airavata-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From scnakand...@apache.org
Subject [13/57] airavata git commit: adding more files
Date Thu, 28 Jul 2016 17:45:27 GMT
http://git-wip-us.apache.org/repos/asf/airavata/blob/89e0fdc8/modules/group-manager/src/main/resources/grouper.base.properties
----------------------------------------------------------------------
diff --git a/modules/group-manager/src/main/resources/grouper.base.properties b/modules/group-manager/src/main/resources/grouper.base.properties
new file mode 100755
index 0000000..1cc0805
--- /dev/null
+++ b/modules/group-manager/src/main/resources/grouper.base.properties
@@ -0,0 +1,1017 @@
+#
+# Copyright 2014 Internet2
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+#
+# Grouper Configuration
+# $Id: grouper.example.properties,v 1.48 2009-12-16 06:02:30 mchyzer Exp $
+#
+
+# Grouper uses Grouper Configuration Overlays (documented on wiki)
+# By default the configuration is read from grouper.base.properties
+# (which should not be edited), and the grouper.properties overlays
+# the base settings.  See the grouper.base.properties for the possible
+# settings that can be applied to the grouper.properties
+
+
+########################################
+## Config chaining hierarchy
+########################################
+
+# comma separated config files that override each other (files on the right override the left)
+# each should start with file: or classpath:
+# e.g. classpath:grouper.example.properties, file:c:/something/myconfig.properties
+grouper.config.hierarchy = classpath:grouper.base.properties, classpath:grouper.properties
+
+# seconds between checking to see if the config files are updated
+grouper.config.secondsBetweenUpdateChecks = 60
+
+
+########################################
+## General settings
+########################################
+
+# in cases where grouper is logging or emailing, it will use this to differentiate test vs dev vs prod
+grouper.env.name = 
+
+#put the URL which will be used e.g. in emails to users.  include the webappname at the end, and nothing after that.
+#e.g. https://server.school.edu/grouper/
+grouper.ui.url =
+
+# tmp dir to use, will set this to the env var for tmp dir during cache operations...
+# note, if you are using a backslash, you need to escape it with another, e.g. c:\\temp
+# see the temp dir in logs with this in log4j.properties
+# log4j.logger.edu.internet2.middleware.grouper.util.GrouperUtil = INFO
+grouper.tmp.dir = 
+
+# main stem for grouper built in objects
+# Note: there are more locations to change than just this
+grouper.rootStemForBuiltinObjects = etc
+
+#######################################
+## inititalization and configuration settings
+#######################################
+
+#if grouper should auto init the registry if not initted (i.e. insert the root stem, built in fields, etc)
+#defaults to true
+registry.autoinit = true
+
+#if grouper should try and detect and log configuration errors on startup
+#in general this should be true, unless the output is too annoying or if it is causing a problem
+configuration.detect.errors = true
+
+#if the startup message should display
+configuration.display.startup.message = true
+
+#if groups like the wheel group should be auto-created for convenience (note: check config needs to be on)
+configuration.autocreate.system.groups = false
+
+#auto-create groups (increment the integer index), and auto-populate with users 
+#(comma separated subject ids) to bootstrap the registry on startup
+#(note: check config needs to be on)
+#configuration.autocreate.group.name.0 = etc:uiUsers
+#configuration.autocreate.group.description.0 = users allowed to log in to the UI
+#configuration.autocreate.group.subjects.0 = johnsmith
+
+# if should check java version and make sure ok
+configuration.checkJavaVersion = true
+
+# if should check database and utf in new thread
+configuration.checkDatabaseAndUtf.inNewThread = true
+
+# if grouper should check to see if the database has case sensitive selects
+configuration.detect.db.caseSensitive.problems = true
+configuration.display.db.caseSensitive.success.message = false
+
+# if grouper should check to see if utf-8 works on startup in files
+configuration.detect.utf8.file.problems = true
+# if grouper should check to see if utf-8 works on startup in the database
+configuration.detect.utf8.problems = true
+configuration.display.utf8.success.message = false
+
+# if grouper in the utf8 check will check to see if grouper supports transaction
+configuration.detect.db.transaction.problems = true
+configuration.display.transaction.success.message = false
+
+###################################
+## security settings
+###################################
+
+# If set to _true_, the ALL subject will be granted that privilege on
+# each new group that is created.  Note, you can override the default
+# checkboxes on screen of UI in media.properties.
+groups.create.grant.all.optin         = false
+groups.create.grant.all.optout        = false
+groups.create.grant.all.read          = false
+groups.create.grant.all.view          = false
+groups.create.grant.all.groupAttrRead = false
+
+# If set to _true_, the ALL subject will be granted that privilege on
+# each new stem that is created.  
+stems.create.grant.all.create         = false
+stems.create.grant.all.stemAdmin      = false
+stems.create.grant.all.stemAttrRead   = false
+stems.create.grant.all.stemAttrUpdate = false
+
+# If set to _true_, the ALL subject will be granted that privilege on
+# each new attributeDef that is created.  
+attributeDefs.create.grant.all.attrAdmin         = false
+attributeDefs.create.grant.all.attrOptin         = false
+attributeDefs.create.grant.all.attrOptout        = false
+attributeDefs.create.grant.all.attrRead          = false
+attributeDefs.create.grant.all.attrUpdate        = false
+attributeDefs.create.grant.all.attrView          = false
+attributeDefs.create.grant.all.attrDefAttrRead   = false
+attributeDefs.create.grant.all.attrDefAttrUpdate = false
+
+# if set to true, then the ALL subject will be granted view on new entities
+entities.create.grant.all.view = false
+
+
+# A wheel group allows you to enable non-GrouperSystem subjects to act
+# like a root user when interacting with the registry.
+groups.wheel.use                      = false
+
+# Set to the name of the group you want to treat as the wheel group.
+# The members of this group will be treated as root-like users.
+groups.wheel.group                    = etc:sysadmingroup
+
+# A viewonly wheel group allows you to enable non-GrouperSystem subjects to act
+# like a root user when viewing the registry.
