign.enabled}, id: ${wsAttributeAssign.id}, changed: ${wsAssignAttributeBatchResult.changed}, deleted: ${wsAssignAttributeBatchResult.deleted}, valuesChanged: ${wsAssignAttributeBatchResult.valuesChanged}$newline$ -webService.getPermissionAssignments.output = Index: ${index}: permissionType: ${wsPermissionAssign.permissionType}, role: ${wsPermissionAssign.roleName}, subject: ${wsPermissionAssign.sourceId} - ${wsPermissionAssign.subjectId}, attributeDefNameName: ${wsPermissionAssign.attributeDefNameName}, action: ${wsPermissionAssign.action}, allowedOverall: ${wsPermissionAssign.allowedOverall}, enabled: ${wsPermissionAssign.enabled}$newline$ -webService.assignPermissions.output = Index: ${index}: permissionType: ${permissionType}, owner: ${ownerName}, permissionDefNameName: ${wsAttributeDefName.name}, action: ${wsAttributeAssign.attributeAssignActionName}, disallowed: ${wsAttributeAssign.disallowed}, enabled: ${wsAttributeAssign.enabled}, attributeAssignId: ${wsAttributeAssign.id}, changed: ${wsAssignPermissionResult.changed}, deleted: ${wsAssignPermissionResult.deleted}$newline$ -webService.assignAttributeDefNameInheritance.output = Success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}, message: ${resultMetadata.resultMessage}$newline$ -webService.attributeDefNameSave.output = Success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: ${wsAttributeDefName.name}$newline$ -webService.attributeDefNameDelete.output = Index ${index}: success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: ${wsAttributeDefName.name}$newline$ -webService.findAttributeDefNames.output = Index ${index}: name: ${wsAttributeDefName.name}, displayName: ${wsAttributeDefName.displayName}$newline$ -webService.assignAttributeDefActions.output=Index ${index}: nameOfAttributeDef: ${nameOfAttributeDef}, action: ${actionWithOperation.action}, status: ${actionWithOperation.status}$newline$ - -####################################### -## ldap queries -####################################### - -# operation name -ldapSearchAttribute.operationName.0 = pennnameToPennid -ldapSearchAttribute.ldapName.0 = ou=pennnames -ldapSearchAttribute.matchingAttributes.0 = pennname -ldapSearchAttribute.matchingAttributeLabels.0 = pennnameToDecode -ldapSearchAttribute.returningAttributes.0 = pennid -ldapSearchAttribute.outputTemplate.0 = pennid: ${pennid} -ldapSearchAttribute.resultType.0 = STRING - -ldapSearchAttribute.operationName.1 = pennidToPennname -ldapSearchAttribute.ldapName.1 = ou=pennnames -ldapSearchAttribute.matchingAttributes.1 = pennid -ldapSearchAttribute.matchingAttributeLabels.1 = pennidToDecode -ldapSearchAttribute.returningAttributes.1 = pennname -ldapSearchAttribute.outputTemplate.1 = pennname: ${pennname} -ldapSearchAttribute.resultType.1 = STRING - -ldapSearchAttribute.operationName.2 = hasMemberLdap -ldapSearchAttribute.ldapName.2 = ou=groups -ldapSearchAttribute.matchingAttributes.2 = cn, hasMember -ldapSearchAttribute.matchingAttributeLabels.2 = groupName, pennnameToCheck -ldapSearchAttribute.returningAttributes.2 = cn -ldapSearchAttribute.outputTemplate.2 = hasMember: ${resultBoolean} -ldapSearchAttribute.resultType.2 = BOOLEAN - -ldapSearchAttribute.operationName.3 = getMembersLdap -ldapSearchAttribute.ldapName.3 = ou=groups -ldapSearchAttribute.matchingAttributes.3 = cn -ldapSearchAttribute.matchingAttributeLabels.3 = groupName -ldapSearchAttribute.returningAttributes.3 = hasMember -ldapSearchAttribute.outputTemplate.3 = ${resultString}$newline$ -ldapSearchAttribute.resultType.3 = STRING_LIST - -######################################## -## Custom operations -## Implement the interface ClientOperation, put it in the jar -## Increment the int index for multiples (must be in order) -######################################## - -#customOperation.name.0 = cosignLikeWebsec -#customOperation.class.0 = edu.upenn.isc.grouperClient.CosignLikeWebsecOperation - - -######################################## -## Authentication settings -######################################## - -# user prefix -grouperClient.ldap.user.prefix = uid= - -# user suffix -grouperClient.ldap.user.suffix = ,ou=entities,dc=upenn,dc=edu - -# config name for the ldap user name between prefix and suffix -grouperClient.ldap.user.label = login - -# config name for the webService user name between prefix and suffix -grouperClient.webService.user.label = login - -######################################## -## Web service settings -######################################## - -# web service client version -grouperClient.webService.client.version = v2_2_000 - -# socket timeout -grouperClient.webService.httpSocketTimeoutMillis = 90000 - -# connection manager timeout -grouperClient.webService.httpConnectionManagerTimeoutMillis = 90000 - -# ignore extraneous xml fields from server (e.g. on server upgrade, when the client isnt upgraded) -# if you dont ignore, and there is an extraneous field which is not omitted (below), then an exception -# will be thrown -grouperClient.webService.ignoreExtraneousXmlFields = true - -# register fields to be ignored with xstream. this is useful if you are not -# ignoring extraneous fields (above), but know that there are a few to be ignored -# place them here with fully qualified classname dont property name, comma separated -# e.g. edu.internet2.middleware.grouperClient.ws.beans.WsResponseMeta.millis, edu.internet2.middleware.grouperClient.ws.beans.WsResponseMeta.millis2 -grouper.webService.omitXmlProperties = - -######################################## -## Misc -######################################## - -# if there are extra command line args, should we fail or just log? -grouperClient.failOnExtraCommandLineArgs = true - -# you can have aliases for subjectId and subjectIdentifer in command line args -# (though subjectId will still be allowed, but you cant pass both) -# if this value is pennIds, then e.g. for addMemberWs, you can use --pennIds=123,234 -# instead of --subjectIds=123,345 -grouperClient.alias.subjectIds = - -# if this value is pennKeys, then e.g. for addMemberWs, you can use --pennKeys=abc,bcd -# instead of --subjectIdentifiers=abc,bcd -grouperClient.alias.subjectIdentifiers = - -# if this value is pennId, then e.g. for getGrouperPrivilegesLite, you can use --pennId=123 -# instead of --subjectId=123 -grouperClient.alias.subjectId = - -# if this value is pennKey, then e.g. for getGrouperPrivilegesLite, you can use --pennKey=abc -# instead of --subjectIdentifiers=abc -grouperClient.alias.subjectIdentifier = - -# if this value is PennId, then e.g. for addMemberWs, you can use --actAsPennId=123 -# instead of --actAsSubjectId=abc,bcd -grouperClient.alias.SubjectId = - -# if this value is PennKey, then e.g. for addMemberWs, you can use --actAsPennKey=abc -# instead of --actAsSubjectIdentifier=abc -grouperClient.alias.SubjectIdentifier = - -# the encoding used to read config files -grouperClient.config.encoding = UTF-8 - -# this should probably be changed to UTF-8 for international charsets... for US it can be: ISO-8859-1 -grouperClient.default.fileEncoding = UTF-8 - -# to not require valid SSL, use: edu.internet2.middleware.grouperClient.ssl.EasySslSocketFactory -grouperClient.https.customSocketFactory = - -# to not require valid SSL, use: edu.internet2.middleware.grouperClient.ssl.BlindSslSocketFactory -grouperClient.ldaps.customSocketFactory = - - -############################## -## Kuali Identity settings -############################## - -kuali.identity.source.0 = jdbc -kuali.identity.nameAttribute.0 = name -kuali.identity.identifierAttribute.0 = loginid - -# separate a sourceId from a subjectId or sourceId -kuali.identity.sourceSeparator = :::: - - -######################################## -## JDBC settings -######################################## - -# default database connection name -grouperClient.jdbc.defaultName = default - -# the part between jdbc. and the last . is the name of the connection, in this case "default" -# e.g. mysql: com.mysql.jdbc.Driver -# e.g. p6spy (log sql): com.p6spy.engine.spy.P6SpyDriver -# for p6spy, put the underlying driver in spy.properties -# e.g. oracle: oracle.jdbc.driver.OracleDriver -# e.g. hsqldb: org.hsqldb.jdbcDriver -# e.g. postgres: org.postgresql.Driver -# e.g. mssql: com.microsoft.sqlserver.jdbc.SQLServerDriver -grouperClient.jdbc.default.driver = oracle.jdbc.driver.OracleDriver - -# e.g. mysql: jdbc:mysql://localhost:3306/grouper -# e.g. p6spy (log sql): [use the URL that your DB requires] -# e.g. oracle: jdbc:oracle:thin:@server.school.edu:1521:sid -# e.g. hsqldb (a): jdbc:hsqldb:dist/run/grouper;create=true -# e.g. hsqldb (b): jdbc:hsqldb:hsql://localhost:9001/grouper -# e.g. postgres: jdbc:postgresql://localhost:5432/database -# e.g. mssql: