# # Grouper Configuration # $Id: grouper.example.properties,v 1.48 2009-12-16 06:02:30 mchyzer Exp $ # ######################################## ## General settings ######################################## #put the URL which will be used e.g. in emails to users. include the webappname at the end, and nothing after that. #e.g. https://server.school.edu/grouper/ grouper.ui.url = https://grouper.univ-ville.fr/grouper/ ################################### ## security settings ################################### # If set to _true_, the ALL subject will be granted that privilege on # each new group that is created. Note, you can override the default # checkboxes on screen of UI in media.properties. groups.create.grant.all.admin = false groups.create.grant.all.update = false groups.create.grant.all.view = true # grouper.properties: groups are non readable and non viewable by default groups.create.grant.all.view = false groups.create.grant.all.read = false # A wheel group allows you to enable non-GrouperSystem subjects to act # like a root user when interacting with the registry. # use groups.wheel.use for admins groups.wheel.use = true ################################### ## Group attribute validation via regex ## You can attach a regex to an attribute name (including built ins) ## If none are registered, the built in hook will not be enabled ## The built ins are description, displayName, extension, displayExtension, name ## Configure a group.attribute.validator.attributeName.X for attribute name ## group.attribute.validator.regex.X for the regex ## group.attribute.validator.vetoMessage.X for the veto message (can contain the variable $attributeValue$ which will substitute) ## the X must be a sequential integer which groups the config entries together. ## do not repeat two config entries ################################### #Attach a regex validator by attribute name #disallow group IDs containing the following chars: \\ [ ] : ; | = , + * ? < > " (for Active Directory sAMAccountName) group.attribute.validator.attributeName.0=extension group.attribute.validator.regex.0=^[0-9A-Za-z!#\\$%&'()\\-@^_`{}~]+$ group.attribute.validator.vetoMessage.0=L'ID de groupe '$attributeValue$' est invalide. Les caract\u00E8res autoris\u00E9s sont les suivants : !#\$%&'()-0123456789@ABCDEFGHIJKLMNOPQRSTUVWXYZ^_`abcdefghijklmnopqrstuvwxyz{}~ # group.attribute.validator.attributeName.1=name group.attribute.validator.regex.1=^[:0-9A-Za-z!#\\$%&'()\\-@^_`{}~]+$ group.attribute.validator.vetoMessage.1=Le chemin du groupe '$attributeValue$' est invalide. Les caract\u00E8res autoris\u00E9s pour le dossier sont les suivants : !#\$%&'()-0123456789@ABCDEFGHIJKLMNOPQRSTUVWXYZ^_`abcdefghijklmnopqrstuvwxyz{}~ ##################################### ## Database structure data definition language (DDL) settings ##################################### # if your database is locking to broadly (e.g. table level), and it causes deadlocks, # maybe you need to turn off nested transactions... ddlutils.use.nestedTransactions = true ddlutils.schema = public ##################################### ## mail settings (optional, e.g. for daily report form loader) ##################################### #smtp server is a domain name or dns name. set to "testing" if you want to log instead of send (e.g. for testing) #conf: configure various things for externalUsers registration/invitation to work mail.smtp.server = smtp.univ-ville.fr #leave blank if unauthenticated #mail.smtp.user = #leave blank if unauthenticated #mail.smtp.pass = #leave blank or false for no ssl, true for ssl #mail.smtp.ssl = #leave blank for default (probably 25), if ssl is true, default is 465, else specify #mail.smtp.port = #this is the default email address where mail from grouper will come from #configure mail.from.address: no-reply@univ-ville.fr mail.smtp.from.address = Grouper Test Ville #this is the subject prefix of emails, which will help differentiate prod vs test vs dev etc mail.subject.prefix = ##################################### ## misc settings which probably dont need to be changed ##################################### # Use this interface implementation for access privileges privileges.access.interface = edu.internet2.middleware.grouper.GrouperAccessAdapter # Use this interface implementation for naming privileges privileges.naming.interface = edu.internet2.middleware.grouper.GrouperNamingAdapter # Use this interface implementation for attributeDef privileges privileges.attributeDef.interface = edu.internet2.middleware.grouper.privs.GrouperAttributeDefAdapter ##################################### ## testing settings ##################################### # if the external subject tests should be included when running all tests, note you need the jabber attribute in the view (default false) junit.test.externalSubjects = true ##################################### ## External subjects ##################################### # externalUsers: nicer "description", add sn, add cn, ignore instituation, allow registration without invitations (need updating SQL view grouper_ext_subj_v) #manages the description of a user automatically #externalUsers: nicer "description", add sn, add cn, ignore instituation, allow registration without invitations (need updating SQL view grouper_ext_subj_v) externalSubjects.desc.el = ${externalSubject.name} (${externalSubject.identifier}) #search and sort strings added to member objects externalSubjects.searchAttribute0.el = ${subject.name},${subjectUtils.defaultIfBlank(subject.getAttributeValue("identifier"), "")},${subject.id},${subjectUtils.defaultIfBlank(subject.getAttributeValue("email"), "")} externalSubjects.sortAttribute2.el = ${subjectUtils.defaultIfBlank(subject.getAttributeValue("email"), "")} # these field names (uuid, institution, identifier, uuid, email, name) or attribute names # will be toLowered, and appended with comma separators. e.g. if you add attributes, add them here too externalSubjects.searchStringFields = name, identifier, uuid, email # note, this must be only alphanumeric lower case or underscore # (valid db column name, subject attribute name) #externalSubjects.attributes.jabber.systemName = jabber #externalSubjects.attributes.jabber.required = false # comment on column in DB (no special characters allowed) #externalSubjects.attributes.jabber.comment = The jabber ID of the user #externalUsers: nicer "description", add sn, add cn, ignore instituation, allow registration without invitations (need updating SQL view grouper_ext_subj_v) externalSubjects.attributes.givenname.friendlyName = Prenom externalSubjects.attributes.givenname.comment = Prenom externalSubjects.attributes.givenname.systemName = givenname externalSubjects.attributes.givenname.required = false externalSubjects.attributes.sn.friendlyName = Nom externalSubjects.attributes.sn.comment = Nom de famille externalSubjects.attributes.sn.systemName = sn externalSubjects.attributes.sn.required = false externalSubjects.attributes.cn.friendlyName = Nom complet externalSubjects.attributes.cn.comment = Nom complet externalSubjects.attributes.cn.systemName = cn externalSubjects.attributes.cn.required = false # add multiple group assignment actions by URL param: externalSubjectInviteName #externalSubjects.autoadd.testingLibrary.externalSubjectInviteName=library # comma separated groups to add for this type of invite #externalSubjects.autoadd.testingLibrary.groups= # should be insert, update, or insert,update #externalSubjects.autoadd.testingLibrary.actions=insert,update # should be insert, update, or insert,update #externalSubjects.autoadd.testingLibrary.expireAfterDays= #if registrations are only allowed if invited or existing... externalSubjects.registerRequiresInvite=false #make sure the identifier when logging in is like an email address or eppn, e.g. username@school.edu #disable externalSubjects.validateIndentiferLikeEmail so that persons with an IDP only giving persistentId works #example of such a persistentId: https://idp.univ-paris4.fr/idp/shibboleth!https://grouper.univ-ville.fr!Xxxxxxxxxxxxxxxxxxxxxxxxxxx= externalSubjects.validateIndentiferLikeEmail=false #put regexes here, increment the 0 for multiple entries, e.g. restrict your own institution #note, the extensions must be sequential (dont skip), regex e.g. ^.*@myschool\\.edu$ #externalUsers: forbid xxx@univ-ville.fr eppns (which would be invalid in LDAP externalPeople branch) externalSubjects.regexForInvalidIdentifier.0=^.*@univ-ville\\.fr$