+groups.wheel.viewonly.use                      = false
+
+# Set to the name of the group you want to treat as the viewonly wheel group.
+# The members of this group will be treated as root-like users when viewing objects.
+groups.wheel.viewonly.group                    = etc:sysadminViewersGroup
+
+# A readonly wheel group allows you to enable non-GrouperSystem subjects to act
+# like a root user when reading the registry.
+groups.wheel.readonly.use                      = false
+
+# Set to the name of the group you want to treat as the readonly wheel group.
+# The members of this group will be treated as root-like users when reading objects.
+groups.wheel.readonly.group                    = etc:sysadminReadersGroup
+
+
+# To change the internal names for GrouperAll and GrouperSystem
+# uncomment and change. Review UI nav.properties to ensure consistency
+subject.internal.grouperall.name   = EveryEntity
+subject.internal.groupersystem.name   = GrouperSysAdmin
+
+# Search and sort strings for internal users
+internalSubjects.searchAttribute0.el = ${subject.name},${subject.id}
+internalSubjects.sortAttribute0.el = ${subject.name}
+
+
+#by default, anyone with admin rights on a group can edit the types or attributes
+#specify types (related attributes will also be protected) which are wheel only, or restricted to a certain group
+#security.types.typeName.wheelOnly = true
+security.types.grouperLoader.wheelOnly = true
+security.types.grouperGroupMembershipSettings.wheelOnly = true
+
+#security.types.typeName.allowOnlyGroup = etc:someAdminGroup
+
+
+# If this property is set, then to move a stem, in addition to having the appropriate stem privileges for the stem being moved and the destination stem,
+# a user must also be a member of the defined group.  Note that users in the wheel group will have access regardless of this property.
+#security.stem.groupAllowedToMoveStem = etc:someAdminGroup
+
+# If this property is set, then to rename a stem, in addition to having the appropriate stem privilege for the stem being renamed,
+# a user must also be a member of the defined group.  Note that users in the wheel group will have access regardless of this property.
+#security.stem.groupAllowedToRenameStem = etc:someAdminGroup
+
+# If this property is set, then to copy a stem, a user must be a member of the defined group.  Note that users in the wheel group will have access regardless of this property.
+#security.stem.groupAllowedToCopyStem = etc:someAdminGroup
+
+# By default, all users have access to sort using any of the sort strings in the member table and search using any of the search strings in the member table.
+# You can restrict to wheel only or to a certain group.
+#security.member.sort.string0.allowOnlyGroup = etc:someGroup
+#security.member.sort.string1.allowOnlyGroup = etc:someGroup
+#security.member.sort.string2.wheelOnly = true
+#security.member.sort.string3.wheelOnly = true
+#security.member.sort.string4.wheelOnly = true
+#security.member.search.string0.allowOnlyGroup = etc:someGroup
+#security.member.search.string1.allowOnlyGroup = etc:someGroup
+#security.member.search.string2.wheelOnly = true
+#security.member.search.string3.wheelOnly = true
+#security.member.search.string4.wheelOnly = true
+
+
+###################################
+## Member sort and search
+###################################
+
+# Attributes of members are kept in the grouper_members table to allow easy sorting and searching (for instance when listing group members).
+# When performing a sort or search and an index is not specified, then a default index will be used as configured below.  The value is comma-separated,
+# so that if the user does not have access to the first index, then next will be tried and so forth.
+# Note:  all sources should have attributes configured for all default indexes.
+member.search.defaultIndexOrder=0
+member.sort.defaultIndexOrder=0
+
+
+###################################
+## whitelist (allow) and blacklist (deny) for db/ldap data or object deletes, without prompting the user to confirm
+## if a listing is in the whitelist (allow), it will be allowed to delete db/ldap
+## if a listing is in the blacklist (deny), it will be denied from deleting db/ldap
+## multiple inputs can be entered with .0, .1, .2, etc.  These numbers must be sequential, starting with 0
+###################################
+
+db.change.allow.user.0=sa
+db.change.allow.url.0=jdbc:hsqldb:hsql://localhost:9001/grouper
+db.change.allow.user.1=grouper1
+db.change.allow.url.1=jdbc:mysql://localhost:3306/grouper1
+
+db.change.deny.user.0=grouper2
+db.change.deny.url.0=jdbc:mysql://localhost:3306/grouper2
+
+# db.change.allow.user.2=uid=admin,ou=system
+# db.change.allow.url.2=ldap://localhost:10389
+
+# if should give error when detect driver mismatch (set to false if using an 
+# unknown driver, and tell the grouper team so we can add to list)
+db.log.driver.mismatch = true
+
+###################################
+## Grouper include / exclude and requireGroups
+## If enabled, will make sure the Type is installed, and when that type is
+## applied to a group, it will auto-create the other groups needed to manage the include and exclude lists
+## see: https://bugs.internet2.edu/jira/browse/GRP-178
+## the naming settings below are only used when the type is applied to a group, will not affect
+## existing include/exclude groups
+###################################
+
+#if the addIncludeExclude and requireInGroups should be enabled, and if the type(s) should be 
+#auto-created, and used to auto create groups to facilitate include and exclude lists, and require lists
+grouperIncludeExclude.use = false
+grouperIncludeExclude.requireGroups.use = false
+
+#for requireGroups (groups that the members must be to be in the overall group).  name is the name of the attribute or type
+#attributeOrType is either attribute for an attribute underneath the requireInGroups type, or type to be a top level type
+#group is the group to be anded in.  note attributes are a global namespace, so you might want to use a naming convention,
+#e.g. prefix with "require".  description is the tooltip.  add as many as you like.
+#grouperIncludeExclude.requireGroup.name.0 = requireActiveEmployee
+#grouperIncludeExclude.requireGroup.attributeOrType.0 = type
+#grouperIncludeExclude.requireGroup.group.0 = school:community:activeEmployee
+#grouperIncludeExclude.requireGroup.description.0 = If value is true, members of the overall group must be an active employee (in the school:community:activeEmployee group).  Otherwise, leave this value not filled in.