jdbc:sqlserver://localhost:3280 -grouperClient.jdbc.default.url = jdbc:oracle:thin:@server.school.edu:1521:sid -grouperClient.jdbc.default.user = some_schema -grouperClient.jdbc.default.pass = abc123 - - - -################################ -## AWS settings -################################ - -# sqs settings -grouperClient.awsAccessKey = ABC123 -grouperClient.awsSecretKey = xyz789 -grouperClient.awsSqsQueueUrl = https://sqs.region.amazonaws.com/1234/queue_name - - -################################ -## ESB settings -################################ - -## if you want to encrypt messages, set this to an implementation of edu.internet2.middleware.grouperClient.encryption.GcEncryptionInterface -esb.consumer.encryptionImplementation = edu.internet2.middleware.grouperClient.encryption.GcSymmetricEncryptAesCbcPkcs5Padding -## this is a key or could be encrypted in a file as well like other passwords -## generate a key with: java -cp grouperClient.jar edu.internet2.middleware.grouperClient.encryption.GcGenerateKey -## number these if there are multiple -#esb.consumer.encryptionKey.0 = abc123 - - -################################ -## XMPP client settings -## Note: you need the smack.jar in your classpath, see the grouper xmpp wiki for usage -## https://spaces.internet2.edu/display/Grouper/Grouper+XMPP+notifications+v1.6.0 -################################ - - -## general xmpp configuration -grouperClient.xmpp.server.host = jabber.school.edu -grouperClient.xmpp.server.port = 5222 -grouperClient.xmpp.user = username -# note, pass can be in an external file with morphstring -grouperClient.xmpp.pass = -grouperClient.xmpp.resource = grouperClient -# note, you need the exact id and resource here or it wont match -grouperClient.xmpp.trustedMessagesFromJabberIds = [email protected]/resource, [email protected]/resource2 - -# if true, then each quartz trigger name will be unique -# do this for atlassian since it doesnt do quartz right, and wont delete or reuse old triggers -grouperClient.xmpp.uniqueQuartzTriggerNames = false - -# if true, send this to smack, if we should debug. not sure if it does anything -grouperClient.xmpp.debuggerEnabled = false - -grouperClient.xmpp.job.myJobName.groupNames = test:xmppGroups:test1 -grouperClient.xmpp.job.myJobName.allowIncrementalNotInGroupNamesList = false -grouperClient.xmpp.job.myJobName.handlerClass = edu.internet2.middleware.grouperClientExt.xmpp.GrouperClientXmppFileHandler -# set this to reload_group or incremental if not reload on each event -grouperClient.xmpp.job.myJobName.eventAction = incremental -# how often a full refresh should occur regardless of events -grouperClient.xmpp.job.myJobName.fullRefreshQuartzCronString = 0 0 5 * * ? -grouperClient.xmpp.job.myJobName.fileHandler.targetFile = c:/temp/targetFile.txt -grouperClient.xmpp.job.myJobName.fileHandler.filePrefix = c:/temp/filePrefix.txt -grouperClient.xmpp.job.myJobName.fileHandler.iteratorEl = ${subject.attribute['pennname']}$space$ -grouperClient.xmpp.job.myJobName.fileHandler.fileSuffix = c:/temp/fileSuffix.txt -grouperClient.xmpp.job.myJobName.subjectAttributeNames = pennname -# subjects wont notify in not in these sources, comma separated, or blank for all -grouperClient.xmpp.job.myJobName.requireSources = pennperson -# subjects wont notify if they dont have a non blank value for these attributes, or blank for all -grouperClient.xmpp.job.myJobName.requireAttributes = pennname - -
http://git-wip-us.apache.org/repos/asf/airavata/blob/82e57526/modules/group-manager/src/main/resources/grouper.hibernate.base.properties ---------------------------------------------------------------------- diff --git a/modules/group-manager/src/main/resources/grouper.hibernate.base.properties b/modules/group-manager/src/main/resources/grouper.hibernate.base.properties deleted file mode 100755 index 7070b17..0000000 --- a/modules/group-manager/src/main/resources/grouper.hibernate.base.properties +++ /dev/null @@ -1,120 +0,0 @@ -# -# Copyright 2014 Internet2 -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -# -# Grouper Hibernate Configuration -# $Id: grouper.hibernate.example.properties,v 1.9 2009-08-11 20:18:09 mchyzer Exp $ -# - -# The grouper hibernate config uses Grouper Configuration Overlays (documented on wiki) -# By default the configuration is read from grouper.hibernate.base.properties -# (which should not be edited), and the grouper.hibernate.properties overlays -# the base settings. See the grouper.hibernate.base.properties for the possible -# settings that can be applied to the grouper.hibernate.properties - -######################################## -## Config chaining hierarchy -######################################## - -# comma separated config files that override each other (files on the right override the left) -# each should start with file: or classpath: -# e.g. classpath:grouper.hibernate.base.properties, file:c:/temp/myFile.properties -grouper.hibernate.config.hierarchy = classpath:grouper.hibernate.base.properties, classpath:grouper.hibernate.properties - -# seconds between checking to see if the config files are updated -grouper.hibernate.config.secondsBetweenUpdateChecks = 60 - -######################################## -## DB settings -######################################## - -# e.g. mysql: jdbc:mysql://localhost:3306/grouper -# e.g. p6spy (log sql): [use the URL that your DB requires] -# e.g. oracle: jdbc:oracle:thin:@server.school.edu:1521:sid -# e.g. hsqldb (a): jdbc:hsqldb:dist/run/grouper;create=true -# e.g. hsqldb (b): jdbc:hsqldb:hsql://localhost:9001/grouper -# e.g. postgres: jdbc:postgresql://localhost:5432/database -# e.g. mssql: jdbc:sqlserver://localhost:3280;databaseName=grouper -hibernate.connection.url = jdbc:hsqldb:hsql://localhost:9001/grouper - -hibernate.connection.username = sa -# If you are using an empty password, depending upon your version of -# Java and Ant you may need to specify a password of "". -# Note: you can keep passwords external and encrypted: https://bugs.internet2.edu/jira/browse/GRP-122 -hibernate.connection.password = - -################ BELOW HERE YOU GENERALLY DO NOT NEED TO CHANGE #################### - -# Leave blank to autodetect based on URL, or specify -# Hibernate3. -# e.g. org.hibernate.dialect.Oracle10gDialect, org.hibernate.dialect.HSQLDialect -# e.g. org.hibernate.dialect.PostgreSQLDialect ,org.hibernate.dialect.MySQL5Dialect -# e.g. org.hibernate.dialect.SQLServerDialect -hibernate.dialect = - -# see http://ehcache.org/documentation/user-guide/hibernate#Configure-Ehcache-as-the-Second-Level-Cache-Provider -# Hibernate 3.0 - 3.2 -# hibernate.cache.provider_class = org.hibernate.cache.EhCacheProvider -# Hibernate 3.3+ -hibernate.cache.region.factory_class = net.sf.ehcache.hibernate.EhCacheRegionFactory - - -# -# Generic Hibernate Configuration -# - -hibernate.cache.use_query_cache = true - -# leave blank to autodetect based on URL -# e.g. mysql: com.mysql.jdbc.Driver -# e.g. p6spy (log sql): com.p6spy.engine.spy.P6SpyDriver -# for p6spy, put the underlying driver in spy.properties -# e.g. oracle: oracle.jdbc.driver.OracleDriver -# e.g. hsqldb: org.hsqldb.jdbcDriver -# e.g. postgres: org.postgresql.Driver -# e.g. mssql: com.microsoft.sqlserver.jdbc.SQLServerDriver -hibernate.connection.driver_class = - - -hibernate.connection.autocommit = false - -# Use c3p0 connection pooling (since dbcp not supported in hibernate anymore) -# http://www.hibernate.org/214.html, http://www.hibernate.org/hib_docs/reference/en/html/session-configuration.html -hibernate.c3p0.max_size 16 -hibernate.c3p0.min_size 0 -#seconds -hibernate.c3p0.timeout 100 -hibernate.c3p0.max_statements 0 -hibernate.c3p0.idle_test_period 100 -hibernate.c3p0.acquire_increment 1 -hibernate.c3p0.validate false - -#What to do if there are connection problems - see http://www.mchange.com/projects/c3p0/index.html#configuration_properties -#These settings are designed to cause exceptions sooner rather than later so end users are not left with a hanging UI. Once the database -#is available again a connection will be made witout further intervention -#If tou get intermittent connection problems in the UI even though the database is OK try increasing the max_size setting above and -#tune the settings below -hibernate.c3p0.acquireRetryAttempts=2 -hibernate.c3p0.acquireRetryDelay=500 -hibernate.c3p0.checkoutTimeout=30000 - -hibernate.jdbc.use_streams_for_binary = true - -hibernate.max_fetch_depth = 1 - -hibernate.show_sql = false - -hibernate.jdbc.batch_size 20 http://git-wip-us.apache.org/repos/asf/airavata/blob/82e57526/modules/group-manager/src/main/resources/grouper.hibernate.properties ---------------------------------------------------------------------- diff --git