# # Copyright 2014 Internet2 # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # # Subject configuration # $Id: subject.base.properties,v 1.24 2009-12-30 04:23:02 mchyzer Exp $ # # The subject proprties uses Grouper Configuration Overlays (documented on wiki) # By default the configuration is read from subject.base.properties # (which should not be edited), and the subject.properties overlays # the base settings. See the subject.base.properties for the possible # settings that can be applied to the subject.properties ######################################### ## Configuration for source id: ldap ## Source configName: ldap ######################################### subjectApi.source.ldap.id = ldap # this is a friendly name for the source subjectApi.source.ldap.name = ldapUR-eppn # type is not used all that much. Can have multiple types, comma separate. Can be person, group, application subjectApi.source.ldap.types = person # the adapter class implements the interface: edu.internet2.middleware.subject.Source # adapter class must extend: edu.internet2.middleware.subject.provider.BaseSourceAdapter # edu.internet2.middleware.grouper.subj.GrouperJdbcSourceAdapter2 : if doing JDBC this should be used if possible. All subject da ta in one table/view. # edu.internet2.middleware.grouper.subj.GrouperJdbcSourceAdapter : oldest JDBC source. Put freeform queries in here # edu.internet2.middleware.grouper.subj.GrouperJndiSourceAdapter : used for LDAP subjectApi.source.ldap.adapterClass = edu.internet2.middleware.grouper.subj.GrouperJndiSourceAdapter # configuration in grouper-loader.properties with the ldap connection information (e.g. url, user, password, pooling, etc) subjectApi.source.ldap.param.ldapServerId.value=personLdap # e.g. com.sun.jndi.ldap.LdapCtxFactory subjectApi.source.ldap.param.INITIAL_CONTEXT_FACTORY.value = com.sun.jndi.ldap.LdapCtxFactory # e.g. ldap://localhost:389 subjectApi.source.ldap.param.PROVIDER_URL.value = ldap://localhost # e.g. simple, none, sasl_mech subjectApi.source.ldap.param.SECURITY_AUTHENTICATION.value = simple subjectApi.source.ldap.param.SECURITY_PRINCIPAL.value = cn=admin,dc=univ-ville,dc=fr subjectApi.source.ldap.param.SECURITY_CREDENTIALS.value = azerty # ldap attribute which is the subject id. e.g. exampleEduRegID Each subject has one and only one subject id. Generally it is opaque and permanent. subjectApi.source.ldap.param.SubjectID_AttributeType.value = eduPersonPrincipalName # if the subject id should be changed to lower case after reading from datastore. true or false subjectApi.source.ldap.param.SubjectID_formatToLowerCase.value = false # attribute which is the subject name subjectApi.source.ldap.param.Name_AttributeType.value = cn # attribute which is the subject description subjectApi.source.ldap.param.Description_AttributeType.value = cn # the 1st sort attribute for lists on screen that are derived from member table (e.g. search for member in group) # you can have up to 5 sort attributes subjectApi.source.ldap.param.sortAttribute0.value = cn # the 1st search attribute for lists on screen that are derived from member table (e.g. search for member in group) # you can have up to 5 search attributes subjectApi.source.ldap.param.searchAttribute0.value = cn #searchSubject: find a subject by ID. ID is generally an opaque and permanent identifier, e.g. 12345678. # Each subject has one and only on ID. Returns one result when searching for one ID. # sql is the sql to search for the subject by id. %TERM% will be subsituted by the id searched for subjectApi.source.ldap.search.searchSubject.param.filter.value = (eduPersonPrincipalName=%TERM%) # Scope Values can be: OBJECT_SCOPE, ONELEVEL_SCOPE, SUBTREE_SCOPE subjectApi.source.ldap.search.searchSubject.param.scope.value = ONELEVEL_SCOPE # base dn to search in subjectApi.source.ldap.search.searchSubject.param.base.value = ou=people,dc=univ-ville,dc=fr #searchSubjectByIdentifier: find a subject by identifier. Identifier is anything that uniquely # identifies the user, e.g. jsmith or jsmith@institution.edu. # Subjects can have multiple identifiers. Note: it is nice to have if identifiers are unique # even across sources. Returns one result when searching for one identifier. # sql is the sql to search for the subject by identifier. %TERM% will be subsituted by the identifier searched for subjectApi.source.ldap.search.searchSubjectByIdentifier.param.filter.value = (|(uid=%TERM%)(eduPersonPrincipalName=%TERM%)) # Scope Values can be: OBJECT_SCOPE, ONELEVEL_SCOPE, SUBTREE_SCOPE subjectApi.source.ldap.search.searchSubjectByIdentifier.param.scope.value = ONELEVEL_SCOPE # base dn to search in subjectApi.source.ldap.search.searchSubjectByIdentifier.param.base.value = ou=people,dc=univ-ville,dc=fr # search: find subjects by free form search. Returns multiple results. # sql is the sql to search for the subject by free form search. %TERM% will be subsituted by the text searched for subjectApi.source.ldap.search.search.param.filter.value = (|(uid=%TERM%)(cn=*%TERM%*)) # Scope Values can be: OBJECT_SCOPE, ONELEVEL_SCOPE, SUBTREE_SCOPE subjectApi.source.ldap.search.search.param.scope.value = ONELEVEL_SCOPE # base dn to search in subjectApi.source.ldap.search.search.param.base.value = ou=people,dc=univ-ville,dc=fr # attributes from ldap object to become subject attributes. comma separated subjectApi.source.ldap.attributes = cn, sn, givenName, mail, uid, eduPersonPrincipalName # internal attributes are used by grouper only not exposed to code that uses subjects. comma separated subjectApi.source.ldap.internalAttributes = searchAttribute0