+
+#grouperIncludeExclude.requireGroup.name.1 = requireActiveStudent
+#grouperIncludeExclude.requireGroup.attributeOrType.1 = attribute
+#grouperIncludeExclude.requireGroup.group.1 = school:community:activeStudent
+#grouperIncludeExclude.requireGroup.description.1 = If value is true, members of the overall group must be an active student (in the school:community:activeStudent group).  Otherwise leave this value not filled in.
+
+
+# set some names and tooltips
+grouperIncludeExclude.type.name = addIncludeExclude
+grouperIncludeExclude.tooltip = Select this type to auto-create other groups which facilitate having include and exclude list
+
+grouperIncludeExclude.requireGroups.type.name = requireInGroups
+grouperIncludeExclude.requireGroups.tooltip = Select this type to auto-create other groups which set up group math so that other groups can be required for membership (e.g. activeEmployee)
+
+#leave grouperIncludeExclude.andGroups.attributeName blank if you dont want to use this attribute...  
+#though if you were using it, it wont remove already configured groups
+grouperIncludeExclude.requireGroups.attributeName = requireAlsoInGroups
+grouperIncludeExclude.requireGroups.attribute.tooltip = Enter in comma separated group path(s).  An entity must be in these groups for it to be in the overall group.  e.g. stem1:stem2:group1, stem1:stem3:group2
+
+#suffixes for various include/exclude groups (can use ${space} for space).
+#note, these should uniquely identify various parts of the include/exclude.
+#i.e. if the grouperIncludeExclude type is applied to a group with a suffix of the include suffix,
+#the other groups will not be created...
+grouperIncludeExclude.systemOfRecord.extension.suffix = _systemOfRecord
+grouperIncludeExclude.include.extension.suffix = _includes
+grouperIncludeExclude.exclude.extension.suffix = _excludes
+grouperIncludeExclude.systemOfRecordAndIncludes.extension.suffix = _systemOfRecordAndIncludes
+grouperIncludeExclude.includesMinusExcludes.extension.suffix = _includesMinusExcludes
+#note, put a ${i} in there for where the 1 based index will go
+grouperIncludeExclude.requireGroups.extension.suffix = _requireGroups${i}
+
+#suffixes for various include/exclude groups (can use ${space} for space)
+grouperIncludeExclude.systemOfRecord.displayExtension.suffix = ${space}system of record
+grouperIncludeExclude.include.displayExtension.suffix = ${space}includes
+grouperIncludeExclude.exclude.displayExtension.suffix = ${space}excludes
+grouperIncludeExclude.systemOfRecordAndIncludes.displayExtension.suffix = ${space}system of record and includes
+grouperIncludeExclude.includesMinusExcludes.displayExtension.suffix = ${space}includes minus excludes
+#note, put a ${i} in there for where the 1 based index will go
+grouperIncludeExclude.requireGroups.displayExtension.suffix = ${space}requireGroups ${i}
+
+#can use ${extension} as the group extension, or ${displayExtension} for group display extension
+grouperIncludeExclude.overall.description = Group containing list of ${displayExtension} after adding the includes and subtracting the excludes
+grouperIncludeExclude.systemOfRecord.description = Group containing list of ${displayExtension} (generally straight from the system of record) without yet considering manual include or exclude lists
+grouperIncludeExclude.include.description = Group containing manual list of includes for group ${displayExtension} which will be added to the system of record list (unless the subject is also in the excludes group)
+grouperIncludeExclude.exclude.description = Group containing manual list of excludes for group ${displayExtension} which will not be in the overall group
+grouperIncludeExclude.systemOfRecordAndIncludes.description = Internal utility group for group ${displayExtension} which facilitates the group math for the include and exclude lists
+grouperIncludeExclude.includesMinusExclude.description = Internal utility group for group ${displayExtension} which facilitates includes, excludes, and required groups (e.g. activeEmployee)
+#note, put a ${i} in there for where the 1 based index will go
+grouperIncludeExclude.requireGroups.description = Internal utility group for group ${displayExtension} which facilitates required groups (e.g. activeEmployee)
+
+
+###################################
+## Subject settings
+###################################
+
+# if finding across multiple threadable sources, use threads to do the work faster
+subjects.allPage.useThreadForkJoin = false
+
+# if finding across multiple threadable sources, use threads to do the work faster
+subjects.idOrIdentifier.useThreadForkJoin = false
+
+# if the creator and last updater should be group subject attributes (you get
+# a performance gain if you set to false, but if true you can see subject id from UI in 2.0
+subjects.group.useCreatorAndModifierAsSubjectAttributes = true
+
+# customize subjects by implementing this interface: edu.internet2.middleware.grouper.subj.SubjectCustomizer
+# or extending this class: edu.internet2.middleware.grouper.subj.SubjectCustomizerBase (recommended)
+# note the instance will be reused to make sure it is threadsafe
+subjects.customizer.className = 
+
+# if we should use a root session if one isnt started for subject lookups (behavior in v2.0-
+subjects.startRootSessionIfOneIsntStarted = false
+
+###################################
+## Hooks
+## You can register multiple classes for one hook base class by comma separating the hooks implementations
+## You can also register hooks at runtime with: 
+## GrouperHookType.addHookManual("hooks.group.class", YourSchoolGroupHooks2.class);
+###################################
+
+#implement a group attribute hook by extending edu.internet2.middleware.grouper.hooks.AttributeHooks
+#hooks.attribute.class=edu.yourSchool.it.YourSchoolGroupHooks,edu.yourSchool.it.YourSchoolGroupHooks2
+
+#implement an attribute def hook by extending edu.internet2.middleware.grouper.hooks.AttributeDefHooks