a/modules/group-manager/src/main/resources/grouper.hibernate.properties b/modules/group-manager/src/main/resources/grouper.hibernate.properties deleted file mode 100755 index d119c3f..0000000 --- a/modules/group-manager/src/main/resources/grouper.hibernate.properties +++ /dev/null @@ -1,10 +0,0 @@ -hibernate.connection.url = jdbc:mysql://localhost:3306/grouper - -hibernate.connection.username =root -# If you are using an empty password, depending upon your version of -# Java and Ant you may need to specify a password of "". -# Note: you can keep passwords external and encrypted: https://bugs.internet2.edu/jira/browse/GRP-122 -hibernate.connection.password = - -hibernate.cache.use_second_level_cache=true -hibernate.cache.region.factory_class=org.hibernate.cache.ehcache.EhCacheRegionFactory \ No newline at end of file http://git-wip-us.apache.org/repos/asf/airavata/blob/82e57526/modules/group-manager/src/main/resources/grouper.properties ---------------------------------------------------------------------- diff --git a/modules/group-manager/src/main/resources/grouper.properties b/modules/group-manager/src/main/resources/grouper.properties deleted file mode 100755 index 1cc0805..0000000 --- a/modules/group-manager/src/main/resources/grouper.properties +++ /dev/null @@ -1,1017 +0,0 @@ -# -# Copyright 2014 Internet2 -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -# -# Grouper Configuration -# $Id: grouper.example.properties,v 1.48 2009-12-16 06:02:30 mchyzer Exp $ -# - -# Grouper uses Grouper Configuration Overlays (documented on wiki) -# By default the configuration is read from grouper.base.properties -# (which should not be edited), and the grouper.properties overlays -# the base settings. See the grouper.base.properties for the possible -# settings that can be applied to the grouper.properties - - -######################################## -## Config chaining hierarchy -######################################## - -# comma separated config files that override each other (files on the right override the left) -# each should start with file: or classpath: -# e.g. classpath:grouper.example.properties, file:c:/something/myconfig.properties -grouper.config.hierarchy = classpath:grouper.base.properties, classpath:grouper.properties - -# seconds between checking to see if the config files are updated -grouper.config.secondsBetweenUpdateChecks = 60 - - -######################################## -## General settings -######################################## - -# in cases where grouper is logging or emailing, it will use this to differentiate test vs dev vs prod -grouper.env.name = - -#put the URL which will be used e.g. in emails to users. include the webappname at the end, and nothing after that. -#e.g. https://server.school.edu/grouper/ -grouper.ui.url = - -# tmp dir to use, will set this to the env var for tmp dir during cache operations... -# note, if you are using a backslash, you need to escape it with another, e.g. c:\\temp -# see the temp dir in logs with this in log4j.properties -# log4j.logger.edu.internet2.middleware.grouper.util.GrouperUtil = INFO -grouper.tmp.dir = - -# main stem for grouper built in objects -# Note: there are more locations to change than just this -grouper.rootStemForBuiltinObjects = etc - -####################################### -## inititalization and configuration settings -####################################### - -#if grouper should auto init the registry if not initted (i.e. insert the root stem, built in fields, etc) -#defaults to true -registry.autoinit = true - -#if grouper should try and detect and log configuration errors on startup -#in general this should be true, unless the output is too annoying or if it is causing a problem -configuration.detect.errors = true - -#if the startup message should display -configuration.display.startup.message = true - -#if groups like the wheel group should be auto-created for convenience (note: check config needs to be on) -configuration.autocreate.system.groups = false - -#auto-create groups (increment the integer index), and auto-populate with users -#(comma separated subject ids) to bootstrap the registry on startup -#(note: check config needs to be on) -#configuration.autocreate.group.name.0 = etc:uiUsers -#configuration.autocreate.group.description.0 = users allowed to log in to the UI -#configuration.autocreate.group.subjects.0 = johnsmith - -# if should check java version and make sure ok -configuration.checkJavaVersion = true - -# if should check database and utf in new thread -configuration.checkDatabaseAndUtf.inNewThread = true - -# if grouper should check to see if the database has case sensitive selects -configuration.detect.db.caseSensitive.problems = true -configuration.display.db.caseSensitive.success.message = false - -# if grouper should check to see if utf-8 works on startup in files -configuration.detect.utf8.file.problems = true -# if grouper should check to see if utf-8 works on startup in the database -configuration.detect.utf8.problems = true -configuration.display.utf8.success.message = false - -# if grouper in the utf8 check will check to see if grouper supports transaction -configuration.detect.db.transaction.problems = true -configuration.display.transaction.success.message = false - -################################### -## security settings -################################### - -# If set to _true_, the ALL subject will be granted that privilege on -# each new group that is created. Note, you can override the default -# checkboxes on screen of UI in media.properties. -groups.create.grant.all.optin = false -groups.create.grant.all.optout = false -groups.create.grant.all.read = false -groups.create.grant.all.view = false -groups.create.grant.all.groupAttrRead = false - -# If set to _true_, the ALL subject will be granted that privilege on -# each new stem that is created. -stems.create.grant.all.create = false -stems.create.grant.all.stemAdmin = false -stems.create.grant.all.stemAttrRead = false -stems.create.grant.all.stemAttrUpdate = false - -# If set to _true_, the ALL subject will be granted that privilege on -# each new attributeDef that is created. -attributeDefs.create.grant.all.attrAdmin = false -attributeDefs.create.grant.all.attrOptin = false -attributeDefs.create.grant.all.attrOptout = false -attributeDefs.create.grant.all.attrRead = false -attributeDefs.create.grant.all.attrUpdate = false -attributeDefs.create.grant.all.attrView = false -attributeDefs.create.grant.all.attrDefAttrRead = false -attributeDefs.create.grant.all.attrDefAttrUpdate = false - -# if set to true, then the ALL subject will be granted view on new entities -entities.create.grant.all.view = false - - -# A wheel group allows you to enable non-GrouperSystem subjects to act -# like a root user when interacting with the registry. -groups.wheel.use = false - -# Set to the name of the group you want to treat as the wheel group. -# The members of this group will be treated as root-like users. -groups.wheel.group = etc:sysadmingroup - -# A viewonly wheel group allows you to enable non-GrouperSystem subjects to act -# like a root user when viewing the registry. -groups.wheel.viewonly.use = false - -# Set to the name of the group you want to treat as the viewonly wheel group. -# The members of this group will be treated as root-like users when viewing objects. -groups.wheel.viewonly.group = etc:sysadminViewersGroup - -# A readonly wheel group allows you to enable non-GrouperSystem subjects to act -# like a root user when reading the registry. -groups.wheel.readonly.use = false - -# Set to the name of the group you want to treat as the readonly wheel group. -# The members of this group will be treated as root-like users when reading objects. -groups.wheel.readonly.group = etc:sysadminReadersGroup - - -# To change the internal names for GrouperAll and GrouperSystem -# uncomment and change. Review UI nav.properties to ensure consistency -subject.internal.grouperall.name = EveryEntity -subject.internal.groupersystem.name = GrouperSysAdmin - -# Search and sort strings for internal users -internalSubjects.searchAttribute0.el = ${subject.name},${subject.id} -internalSubjects.sortAttribute0.el = ${subject.name} - - -#by default, anyone with admin rights on a group can edit the types or attributes -#specify types (related attributes will also be protected) which are wheel only, or restricted to a certain group -#security.types.typeName.wheelOnly = true -security.types.grouperLoader.wheelOnly = true -security.types.grouperGroupMembershipSettings.wheelOnly = true - -#security.types.typeName.allowOnlyGroup = etc:someAdminGroup - - -# If this property is set, then to move a stem, in addition to having the appropriate stem privileges for the stem being