+#hooks.attributeDef.class=edu.yourSchool.it.YourSchoolAttributeDefHooks,edu.yourSchool.it.YourSchoolAttributeDefHooks2
+
+#implement an attribute def name hook by extending edu.internet2.middleware.grouper.hooks.AttributeDefNameHooks
+#hooks.attributeDefName.class=edu.yourSchool.it.YourSchoolAttributeDefNameHooks,edu.yourSchool.it.YourSchoolAttributeDefNameHooks2
+
+#implement an attribute assign hook by extending edu.internet2.middleware.grouper.hooks.AttributeAssignHooks
+#hooks.attributeAssign.class=edu.yourSchool.it.YourSchoolAttributeAssignHooks,edu.yourSchool.it.YourSchoolAttributeAssignHooks2
+
+#implement an attribute assign hook by extending edu.internet2.middleware.grouper.hooks.AttributeAssignValueHooks
+#hooks.attributeAssignValue.class=edu.yourSchool.it.YourSchoolAttributeAssignValueHooks,edu.yourSchool.it.YourSchoolAttributeAssignValueHooks2
+
+#implement a group hook by extending edu.internet2.middleware.grouper.hooks.GroupHooks
+#hooks.group.class=edu.yourSchool.it.YourSchoolGroupHooks,edu.yourSchool.it.YourSchoolGroupHooks2
+
+#implement a grouper lifecycle hook by extending edu.internet2.middleware.grouper.hooks.LifecycleHooks
+#hooks.lifecycle.class=edu.yourSchool.it.YourSchoolLifecycleHooks
+
+#implement a membership hook by extending edu.internet2.middleware.grouper.hooks.MembershipHooks
+#hooks.membership.class=edu.yourSchool.it.YourSchoolMembershipHooks
+
+#implement a member hook by extending edu.internet2.middleware.grouper.hooks.MemberHooks
+#hooks.member.class=edu.yourSchool.it.YourSchoolMemberHooks
+
+#implement a stem hook by extending edu.internet2.middleware.grouper.hooks.StemHooks
+#hooks.stem.class=edu.yourSchool.it.YourSchoolStemHooks
+
+#implement a composite hook by extending edu.internet2.middleware.grouper.hooks.CompositeHooks
+#hooks.composite.class=edu.yourSchool.it.YourSchoolCompositeHooks
+
+#implement a field hook by extending edu.internet2.middleware.grouper.hooks.FieldHooks
+#hooks.field.class=edu.yourSchool.it.YourSchoolFieldHooks
+
+#implement a grouperSession hook by extending edu.internet2.middleware.grouper.hooks.GrouperSessionHooks
+#hooks.grouperSession.class=edu.yourSchool.it.YourSchoolGrouperSessionHooks
+
+#implement a groupType hook by extending edu.internet2.middleware.grouper.hooks.GroupTypeHooks
+#hooks.groupType.class=edu.yourSchool.it.YourSchoolGroupTypeHooks
+
+#implement a groupTypeTuple hook by extending edu.internet2.middleware.grouper.hooks.GroupTypeTupleHooks
+#hooks.groupTypeTuple.class=edu.yourSchool.it.YourSchoolGroupTypeTupleHooks
+
+#implement a loader hook by extending edu.internet2.middleware.grouper.hooks.LoaderHooks
+#hooks.loader.class=edu.yourSchool.it.YourSchoolLoaderHooks
+
+#implement an external subject hook by extending edu.internet2.middleware.grouper.hooks.ExternalSubjectHooks
+#hooks.externalSubject.class=edu.yourSchool.it.YourSchoolExternalSubjectHooks
+
+###################################
+## Rules
+###################################
+
+# Rules users who are in the following group can use the actAs field to act as someone else
+# You can put multiple groups separated by commas.  e.g. a:b:c, e:f:g
+# You can put a single entry as the group the calling user has to be in, and the grouper the actAs has to be in
+# separated by 4 colons
+# e.g. if the configured values is:       a:b:c, e:f:d :::: r:e:w, x:e:w
+# then if the calling user is in a:b:c or x:e:w, then the actAs can be anyone
+# if not, then if the calling user is in e:f:d, then the actAs must be in r:e:w.  If multiple rules, then 
+# if one passes, then it is a success, if they all fail, then fail.
+rules.act.as.group = 
+
+# any actAs subject in this group has access to more objects when the EL fires on 
+# the IF or THEN EL clause
+rules.accessToApiInEl.group = 
+
+# cache the decision to allow a user to actAs another, so it doesnt have to be calculated each time
+# defaults to 30 minutes
+rules.act.as.cache.minutes = 30
+
+# uuids (comma separated) of the attribute assign record which is the rule type to the owner object
+# e.g. SELECT gaagv.attribute_assign_id FROM grouper_attr_asn_group_v gaagv WHERE gaagv.attribute_def_name_name LIKE '%:rule' AND gaagv.group_name = 'stem:a'
+# make sure log info level is set for RuleEngine
+# log4j.logger.edu.internet2.middleware.grouper.rules.RuleEngine = INFO
+rules.attributeAssignTypeIdsToLog = abc1234abc123, def456def345
+
+# if this is true, then log a lot of info about why rules do or do not fire... only turn on temporarily
+# since it takes a lot of resources...  note you need log DEBUG set for the rules engine in log4j.properties too e.g.
+# log4j.logger.edu.internet2.middleware.grouper.rules = DEBUG
+rules.logWhyRulesDontFire = false
+
+# put in fully qualified classes to add to the EL context.  Note that they need a default constructor
+# comma separated.  The alias will be the simple class name without a first cap.
+# e.g. if the class is test.Test the alias is "test"
+rules.customElClasses = 
+
+# If the CHECK, IF, and THEN are all exactly what is needed for managing inherited stem privileges
+# Then allow an actAs GrouperSystem in source g:isa
+rules.allowActAsGrouperSystemForInheritedStemPrivileges = 
+
+# If not blank, then keep email templates in this folder instead of classpath
+# If in classpath, it is classpath: grouperRulesEmailTemplates/someTemplate.txt
+rules.emailTemplatesFolder = 
+
+
+###################################
+## Group attribute validation via regex
+## You can attach a regex to an attribute name (including built ins)
+## If none are registered, the built in hook will not be enabled
+## The built ins are description, displayName, extension, displayExtension, name
+## Configure a group.attribute.validator.attributeName.X for attribute name
+## group.attribute.validator.regex.X for the regex
+## group.attribute.validator.vetoMessage.X for the veto message (can contain the variable $attributeValue$ which will substitute)
+## the X must be a sequential integer which groups the config entries together.