moved and the destination stem, -# a user must also be a member of the defined group. Note that users in the wheel group will have access regardless of this property. -#security.stem.groupAllowedToMoveStem = etc:someAdminGroup - -# If this property is set, then to rename a stem, in addition to having the appropriate stem privilege for the stem being renamed, -# a user must also be a member of the defined group. Note that users in the wheel group will have access regardless of this property. -#security.stem.groupAllowedToRenameStem = etc:someAdminGroup - -# If this property is set, then to copy a stem, a user must be a member of the defined group. Note that users in the wheel group will have access regardless of this property. -#security.stem.groupAllowedToCopyStem = etc:someAdminGroup - -# By default, all users have access to sort using any of the sort strings in the member table and search using any of the search strings in the member table. -# You can restrict to wheel only or to a certain group. -#security.member.sort.string0.allowOnlyGroup = etc:someGroup -#security.member.sort.string1.allowOnlyGroup = etc:someGroup -#security.member.sort.string2.wheelOnly = true -#security.member.sort.string3.wheelOnly = true -#security.member.sort.string4.wheelOnly = true -#security.member.search.string0.allowOnlyGroup = etc:someGroup -#security.member.search.string1.allowOnlyGroup = etc:someGroup -#security.member.search.string2.wheelOnly = true -#security.member.search.string3.wheelOnly = true -#security.member.search.string4.wheelOnly = true - - -################################### -## Member sort and search -################################### - -# Attributes of members are kept in the grouper_members table to allow easy sorting and searching (for instance when listing group members). -# When performing a sort or search and an index is not specified, then a default index will be used as configured below. The value is comma-separated, -# so that if the user does not have access to the first index, then next will be tried and so forth. -# Note: all sources should have attributes configured for all default indexes. -member.search.defaultIndexOrder=0 -member.sort.defaultIndexOrder=0 - - -################################### -## whitelist (allow) and blacklist (deny) for db/ldap data or object deletes, without prompting the user to confirm -## if a listing is in the whitelist (allow), it will be allowed to delete db/ldap -## if a listing is in the blacklist (deny), it will be denied from deleting db/ldap -## multiple inputs can be entered with .0, .1, .2, etc. These numbers must be sequential, starting with 0 -################################### - -db.change.allow.user.0=sa -db.change.allow.url.0=jdbc:hsqldb:hsql://localhost:9001/grouper -db.change.allow.user.1=grouper1 -db.change.allow.url.1=jdbc:mysql://localhost:3306/grouper1 - -db.change.deny.user.0=grouper2 -db.change.deny.url.0=jdbc:mysql://localhost:3306/grouper2 - -# db.change.allow.user.2=uid=admin,ou=system -# db.change.allow.url.2=ldap://localhost:10389 - -# if should give error when detect driver mismatch (set to false if using an -# unknown driver, and tell the grouper team so we can add to list) -db.log.driver.mismatch = true - -################################### -## Grouper include / exclude and requireGroups -## If enabled, will make sure the Type is installed, and when that type is -## applied to a group, it will auto-create the other groups needed to manage the include and exclude lists -## see: https://bugs.internet2.edu/jira/browse/GRP-178 -## the naming settings below are only used when the type is applied to a group, will not affect -## existing include/exclude groups -################################### - -#if the addIncludeExclude and requireInGroups should be enabled, and if the type(s) should be -#auto-created, and used to auto create groups to facilitate include and exclude lists, and require lists -grouperIncludeExclude.use = false -grouperIncludeExclude.requireGroups.use = false - -#for requireGroups (groups that the members must be to be in the overall group). name is the name of the attribute or type -#attributeOrType is either attribute for an attribute underneath the requireInGroups type, or type to be a top level type -#group is the group to be anded in. note attributes are a global namespace, so you might want to use a naming convention, -#e.g. prefix with "require". description is the tooltip. add as many as you like. -#grouperIncludeExclude.requireGroup.name.0 = requireActiveEmployee -#grouperIncludeExclude.requireGroup.attributeOrType.0 = type -#grouperIncludeExclude.requireGroup.group.0 = school:community:activeEmployee -#grouperIncludeExclude.requireGroup.description.0 = If value is true, members of the overall group must be an active employee (in the school:community:activeEmployee group). Otherwise, leave this value not filled in. - -#grouperIncludeExclude.requireGroup.name.1 = requireActiveStudent -#grouperIncludeExclude.requireGroup.attributeOrType.1 = attribute -#grouperIncludeExclude.requireGroup.group.1 = school:community:activeStudent -#grouperIncludeExclude.requireGroup.description.1 = If value is true, members of the overall group must be an active student (in the school:community:activeStudent group). Otherwise leave this value not filled in. - - -# set some names and tooltips -grouperIncludeExclude.type.name = addIncludeExclude -grouperIncludeExclude.tooltip = Select this type to auto-create other groups which facilitate having include and exclude list - -grouperIncludeExclude.requireGroups.type.name = requireInGroups -grouperIncludeExclude.requireGroups.tooltip = Select this type to auto-create other groups which set up group math so that other groups can be required for membership (e.g. activeEmployee) - -#leave grouperIncludeExclude.andGroups.attributeName blank if you dont want to use this attribute... -#though if you were using it, it wont remove already configured groups -grouperIncludeExclude.requireGroups.attributeName = requireAlsoInGroups -grouperIncludeExclude.requireGroups.attribute.tooltip = Enter in comma separated group path(s). An entity must be in these groups for it to be in the overall group. e.g. stem1:stem2:group1, stem1:stem3:group2 - -#suffixes for various include/exclude groups (can use ${space} for space). -#note, these should uniquely identify various parts of the include/exclude. -#i.e. if the grouperIncludeExclude type is applied to a group with a suffix of the include suffix, -#the other groups will not be created... -grouperIncludeExclude.systemOfRecord.extension.suffix = _systemOfRecord -grouperIncludeExclude.include.extension.suffix = _includes -grouperIncludeExclude.exclude.extension.suffix = _excludes -grouperIncludeExclude.systemOfRecordAndIncludes.extension.suffix = _systemOfRecordAndIncludes -grouperIncludeExclude.includesMinusExcludes.extension.suffix = _includesMinusExcludes -#note, put a ${i} in there for where the 1 based index will go -grouperIncludeExclude.requireGroups.extension.suffix = _requireGroups${i} - -#suffixes for various include/exclude groups (can use ${space} for space) -grouperIncludeExclude.systemOfRecord.displayExtension.suffix = ${space}system of record -grouperIncludeExclude.include.displayExtension.suffix = ${space}includes -grouperIncludeExclude.exclude.displayExtension.suffix = ${space}excludes -grouperIncludeExclude.systemOfRecordAndIncludes.displayExtension.suffix = ${space}system of record and includes -grouperIncludeExclude.includesMinusExcludes.displayExtension.suffix = ${space}includes minus excludes -#note, put a ${i} in there for where the 1 based index will go -grouperIncludeExclude.requireGroups.displayExtension.suffix = ${space}requireGroups ${i} - -#can use ${extension} as the group extension, or ${displayExtension} for group display extension -grouperIncludeExclude.overall.description = Group containing list of ${displayExtension} after adding the includes and subtracting the excludes -grouperIncludeExclude.systemOfRecord.description = Group containing list of ${displayExtension} (generally straight from the system of record) without yet considering manual include or exclude lists -grouperIncludeExclude.include.description = Group containing manual list of includes for group ${displayExtension} which will be added to the system of record list (unless the subject is also in the excludes group) -grouperIncludeExclude.exclude.description = Group containing manual list of excludes for group ${displayExtension} which will not be in the overall group -grouperIncludeExclude.systemOfRecordAndIncludes.description = Internal utility group for group ${displayExtension} which facilitates the group math for the include and exclude lists -grouperIncludeExclude.includesMinusExclude.description = Internal utility group for group ${displayExtension} which facilitates includes, excludes, and required groups (e.g. activeEmployee) -#note, put a ${i} in there for where the 1 based index will go -grouperIncludeExclude.requireGroups.description = Internal utility group for group ${displayExtension} which facilitates required groups (e.g. activeEmployee) - - -################################### -## Subject settings -################################### - -# if finding across multiple threadable sources, use threads to do the work faster -subjects.allPage.useThreadForkJoin = false - -# if finding across multiple threadable sources, use threads to do the work faster -subjects.idOrIdentifier.useThreadForkJoin = false - -# if the creator and last updater should be group subject attributes (you get -# a performance gain if you set to false, but if true you can see subject id from UI in 2.0 -subjects.group.useCreatorAndModifierAsSubjectAttributes = true - -# customize subjects by implementing this interface: edu.internet2.middleware.grouper.subj.SubjectCustomizer -# or extending this class: edu.internet2.middleware.grouper.subj.SubjectCustomizerBase (recommended) -# note the instance will be reused to make sure it is threadsafe -subjects.customizer.className = - -# if we should use a root session if one isnt started for subject lookups (behavior in v2.0- -subjects.startRootSessionIfOneIsntStarted = false - -################################### -## Hooks -## You can register multiple classes for one hook base class by comma separating the hooks implementations -## You can also register hooks at runtime with: -## GrouperHookType.addHookManual("hooks.group.class", YourSchoolGroupHooks2.class); -################################### - -#implement a group attribute hook by extending edu.internet2.middleware.grouper.hooks.AttributeHooks -#hooks.attribute.class=edu.yourSchool.it.YourSchoolGroupHooks,edu.yourSchool.it.YourSchoolGroupHooks2 - -#implement an attribute def hook by extending edu.internet2.middleware.grouper.hooks.AttributeDefHooks -#hooks.attributeDef.class=edu.yourSchool.it.YourSchoolAttributeDefHooks,edu.yourSchool.it.YourSchoolAttributeDefHooks2 - -#implement an attribute def name hook by extending edu.internet2.middleware.grouper.hooks.AttributeDefNameHooks -#hooks.attributeDefName.class=edu.yourSchool.it.YourSchoolAttributeDefNameHooks,edu.yourSchool.it.YourSchoolAttributeDefNameHooks2 - -#implement an attribute assign hook by extending edu.internet2.middleware.grouper.hooks.AttributeAssignHooks -#hooks.attributeAssign.class=edu.yourSchool.it.YourSchoolAttributeAssignHooks,edu.yourSchool.it.YourSchoolAttributeAssignHooks2 - -#implement an attribute assign hook by extending edu.internet2.middleware.grouper.hooks.AttributeAssignValueHooks -#hooks.attributeAssignValue.class=edu.yourSchool.it.YourSchoolAttributeAssignValueHooks,edu.yourSchool.it.YourSchoolAttributeAssignValueHooks2 - -#implement a group hook by extending edu.internet2.middleware.grouper.hooks.GroupHooks -#hooks.group.class=edu.yourSchool.it.YourSchoolGroupHooks,edu.yourSchool.it.YourSchoolGroupHooks2 - -#implement a grouper lifecycle hook by extending edu.internet2.middleware.grouper.hooks.LifecycleHooks -#hooks.lifecycle.class=edu.yourSchool.it.YourSchoolLifecycleHooks - -#implement a membership hook by extending edu.internet2.middleware.grouper.hooks.MembershipHooks -#hooks.membership.class=edu.yourSchool.it.YourSchoolMembershipHooks - -#implement a member hook by extending edu.internet2.middleware.grouper.hooks.MemberHooks -#hooks.member.class=edu.yourSchool.it.YourSchoolMemberHooks - -#implement a stem hook by extending edu.internet2.middleware.grouper.hooks.StemHooks -#hooks.stem.class=edu.yourSchool.it.YourSchoolStemHooks - -#implement a composite hook by extending edu.internet2.middleware.grouper.hooks.CompositeHooks -#hooks.composite.class=edu.yourSchool.it.YourSchoolCompositeHooks - -#implement a field hook by extending edu.internet2.middleware.grouper.hooks.FieldHooks -#hooks.field.class=edu.yourSchool.it.YourSchoolFieldHooks - -#implement a grouperSession hook by extending edu.internet2.middleware.grouper.hooks.GrouperSessionHooks -#hooks.grouperSession.class=edu.yourSchool.it.YourSchoolGrouperSessionHooks - -#implement a groupType hook by extending edu.internet2.middleware.grouper.hooks.GroupTypeHooks -#hooks.groupType.class=edu.yourSchool.it.YourSchoolGroupTypeHooks - -#implement a groupTypeTuple hook by extending edu.internet2.middleware.grouper.hooks.GroupTypeTupleHooks -#hooks.groupTypeTuple.class=edu.yourSchool.it.YourSchoolGroupTypeTupleHooks - -#implement a loader hook by extending edu.internet2.middleware.grouper.hooks.LoaderHooks -#hooks.loader.class=edu.yourSchool.it.YourSchoolLoaderHooks - -#implement an external subject hook by extending edu.internet2.middleware.grouper.hooks.ExternalSubjectHooks -#hooks.externalSubject.class=edu.yourSchool.it.YourSchoolExternalSubjectHooks - -################################### -## Rules -################################### - -# Rules users who are in the following group can use the actAs field to act as someone else -# You can put multiple groups separated by commas. e.g. a:b:c, e:f:g -# You can put a single entry as the group the calling user has to be in, and the grouper the actAs has to be in -# separated by 4 colons -# e.g. if the configured values is: a:b:c, e:f:d :::: r:e:w, x:e:w -# then if the calling user is in a:b:c or x:e:w, then the actAs can be anyone -# if not, then if the calling user is in e:f:d, then the actAs must be in r:e:w. If multiple rules, then -# if one passes, then it is a success, if they all fail, then fail. -rules.act.as.group = - -# any actAs subject in this group has access to more objects when the EL fires on -# the IF or THEN EL clause -rules.accessToApiInEl.group = - -# cache the decision to allow a user to actAs another, so it doesnt have to be calculated each time -# defaults to 30 minutes -rules.act.as.cache.minutes = 30 - -# uuids (comma separated) of the attribute assign record which is the rule type to the owner object -# e.g. SELECT gaagv.attribute_assign_id FROM grouper_attr_asn_group_v gaagv WHERE gaagv.attribute_def_name_name LIKE '%:rule' AND gaagv.group_name = 'stem:a' -# make sure log info level is set for RuleEngine -# log4j.logger.edu.internet2.middleware.grouper.rules.RuleEngine = INFO -rules.attributeAssignTypeIdsToLog = abc1234abc123, def456def345 - -# if this is true, then log a lot of info about why rules do or do not fire... only turn on temporarily -# since it takes a lot of resources... note you need log DEBUG set for the rules engine in log4j.properties too e.g. -# log4j.logger.edu.internet2.middleware.grouper.rules = DEBUG -rules.logWhyRulesDontFire = false - -# put in fully qualified classes to add to the EL context. Note that they need a default constructor -# comma separated. The alias will be the simple class name without a first cap. -# e.g. if the class is test.Test the alias is "test" -rules.customElClasses = - -# If the CHECK, IF, and THEN are all exactly what is needed for managing inherited stem privileges -# Then allow an actAs GrouperSystem in source g:isa -rules.allowActAsGrouperSystemForInheritedStemPrivileges = - -# If not blank, then keep email templates in this folder instead of classpath -# If in classpath, it is classpath: grouperRulesEmailTemplates/someTemplate.txt -rules.emailTemplatesFolder = - - -################################### -## Group attribute validation via regex -## You can attach a regex to an attribute name (including built ins) -## If none are registered, the built in hook will not be enabled -## The built ins are description, displayName, extension, displayExtension, name -## Configure a group.attribute.validator.attributeName.X for attribute name -## group.attribute.validator.regex.X for the regex -## group.attribute.validator.vetoMessage.X for the veto message (can contain the variable $attributeValue$ which will substitute) -## the X must be a sequential integer which groups the config entries together. -## do not repeat two config entries -################################### - -#Attach a regex validator by attribute name -#group.attribute.validator.attributeName.0=extension -#group.attribute.validator.regex.0=^[a-zA-Z0-9]+$ -#group.attribute.validator.vetoMessage.0=Group ID '$attributeValue$' is invalid since it must contain only alpha-numerics -# -#group.attribute.validator.attributeName.1=displayExtension -#group.attribute.validator.regex.1=^[a-zA-Z0-9 ]+$ -#group.attribute.validator.vetoMessage.1=Group name '$attributeValue$' is invalid since it must contain only alpha-numerics or