+## do not repeat two config entries
+###################################
+
+#Attach a regex validator by attribute name
+#group.attribute.validator.attributeName.0=extension
+#group.attribute.validator.regex.0=^[a-zA-Z0-9]+$
+#group.attribute.validator.vetoMessage.0=Group ID '$attributeValue$' is invalid since it must contain only alpha-numerics
+#
+#group.attribute.validator.attributeName.1=displayExtension
+#group.attribute.validator.regex.1=^[a-zA-Z0-9 ]+$
+#group.attribute.validator.vetoMessage.1=Group name '$attributeValue$' is invalid since it must contain only alpha-numerics or spaces
+
+#####################################
+## Audit settings
+#####################################
+
+# if set to true, then exceptions will be thrown if any actions are not audited... exceptions
+# should not be thrown since everything should be audited, so this is a switch to make it absorb
+# errors if there is a problem (will be logged instead if second param is true)
+audit.requireAuditsForAllActions = false
+audit.logAuditsForMissingActions = false
+
+#####################################
+## Change log settings
+#####################################
+
+# if we should insert records into grouper_change_log_temp when events happen
+# defaults to true.  Note, it is not currently supported to set this to false...
+changeLog.enabled = true
+
+
+#####################################
+## Settings to track last membership changes for groups and stems.
+#####################################
+
+# If true, when an immediate membership changes for a group (either a privilege or a list member), 
+# then an update will be made to the lastImmediateMembershipChange property for the group.
+groups.updateLastImmediateMembershipTime = false
+
+# If true, when an immediate, composite, or effective membership changes for a group (either a privilege or a list member), 
+# then an update will be made to the lastMembershipChange property for the group.
+groups.updateLastMembershipTime = false
+
+# If true, when an immediate or effective membership changes for a stem (this would be a naming privilege), 
+# then an update will be made to the lastMembershipChange property for the stem.
+stems.updateLastMembershipTime = false
+
+
+#####################################
+## Database structure data definition language (DDL) settings
+#####################################
+
+# Grouper DOES NOT WORK WITHOUT NESTED TRANSACTIONS!  This config parameter doesnt exist
+#ddlutils.use.nestedTransactions = true
+
+# ddlutils db name will be set by default, you can override it here, it must be one of:
+# axion, cloudscape, db2, db2v8, derby, firebird, hsqldb, interbase, maxdb, mckoi, 
+# mssql, mysql, mysql5, oracle, oracle10, oracle9, postgresql, sapdb, sybase, sybasease15, 
+#
+#ddlutils.dbname.override = oracle10
+
+# if you want to not create the subject tables (grouper examples for unit testing), 
+# then set this to true
+ddlutils.exclude.subject.tables = false
+
+# set the path where ddl scripts are generated (they will be uniquely named in this directory).
+# if blank, the directory used will be the current directory
+ddlutils.directory.for.scripts = ddlScripts
+
+# during schema export, should it install grouper data also or not.  e.g. insert the root stem, default true
+ddlutils.schemaexport.installGrouperData = true
+
+# when grouper starts, should it shut down if not right version?
+ddlutils.failIfNotRightVersion = true
+
+# after you have converted id's, and are happy with the conversion of removing the uuid col, 
+# this will remove the backup uuid cols when running the gsh command: gsh -registry -deep 
+ddlutils.dropBackupUuidCols = false
+
+# after you have converted field id foreign keys, and are happy with the conversion of removing the attribute name, 
+# membership list name, and type cols, 
+# this will remove the backup field name/type cols when running the gsh command: gsh -registry -deep  
+ddlutils.dropBackupFieldNameTypeCols = false
+
+# before the group name etc was moved to the grouper_groups table, the attributes table
+# was backed up.  If it should not be backed up, or if the upgrade is done and works, then it can
+# be removed, set to true, run: gsh -registry -deep 
+ddlutils.dropAttributeBackupTableFromGroupUpgrade = false
+
+# Since grouper_memberships no longer has effective memberships, that table doesn't need via_id,
+# depth and parent_membership.  If they were converted, this will drop the backup of those cols with: gsh -registry -deep 
+ddlutils.dropMembershipBackupColsFromOwnerViaUpgrade = false
+
+# After legacy attributes are converted, the backed up tables can be dropped with: gsh -registry -deep
+ddlutils.dropLegacyAttributes = false
+
+# this is the schema ddlutils uses to query metadata with jdbc.  usually this can be omitted,
+# and it defaults to your database loginid, however, in postgres, it can be different, so enter here
+# in sql server, it might need to be: dbo
+#ddlutils.schema = public
+
+#if you are running a DB that supports them, but you dont want them, disable comments here (defaults to false)
+ddlutils.disableComments = false
+
+#set to true and we wont subsitute varchar 4000 for text in mysql (wont work in innodb utf-8 databases
+ddlutils.dontSubstituteVarchar4000forTextMysql = false
+
+#####################################
+## mail settings (optional, e.g. for daily report form loader)
+#####################################
+
+#smtp server is a domain name or dns name.  set to "testing" if you want to log instead of send (e.g. for testing)
+#mail.smtp.server = whatever.school.edu
+
+#leave blank if unauthenticated
+#mail.smtp.user = 
+
+#leave blank if unauthenticated
+#mail.smtp.pass = 
+
+#leave blank or false for no ssl, true for ssl
+#mail.smtp.ssl = 
+
+#leave blank for default (probably 25), if ssl is true, default is 465, else specify
+#mail.smtp.port = 
+
+#this is the default email address where mail from grouper will come from
+#mail.from.address = noreply@school.edu
+
+#this is the subject prefix of emails, which will help differentiate prod vs test vs dev etc
+#mail.subject.prefix = TEST:
+
+#when running junit tests, this is the address that will be used
+#mail.test.address = a@b.c
+
+#####################################
+## misc settings which probably dont need to be changed
+#####################################
+
+dao.factory = edu.internet2.middleware.grouper.internal.dao.hib3.Hib3DAOFactory
+
+# if tables that are hibernated should have optimistic locking or not (assumes the data layer supports this, hibernate does)
+dao.optimisticLocking = true
+
+# set the API as readonly (e.g. during upgrades).  Any updates will throw an exception
+grouper.api.readonly = false
+
+# When searching for memberships using the getMemberships WS (or underlying API call), limit the number of memberships
+# which can be returned, else throws exception.  -1 means dont check.