spaces - -##################################### -## Audit settings -##################################### - -# if set to true, then exceptions will be thrown if any actions are not audited... exceptions -# should not be thrown since everything should be audited, so this is a switch to make it absorb -# errors if there is a problem (will be logged instead if second param is true) -audit.requireAuditsForAllActions = false -audit.logAuditsForMissingActions = false - -##################################### -## Change log settings -##################################### - -# if we should insert records into grouper_change_log_temp when events happen -# defaults to true. Note, it is not currently supported to set this to false... -changeLog.enabled = true - - -##################################### -## Settings to track last membership changes for groups and stems. -##################################### - -# If true, when an immediate membership changes for a group (either a privilege or a list member), -# then an update will be made to the lastImmediateMembershipChange property for the group. -groups.updateLastImmediateMembershipTime = false - -# If true, when an immediate, composite, or effective membership changes for a group (either a privilege or a list member), -# then an update will be made to the lastMembershipChange property for the group. -groups.updateLastMembershipTime = false - -# If true, when an immediate or effective membership changes for a stem (this would be a naming privilege), -# then an update will be made to the lastMembershipChange property for the stem. -stems.updateLastMembershipTime = false - - -##################################### -## Database structure data definition language (DDL) settings -##################################### - -# Grouper DOES NOT WORK WITHOUT NESTED TRANSACTIONS! This config parameter doesnt exist -#ddlutils.use.nestedTransactions = true - -# ddlutils db name will be set by default, you can override it here, it must be one of: -# axion, cloudscape, db2, db2v8, derby, firebird, hsqldb, interbase, maxdb, mckoi, -# mssql, mysql, mysql5, oracle, oracle10, oracle9, postgresql, sapdb, sybase, sybasease15, -# -#ddlutils.dbname.override = oracle10 - -# if you want to not create the subject tables (grouper examples for unit testing), -# then set this to true -ddlutils.exclude.subject.tables = false - -# set the path where ddl scripts are generated (they will be uniquely named in this directory). -# if blank, the directory used will be the current directory -ddlutils.directory.for.scripts = ddlScripts - -# during schema export, should it install grouper data also or not. e.g. insert the root stem, default true -ddlutils.schemaexport.installGrouperData = true - -# when grouper starts, should it shut down if not right version? -ddlutils.failIfNotRightVersion = true - -# after you have converted id's, and are happy with the conversion of removing the uuid col, -# this will remove the backup uuid cols when running the gsh command: gsh -registry -deep -ddlutils.dropBackupUuidCols = false - -# after you have converted field id foreign keys, and are happy with the conversion of removing the attribute name, -# membership list name, and type cols, -# this will remove the backup field name/type cols when running the gsh command: gsh -registry -deep -ddlutils.dropBackupFieldNameTypeCols = false - -# before the group name etc was moved to the grouper_groups table, the attributes table -# was backed up. If it should not be backed up, or if the upgrade is done and works, then it can -# be removed, set to true, run: gsh -registry -deep -ddlutils.dropAttributeBackupTableFromGroupUpgrade = false - -# Since grouper_memberships no longer has effective memberships, that table doesn't need via_id, -# depth and parent_membership. If they were converted, this will drop the backup of those cols with: gsh -registry -deep -ddlutils.dropMembershipBackupColsFromOwnerViaUpgrade = false - -# After legacy attributes are converted, the backed up tables can be dropped with: gsh -registry -deep -ddlutils.dropLegacyAttributes = false - -# this is the schema ddlutils uses to query metadata with jdbc. usually this can be omitted, -# and it defaults to your database loginid, however, in postgres, it can be different, so enter here -# in sql server, it might need to be: dbo -#ddlutils.schema = public - -#if you are running a DB that supports them, but you dont want them, disable comments here (defaults to false) -ddlutils.disableComments = false - -#set to true and we wont subsitute varchar 4000 for text in mysql (wont work in innodb utf-8 databases -ddlutils.dontSubstituteVarchar4000forTextMysql = false - -##################################### -## mail settings (optional, e.g. for daily report form loader) -##################################### - -#smtp server is a domain name or dns name. set to "testing" if you want to log instead of send (e.g. for testing) -#mail.smtp.server = whatever.school.edu - -#leave blank if unauthenticated -#mail.smtp.user = - -#leave blank if unauthenticated -#mail.smtp.pass = - -#leave blank or false for no ssl, true for ssl -#mail.smtp.ssl = - -#leave blank for default (probably 25), if ssl is true, default is 465, else specify -#mail.smtp.port = - -#this is the default email address where mail from grouper will come from -#mail.from.address = [email protected] - -#this is the subject prefix of emails, which will help differentiate prod vs test vs dev etc -#mail.subject.prefix = TEST: - -#when running junit tests, this is the address that will be used -#mail.test.address = [email protected] - -##################################### -## misc settings which probably dont need to be changed -##################################### - -dao.factory = edu.internet2.middleware.grouper.internal.dao.hib3.Hib3DAOFactory - -# if tables that are hibernated should have optimistic locking or not (assumes the data layer supports this, hibernate does) -dao.optimisticLocking = true - -# set the API as readonly (e.g. during upgrades). Any updates will throw an exception -grouper.api.readonly = false - -# When searching for memberships using the getMemberships WS (or underlying API call), limit the number of memberships -# which can be returned, else throws exception. -1 means dont check. -ws.getMemberships.maxResultSize = 30000 - -# When searching for attribute assignments using the getAttributeAssignments WS (or underlying API call), limit the number of assignments -# which can be returned, else throws exception. -1 means dont check. -ws.findAttrAssignments.maxResultSize = 30000 - -# When searching attribute def names, this is max size -findAllAttributeDefNames.maxResultSize = 30000 - -# create the type and attribuute for membership lite ui config by group -membershipUpdateLiteTypeAutoCreate = false - -grouper.tableIndex.group.minIndex = 10000 -grouper.tableIndex.stem.minIndex = 10000 -grouper.tableIndex.attributeDef.minIndex = 10000 -grouper.tableIndex.attributeDefName.minIndex = 10000 - -# verify that table indexes are set and the pointers are ok, incurs a bit of overhead to grouper startup -grouper.tableIndex.verifyOnStartup = true - -# in different circumstances, retrieve a different number of IDs at once. -# if it is a system where the JVM is starting and stopping (e.g. GSH), then -# dont reserve that many at once -grouper.tableIndex.reserveIdsGsh = 1 -grouper.tableIndex.reserveIdsDefault = 10 -grouper.tableIndex.reserveIdsLoader = 10 -grouper.tableIndex.reserveIdsWs = 10 -grouper.tableIndex.reserveIdsUi = 10 - -# group who can assign id index cols (also, wheel or root is allowed) -grouper.tableIndex.groupWhoCanAssignIdIndex = etc:canAssignIdIndex - -# number of bytes in DB that a non ascii char takes -grouper.nonAsciiCharDbBytesLength = 3 - -# cache size for jexl expressions -jexl.cacheSize = 1024 - -# when reading writing files from util classes, this is encoding (was ISO-8859-1) -grouper.default.fileEncoding = UTF-8 - - -##################################### -## testing settings -##################################### - -# if the ldappc tests should be included when running all tests (default false) -junit.test.ldappc = false - -# if the loader tests should be included when running all tests (default true) -junit.test.loader = true - -# if the ddl tests should be included when running all tests (default true) -junit.test.ddl = true - -# if the gsh tests should be included when running all tests (default false) -junit.test.gsh = false - -# if the stress tests should be included when running all tests (default false) -junit.test.stress = false - -# if the external subject tests should be included when running all tests, note you need the jabber attribute in the view (default false) -junit.test.externalSubjects = false - -# if the group sync should be tested... note you need the demo server available to test this, or change some settings... -junit.test.groupSync = false -junit.test.groupSync.url = https://grouperdemo.internet2.edu/grouper-ws_v2_0_0/servicesRest -junit.test.groupSync.user = remoteUser -junit.test.groupSync.password = R:/pass/grouperDemoRemoteUser.pass -#folder where the user can create/stem which the user can use to run tests -junit.test.groupSync.folder = test2:whateverFolder -#this is true unless testing to an older grouper which doesnt support this -junit.test.groupSync.pushAddExternalSubjectIfNotExist = true -junit.test.groupSync.createRemoteFolderIfNotExist = true -junit.test.groupSync.remoteSourceId = grouperExternal -junit.test.groupSync.remoteReadSubjectId = identifier -junit.test.groupSync.remoteWriteSubjectId = identifier - - -##################################### -## attribute framework -##################################### - -# root stem in grouper where built in attributes are put -grouper.attribute.rootStem = etc:attribute - -# comma separated names of attribute defs will not be audited or change log or point in time -grouper.attribute.namesOfAttributeDefsToIgnoreAuditsChangeLogPit.elConfig = ${edu.internet2.middleware.grouper.cfg.GrouperConfig.retrieveConfig().propertyValueStringRequired('grouper.attribute.rootStem')}:userData:grouperUserDataValueDef - -# if the attribute loader attributes, and other attributes should be autoconfigured (created, etc) -grouper.attribute.loader.autoconfigure = true - -##################################### -## centrally managed permissions -##################################### - -# if the permissions limits should be readable and updatable by GrouperAll (set when created)... -grouper.permissions.limits.builtin.createAs.public = true - -# if the permissions limits should be readable and updatable by GrouperAll (set when created)... -grouper.permissions.limits.builtin.displayExtension.limitAmountLessThan = amount less than -grouper.permissions.limits.builtin.displayExtension.limitAmountLessThanOrEqual = amount less than or equal to -grouper.permissions.limits.builtin.displayExtension.limitExpression = Expression -grouper.permissions.limits.builtin.displayExtension.limitIpOnNetworkRealm = ipAddress on network realm -grouper.permissions.limits.builtin.displayExtension.limitIpOnNetworks = ipAddress on networks -grouper.permissions.limits.builtin.displayExtension.limitLabelsContain = labels contains -grouper.permissions.limits.builtin.displayExtension.limitWeekday9to5 = Weekday 9 to 5 - - -# el classes to add to the el context for a limitExpression. Comma-separated fully qualified classnames -grouper.permissions.limits.el.classes = - -# permission limits linked to subclasses of edu.internet2.middleware.grouper.permissions.limits.PermissionLimitBase -#grouper.permissions.limits.logic.someName.limitName = -#grouper.permissions.limits.logic.someName.logicClass = - -# if you are doing ip address limits, you can put realms here -# grouper.permissions.limits.realm.someName = 1.2.3.4/24, 2.3.4.5/16 - -##################################### -## External subjects -##################################### - -#manages the description of a user automatically -externalSubjects.desc.el = ${grouperUtil.appendPrefixIfStringNotBlank('[unverifiedInfo]', ' ', grouperUtil.appendIfNotBlankString(externalSubject.name, ' - ', externalSubject.institution))} [externalUserID] ${externalSubject.identifier} - -#search and sort strings added to member objects -externalSubjects.searchAttribute0.el = ${subject.name},${subjectUtils.defaultIfBlank(subject.getAttributeValue("institution"), "")},${subjectUtils.defaultIfBlank(subject.getAttributeValue("identifier"), "")},${subject.id},${subjectUtils.defaultIfBlank(subject.getAttributeValue("email"), "")} -externalSubjects.sortAttribute0.el = ${subject.name} -externalSubjects.sortAttribute1.el = ${subjectUtils.defaultIfBlank(subject.getAttributeValue("identifier"), "")} -externalSubjects.sortAttribute2.el = ${subjectUtils.defaultIfBlank(subject.getAttributeValue("institution"), "")} - -# false if the description should be managed via EL (config above) -externalSubjects.desc.manual = false - -# quartz cron where subjects are recalculated if necessary (empty means dont run), e.g. everyday at 3am -externalSubjects.calc.fields.cron = 0 0 3 * * ? - -externalSubjects.name.required = true -externalSubjects.email.required = false -externalSubjects.email.enabled = true - -# these field names (uuid, institution, identifier, uuid, email, name) or attribute names -# will be toLowered, and appended with comma separators. e.g. if you add attributes, add them here too -externalSubjects.searchStringFields = name, institution, identifier, uuid, email - -externalSubjects.institution.required = false -externalSubjects.institution.enabled = true - -# note, this must be only alphanumeric lower case or underscore -# (valid db column name, subject attribute name) -#externalSubjects.attributes.jabber.systemName = jabber -#externalSubjects.attributes.jabber.required = false -# comment on column in DB (no special characters allowed) -#externalSubjects.attributes.jabber.comment = The jabber ID of the user - -# if wheel or root can edit external users -externalSubjects.wheelOrRootCanEdit = true - -# group which is allowed to edit external users -externalSubjects.groupAllowedForEdit = - -# if the view on the external subjects should be created. -# turn this off if it doesnt compile, othrewise should be fine -externalSubjects.createView = true - -#name of external subject source, defaults to grouperExternal -externalSubject.sourceId = grouperExternal -externalSubject.sourceName = External Users - -# grouper can auto create a jdbc2 source for the external subjects -externalSubjects.autoCreateSource = true - -# put in fully qualified classes to add to the EL context. Note that they need a default constructor -# comma separated. The alias will be the simple class name without a first cap. -# e.g. if the class is test.Test the alias is "test" -externalSubjects.customElClasses = - -# change these to affect the storage where external subjects live (e.g. to store in ldap), -# must implement each respective storable interface -externalSubjects.storage.ExternalSubjectStorable.class = edu.internet2.middleware.grouper.externalSubjects.ExternalSubjectDbStorage -externalSubjects.storage.ExternalSubjectAttributeStorable.class = edu.internet2.middleware.grouper.externalSubjects.ExternalSubjectAttributeDbStorage - -# you can use the variables $newline$, $inviteLink$. Note, you need to change this default message... -externalSubjectsInviteDefaultEmail = Hello,$newline$$newline$This is an invitation to register at our site to be able to access our applications. This invitation expires in 7 days. Click on the link below and sign in with your InCommon credentials. If you do not have InCommon credentials you can register at a site like protectnetwork.org and use those credentials.$newline$$newline$$inviteLink$$newline$$newline$Regards. -# default subject for email -externalSubjectsInviteDefaultEmailSubject = Register to access applications - -# you can use the variables $newline$, $inviteeIdentifier$, $inviteeEmailAddress$. Note, you need to change this default message... -externalSubjectsNotifyInviterEmail = Hello,$newline$$newline$This is a notification that user $inviteeIdentifier$ from email address $inviteeEmailAddress$ has registered with the identity management service. They can now use applications at this institution.$newline$$newline$Regards. -externalSubjectsNotifyInviterSubject = $inviteeIdentifier$ has registered - -# numner of days after which this request will expire. If -1, then will not expire -externalSubjectsInviteExpireAfterDays = 7 - -#put some group names comma separated for groups to auto add subjects to -externalSubjects.autoaddGroups= -#should be insert, or update, or insert,update -externalSubjects.autoaddGroupActions=insert,update -#if a number is here, expire the group assignment after a certain number of days -externalSubjects.autoaddGroupExpireAfterDays= - -# add multiple group assignment actions by URL param: externalSubjectInviteName -#externalSubjects.autoadd.testingLibrary.externalSubjectInviteName=library - -# comma separated groups to add for this type of invite -#externalSubjects.autoadd.testingLibrary.groups= - -# should be insert, update, or insert,update -#externalSubjects.autoadd.testingLibrary.actions=insert,update - -# should be insert, update, or insert,update -#externalSubjects.autoadd.testingLibrary.expireAfterDays= - -#if registrations are only allowed if invited or existing... -externalSubjects.registerRequiresInvite=true - -#make sure the identifier when logging in is like an email address or eppn, e.g. [email protected] -externalSubjects.validateIndentiferLikeEmail=true - -#put regexes here, increment the 0 for multiple entries, e.g. restrict your own institution -#note, the extensions must be sequential (dont skip), regex e.g. ^.