+ws.getMemberships.maxResultSize = 30000
+
+# When searching for attribute assignments using the getAttributeAssignments WS (or underlying API call), limit the number of assignments
+# which can be returned, else throws exception.  -1 means dont check.
+ws.findAttrAssignments.maxResultSize = 30000
+
+# When searching attribute def names, this is max size
+findAllAttributeDefNames.maxResultSize = 30000
+
+# create the type and attribuute for membership lite ui config by group
+membershipUpdateLiteTypeAutoCreate = false
+
+grouper.tableIndex.group.minIndex = 10000
+grouper.tableIndex.stem.minIndex = 10000
+grouper.tableIndex.attributeDef.minIndex = 10000
+grouper.tableIndex.attributeDefName.minIndex = 10000
+
+# verify that table indexes are set and the pointers are ok, incurs a bit of overhead to grouper startup
+grouper.tableIndex.verifyOnStartup = true
+
+# in different circumstances, retrieve a different number of IDs at once.
+# if it is a system where the JVM is starting and stopping (e.g. GSH), then
+# dont reserve that many at once 
+grouper.tableIndex.reserveIdsGsh = 1
+grouper.tableIndex.reserveIdsDefault = 10
+grouper.tableIndex.reserveIdsLoader = 10
+grouper.tableIndex.reserveIdsWs = 10
+grouper.tableIndex.reserveIdsUi = 10
+
+# group who can assign id index cols (also, wheel or root is allowed)
+grouper.tableIndex.groupWhoCanAssignIdIndex = etc:canAssignIdIndex
+
+# number of bytes in DB that a non ascii char takes
+grouper.nonAsciiCharDbBytesLength = 3
+
+# cache size for jexl expressions
+jexl.cacheSize = 1024
+
+# when reading writing files from util classes, this is encoding (was ISO-8859-1)
+grouper.default.fileEncoding = UTF-8
+
+
+#####################################
+## testing settings
+#####################################
+
+# if the ldappc tests should be included when running all tests (default false)
+junit.test.ldappc = false
+
+# if the loader tests should be included when running all tests (default true)
+junit.test.loader = true
+
+# if the ddl tests should be included when running all tests (default true)
+junit.test.ddl = true
+
+# if the gsh tests should be included when running all tests (default false)
+junit.test.gsh = false
+
+# if the stress tests should be included when running all tests (default false)
+junit.test.stress = false
+
+# if the external subject tests should be included when running all tests, note you need the jabber attribute in the view (default false)
+junit.test.externalSubjects = false
+
+# if the group sync should be tested... note you need the demo server available to test this, or change some settings...
+junit.test.groupSync = false
+junit.test.groupSync.url = https://grouperdemo.internet2.edu/grouper-ws_v2_0_0/servicesRest
+junit.test.groupSync.user = remoteUser
+junit.test.groupSync.password = R:/pass/grouperDemoRemoteUser.pass
+#folder where the user can create/stem which the user can use to run tests
+junit.test.groupSync.folder = test2:whateverFolder
+#this is true unless testing to an older grouper which doesnt support this
+junit.test.groupSync.pushAddExternalSubjectIfNotExist = true
+junit.test.groupSync.createRemoteFolderIfNotExist = true
+junit.test.groupSync.remoteSourceId = grouperExternal
+junit.test.groupSync.remoteReadSubjectId = identifier
+junit.test.groupSync.remoteWriteSubjectId = identifier
+
+
+#####################################
+## attribute framework
+#####################################
+
+# root stem in grouper where built in attributes are put
+grouper.attribute.rootStem = etc:attribute
+
+# comma separated names of attribute defs will not be audited or change log or point in time
+grouper.attribute.namesOfAttributeDefsToIgnoreAuditsChangeLogPit.elConfig = ${edu.internet2.middleware.grouper.cfg.GrouperConfig.retrieveConfig().propertyValueStringRequired('grouper.attribute.rootStem')}:userData:grouperUserDataValueDef
+
+# if the attribute loader attributes, and other attributes should be autoconfigured (created, etc)
+grouper.attribute.loader.autoconfigure = true
+
+#####################################
+## centrally managed permissions
+#####################################
+
+# if the permissions limits should be readable and updatable by GrouperAll (set when created)...
+grouper.permissions.limits.builtin.createAs.public = true
+
+# if the permissions limits should be readable and updatable by GrouperAll (set when created)...
+grouper.permissions.limits.builtin.displayExtension.limitAmountLessThan = amount less than
+grouper.permissions.limits.builtin.displayExtension.limitAmountLessThanOrEqual = amount less than or equal to
+grouper.permissions.limits.builtin.displayExtension.limitExpression = Expression
+grouper.permissions.limits.builtin.displayExtension.limitIpOnNetworkRealm = ipAddress on network realm
+grouper.permissions.limits.builtin.displayExtension.limitIpOnNetworks = ipAddress on networks
+grouper.permissions.limits.builtin.displayExtension.limitLabelsContain = labels contains
+grouper.permissions.limits.builtin.displayExtension.limitWeekday9to5 = Weekday 9 to 5
+
+
+# el classes to add to the el context for a limitExpression.  Comma-separated fully qualified classnames
+grouper.permissions.limits.el.classes = 
+
+# permission limits linked to subclasses of edu.internet2.middleware.grouper.permissions.limits.PermissionLimitBase
+#grouper.permissions.limits.logic.someName.limitName = 
+#grouper.permissions.limits.logic.someName.logicClass = 
+
+# if you are doing ip address limits, you can put realms here
+# grouper.permissions.limits.realm.someName = 1.2.3.4/24, 2.3.4.5/16
+
+#####################################
+## External subjects
+#####################################
+
+#manages the description of a user automatically
+externalSubjects.desc.el = ${grouperUtil.appendPrefixIfStringNotBlank('[unverifiedInfo]', ' ', grouperUtil.appendIfNotBlankString(externalSubject.name, ' - ', externalSubject.institution))} [externalUserID] ${externalSubject.identifier}
+
+#search and sort strings added to member objects
+externalSubjects.searchAttribute0.el = ${subject.name},${subjectUtils.defaultIfBlank(subject.getAttributeValue("institution"), "")},${subjectUtils.defaultIfBlank(subject.getAttributeValue("identifier"), "")},${subject.id},${subjectUtils.defaultIfBlank(subject.getAttributeValue("email"), "")}
+externalSubjects.sortAttribute0.el = ${subject.name}
+externalSubjects.sortAttribute1.el = ${subjectUtils.defaultIfBlank(subject.getAttributeValue("identifier"), "")}
+externalSubjects.sortAttribute2.el = ${subjectUtils.defaultIfBlank(subject.getAttributeValue("institution"), "")}
+
+# false if the description should be managed via EL (config above)
+externalSubjects.desc.manual = false
+
+# quartz cron where subjects are recalculated if necessary (empty means dont run), e.g. everyday at 3am
+externalSubjects.calc.fields.cron = 0 0 3 * * ? 
+
+externalSubjects.name.required = true
+externalSubjects.email.required = false
+externalSubjects.email.enabled = true
+
+# these field names (uuid, institution, identifier, uuid, email, name) or attribute names 
+# will be toLowered, and appended with comma separators.  e.g. if you add attributes, add them here too
+externalSubjects.searchStringFields = name, institution, identifier, uuid, email
+
+externalSubjects.institution.required = false
+externalSubjects.institution.enabled = true
+
+# note, this must be only alphanumeric lower case or underscore
+# (valid db column name, subject attribute name)
+#externalSubjects.attributes.jabber.systemName = jabber
+#externalSubjects.attributes.jabber.required = false
+# comment on column in DB (no special characters allowed)
+#externalSubjects.attributes.jabber.comment = The jabber ID of the user
+
+# if wheel or root can edit external users
+externalSubjects.wheelOrRootCanEdit = true
+
+# group which is allowed to edit external users
+externalSubjects.groupAllowedForEdit = 
+
+# if the view on the external subjects should be created.  
+# turn this off if it doesnt compile, othrewise should be fine
+externalSubjects.createView = true
+
+#name of external subject source, defaults to grouperExternal
+externalSubject.sourceId = grouperExternal
+externalSubject.sourceName = External Users
+
+# grouper can auto create a jdbc2 source for the external subjects
+externalSubjects.autoCreateSource = true
+
+# put in fully qualified classes to add to the EL context.  Note that they need a default constructor
+# comma separated.  The alias will be the simple class name without a first cap.
+# e.g. if the class is test.Test the alias is "test"
+externalSubjects.customElClasses = 
+
+# change these to affect the storage where external subjects live (e.g. to store in ldap),
+# must implement each respective storable interface
+externalSubjects.storage.ExternalSubjectStorable.class = edu.internet2.middleware.grouper.externalSubjects.ExternalSubjectDbStorage
+externalSubjects.storage.ExternalSubjectAttributeStorable.class = edu.internet2.middleware.grouper.externalSubjects.ExternalSubjectAttributeDbStorage
+
+# you can use the variables $newline$, $inviteLink$.  Note, you need to change this default message...
+externalSubjectsInviteDefaultEmail = Hello,$newline$$newline$This is an invitation to register at our site to be able to access our applications.  This invitation expires in 7 days.  Click on the link below and sign in with your InCommon credentials.  If you do not have InCommon credentials you can register at a site like protectnetwork.org and use those credentials.$newline$$newline$$inviteLink$$newline$$newline$Regards.
+# default subject for email
+externalSubjectsInviteDefaultEmailSubject = Register to access applications
+
+# you can use the variables $newline$, $inviteeIdentifier$, $inviteeEmailAddress$.  Note, you need to change this default message...
+externalSubjectsNotifyInviterEmail = Hello,$newline$$newline$This is a notification that user $inviteeIdentifier$ from email address $inviteeEmailAddress$ has registered with the identity management service.  They can now use applications at this institution.$newline$$newline$Regards.
+externalSubjectsNotifyInviterSubject = $inviteeIdentifier$ has registered
+
+# numner of days after which this request will expire.  If -1, then will not expire
+externalSubjectsInviteExpireAfterDays = 7
+
+#put some group names comma separated for groups to auto add subjects to
+externalSubjects.autoaddGroups=
+#should be insert, or update, or insert,update
+externalSubjects.autoaddGroupActions=insert,update
+#if a number is here, expire the group assignment after a certain number of days
+externalSubjects.autoaddGroupExpireAfterDays=
+
+# add multiple group assignment actions by URL param: externalSubjectInviteName
+#externalSubjects.autoadd.testingLibrary.externalSubjectInviteName=library
+
+# comma separated groups to add for this type of invite
+#externalSubjects.autoadd.testingLibrary.groups=
+
+# should be insert, update, or insert,update
+#externalSubjects.autoadd.testingLibrary.actions=insert,update
+
+# should be insert, update, or insert,update
+#externalSubjects.autoadd.testingLibrary.expireAfterDays=
+
+#if registrations are only allowed if invited or existing...