*@myschool\\.edu$ -externalSubjects.regexForInvalidIdentifier.0= - -##################################### -## org management -##################################### - -# if the orgs table(s) should be included in the DDL (includes the hierarchical table -orgs.includePocOrgsTablesInDdl = false - -# loader connection of the database where orgs are (grouper means the grouper db in grouper.hibernate.properties) -orgs.databaseName = grouper - -#table name of the org table (can prefix by schema name if you like) -orgs.orgTableName = grouperorgs_poc_orgs - -#column names of this table -orgs.orgIdCol = id -orgs.orgNameCol = org_name -orgs.orgDisplayNameCol = org_display_name -orgs.orgParentIdCol = parent_id - -#stem where the orgs are, e.g. poc:orgs -orgs.parentStemName = poc:orgs - -#org config name -orgs.configGroupName = poc:orgs:orgsConfig - -###################################### -## Grouper client connections -## if this grouper needs to talk to another grouper, this is the client connection information -###################################### - - -# id of the source, should match the part in the property name -#grouperClient.someOtherSchool.id = someOtherSchool - -# url of web service, should include everything up to the first resource to access -# e.g. https://groups.school.edu/grouperWs/servicesRest -#grouperClient.someOtherSchool.properties.grouperClient.webService.url = https://some.other.school.edu/grouperWs/servicesRest - -# login ID -#grouperClient.someOtherSchool.properties.grouperClient.webService.login = someRemoteLogin - -# password for shared secret authentication to web service -# or you can put a filename with an encrypted password -#grouperClient.someOtherSchool.properties.grouperClient.webService.password = ********* - -# client version should match or be related to the server on the other end... -#grouperClient.someOtherSchool.properties.grouperClient.webService.client.version = v2_0_000 - -# this is the subject to act as local, if blank, act as GrouperSystem, specify with SubjectFinder packed string, e.g. -# subjectIdOrIdentifier or sourceId::::subjectId or ::::subjectId or sourceId::::::subjectIdentifier or ::::::subjectIdentifier -# sourceId::::::::subjectIdOrIdentifier or ::::::::subjectIdOrIdentifier -#grouperClient.someOtherSchool.localActAsSubject = - -# the id of this source, generally the same as the name in the property name. This is mandatory -#grouperClient.someOtherSchool.source.jdbc.id = jdbc - -# the part between "grouperClient.someOtherSchool.source." and ".id" links up the configs, -# in this case, "jdbc", make sure it has no special chars. sourceId can be blank if you dont want to specify -#grouperClient.someOtherSchool.source.jdbc.local.sourceId = jdbc - -# this is the identifier that goes between them, it is "id" or an attribute name. subjects without this attribute will not be processed -#grouperClient.someOtherSchool.source.jdbc.local.read.subjectId = identifier - -# this is the identifier to lookup to add a subject, should be "id" or "identifier" or "idOrIdentifier" -#grouperClient.someOtherSchool.source.jdbc.local.write.subjectId = identifier - -# sourceId of the remote system, can be blank -#grouperClient.someOtherSchool.source.jdbc.remote.sourceId = jdbc - -# this is the identifier that goes between them, it is "id" or an attribute name. subjects without this attribute will not be processed -#grouperClient.someOtherSchool.source.jdbc.remote.read.subjectId = - -# this is the identifier to lookup to add a subject, should be "id" or "identifier" or "idOrIdentifier" -#grouperClient.someOtherSchool.source.jdbc.remote.write.subjectId = - - - - -###################################### -## Sync to/from another grouper -## Only sync one group to one other group, do not sync one group to -## two report groupers. If you need to do this, add the group to another group -###################################### - -# we need to know where our -# connection name in grouper client connections above -#syncAnotherGrouper.testGroup0.connectionName = someOtherSchool - -# incremental or push or pull or incremental_push. Note, incremental push is cron'ed and incremental (to make sure no discrepancies arise) -#syncAnotherGrouper.testGroup0.syncType = incremental_push - -# quartz cron to schedule the pull or push (incremental is automatic as events happen) (e.g. 5am daily) -#syncAnotherGrouper.testGroup0.cron = 0 0 5 * * ? - -# local group which is being synced -#syncAnotherGrouper.testGroup0.local.groupName = test:testGroup - -# remote group at another grouper which is being synced -#syncAnotherGrouper.testGroup0.remote.groupName = test2:testGroup2 - -# if subjects are external and should be created if not exist -#syncAnotherGrouper.testGroup0.addExternalSubjectIfNotFound = true - - - -################################### -## user data settings -################################### - -# amount of time to cache groups in use -grouperUserData.group.cache.seconds = 120 - - -###################################### -## Legacy attributes -###################################### -legacyAttribute.baseStem=etc:legacy:attribute -legacyAttribute.groupTypeDef.prefix=legacyGroupTypeDef_ -legacyAttribute.attributeDef.prefix=legacyAttributeDef_ -legacyAttribute.customListDef.prefix=legacyCustomListDef_ -legacyAttribute.groupType.prefix=legacyGroupType_ -legacyAttribute.attribute.prefix=legacyAttribute_ -legacyAttribute.customList.prefix=legacyCustomList_ -legacyAttributeMigration.useThreads = true -legacyAttributeMigration.threadPoolSize = 20 - - -###################################### -## Point in time audit -###################################### -pit.sync.useThreads = true -pit.sync.threadPoolSize = 20 - - -###################################### -## Stem sets -###################################### -stemSet.sync.useThreads = true -stemSet.sync.threadPoolSize = 20 - - -###################################### -## Group sets -###################################### -groupSet.sync.useThreads = true -groupSet.sync.threadPoolSize = 20 - -######################## -## LDAPProvisioningHook -######################## -#LDAPProvisioningHook.exclude.regex.0=.*_excludes$ -#LDAPProvisioningHook.exclude.regex.1=.*_includes$ -#LDAPProvisioningHook.exclude.regex.2=.*_systemOfRecord$ -#LDAPProvisioningHook.exclude.regex.3=.*_systemOfRecordAndIncludes$ - -######################################### -## Unresolvable Subject Deletion Utility -######################################### - -# Don't do anything if more than this number of unresolvable subjects are found -usdu.failsafe.maxUnresolvableSubjects = 200 - - -################# DIAGNOSTICS ################## -# In UI and WS - -#if ignore tests. Note, in job names, invalid chars need to be replaced with underscore (e.g. colon) -#anything in this regex: [^a-zA-Z0-9._-] -ws.diagnostic.ignore.memoryTest = false -ws.diagnostic.ignore.dbTest_grouper = false -ws.diagnostic.ignore.source_jdbc = false -ws.diagnostic.ignore.loader_CHANGE_LOG_changeLogTempToChangeLog = false - -#this is 52 hours... 48 for 2 days, and 4 more for the job to run. So if the warehouse is down for updates, -#then the daily job will not give an error -ws.diagnostic.defaultMinutesSinceLastSuccess = 3120 - -#change log can only for 30 minutes of failing before diagnostics fails -ws.diagnostic.defaultMinutesChangeLog = 30 - -#number of minute that can go by without a success before an error is thrown -ws.diagnostic.minutesSinceLastSuccess.loader_SQL_GROUP_LIST__aStem_aGroup2 = 60 - -#list groups which should check the size, in this case, "employee" or "students" in the key name is a variable -#ws.diagnostic.checkGroupSize.employees.groupName = community:employees -#ws.diagnostic.checkGroupSize.employees.minSize = 28000 - -#ws.diagnostic.checkGroupSize.students.groupName = community:students -#ws.diagnostic.checkGroupSize.students.minSize = 18000 - http://git-wip-us.apache.org/repos/asf/airavata/blob/82e57526/modules/group-manager/src/main/resources/grouperUtf8.txt ---------------------------------------------------------------------- diff --git a/modules/group-manager/src/main/resources/grouperUtf8.txt b/modules/group-manager/src/main/resources/grouperUtf8.txt deleted file mode 100755 index 526f696..0000000 --- a/modules/group-manager/src/main/resources/grouperUtf8.txt +++ /dev/null @@ -1 +0,0 @@ -ٹٺٻټÙÙÙ \ No newline at end of file