+externalSubjects.registerRequiresInvite=true
+
+#make sure the identifier when logging in is like an email address or eppn, e.g. username@school.edu
+externalSubjects.validateIndentiferLikeEmail=true
+
+#put regexes here, increment the 0 for multiple entries, e.g. restrict your own institution
+#note, the extensions must be sequential (dont skip), regex e.g. ^.*@myschool\\.edu$
+externalSubjects.regexForInvalidIdentifier.0=
+
+#####################################
+## org management
+#####################################
+
+# if the orgs table(s) should be included in the DDL (includes the hierarchical table
+orgs.includePocOrgsTablesInDdl = false
+
+# loader connection of the database where orgs are (grouper means the grouper db in grouper.hibernate.properties)
+orgs.databaseName = grouper
+
+#table name of the org table (can prefix by schema name if you like)
+orgs.orgTableName = grouperorgs_poc_orgs
+
+#column names of this table
+orgs.orgIdCol = id
+orgs.orgNameCol = org_name
+orgs.orgDisplayNameCol = org_display_name
+orgs.orgParentIdCol = parent_id
+
+#stem where the orgs are, e.g. poc:orgs
+orgs.parentStemName = poc:orgs
+
+#org config name
+orgs.configGroupName = poc:orgs:orgsConfig
+
+######################################
+## Grouper client connections
+## if this grouper needs to talk to another grouper, this is the client connection information
+######################################
+
+
+# id of the source, should match the part in the property name
+#grouperClient.someOtherSchool.id = someOtherSchool
+
+# url of web service, should include everything up to the first resource to access
+# e.g. https://groups.school.edu/grouperWs/servicesRest
+#grouperClient.someOtherSchool.properties.grouperClient.webService.url = https://some.other.school.edu/grouperWs/servicesRest
+
+# login ID
+#grouperClient.someOtherSchool.properties.grouperClient.webService.login = someRemoteLogin
+
+# password for shared secret authentication to web service
+# or you can put a filename with an encrypted password
+#grouperClient.someOtherSchool.properties.grouperClient.webService.password = *********
+
+# client version should match or be related to the server on the other end...
+#grouperClient.someOtherSchool.properties.grouperClient.webService.client.version = v2_0_000
+
+# this is the subject to act as local, if blank, act as GrouperSystem, specify with SubjectFinder packed string, e.g.
+# subjectIdOrIdentifier  or  sourceId::::subjectId  or  ::::subjectId  or  sourceId::::::subjectIdentifier  or  ::::::subjectIdentifier
+# sourceId::::::::subjectIdOrIdentifier  or  ::::::::subjectIdOrIdentifier
+#grouperClient.someOtherSchool.localActAsSubject = 
+
+# the id of this source, generally the same as the name in the property name.  This is mandatory
+#grouperClient.someOtherSchool.source.jdbc.id = jdbc
+
+# the part between "grouperClient.someOtherSchool.source." and ".id" links up the configs, 
+# in this case, "jdbc", make sure it has no special chars.  sourceId can be blank if you dont want to specify
+#grouperClient.someOtherSchool.source.jdbc.local.sourceId = jdbc
+
+# this is the identifier that goes between them, it is "id" or an attribute name.  subjects without this attribute will not be processed
+#grouperClient.someOtherSchool.source.jdbc.local.read.subjectId = identifier
+
+# this is the identifier to lookup to add a subject, should be "id" or "identifier" or "idOrIdentifier"
+#grouperClient.someOtherSchool.source.jdbc.local.write.subjectId = identifier
+
+# sourceId of the remote system, can be blank
+#grouperClient.someOtherSchool.source.jdbc.remote.sourceId = jdbc
+
+# this is the identifier that goes between them, it is "id" or an attribute name.  subjects without this attribute will not be processed
+#grouperClient.someOtherSchool.source.jdbc.remote.read.subjectId = 
+
+# this is the identifier to lookup to add a subject, should be "id" or "identifier" or "idOrIdentifier"
+#grouperClient.someOtherSchool.source.jdbc.remote.write.subjectId = 
+
+
+
+
+######################################
+## Sync to/from another grouper
+## Only sync one group to one other group, do not sync one group to
+## two report groupers.  If you need to do this, add the group to another group
+######################################
+
+# we need to know where our
+# connection name in grouper client connections above
+#syncAnotherGrouper.testGroup0.connectionName = someOtherSchool
+
+# incremental  or  push  or   pull  or  incremental_push.  Note, incremental push is cron'ed and incremental (to make sure no discrepancies arise)
+#syncAnotherGrouper.testGroup0.syncType = incremental_push
+
+# quartz cron  to schedule the pull or push (incremental is automatic as events happen) (e.g. 5am daily)
+#syncAnotherGrouper.testGroup0.cron =  0 0 5 * * ?
+
+# local group which is being synced
+#syncAnotherGrouper.testGroup0.local.groupName = test:testGroup
+
+# remote group at another grouper which is being synced
+#syncAnotherGrouper.testGroup0.remote.groupName = test2:testGroup2
+
+# if subjects are external and should be created if not exist
+#syncAnotherGrouper.testGroup0.addExternalSubjectIfNotFound = true
+
+
+
+###################################
+## user data settings
+###################################
+
+# amount of time to cache groups in use
+grouperUserData.group.cache.seconds = 120
+
+
+######################################
+## Legacy attributes
+######################################
+legacyAttribute.baseStem=etc:legacy:attribute
+legacyAttribute.groupTypeDef.prefix=legacyGroupTypeDef_
+legacyAttribute.attributeDef.prefix=legacyAttributeDef_
+legacyAttribute.customListDef.prefix=legacyCustomListDef_
+legacyAttribute.groupType.prefix=legacyGroupType_
+legacyAttribute.attribute.prefix=legacyAttribute_
+legacyAttribute.customList.prefix=legacyCustomList_
+legacyAttributeMigration.useThreads = true
+legacyAttributeMigration.threadPoolSize = 20
+
+
+######################################
+## Point in time audit
+######################################
+pit.sync.useThreads = true
+pit.sync.threadPoolSize = 20
+
+
+######################################
+## Stem sets
+######################################
+stemSet.sync.useThreads = true
+stemSet.sync.threadPoolSize = 20
+
+
+######################################
+## Group sets
+######################################
+groupSet.sync.useThreads = true
+groupSet.sync.threadPoolSize = 20
+
+########################
+## LDAPProvisioningHook
+########################
+#LDAPProvisioningHook.exclude.regex.0=.*_excludes$
+#LDAPProvisioningHook.exclude.regex.1=.*_includes$
+#LDAPProvisioningHook.exclude.regex.2=.*_systemOfRecord$
+#LDAPProvisioningHook.exclude.regex.3=.*_systemOfRecordAndIncludes$
+
+#########################################
+## Unresolvable Subject Deletion Utility
+#########################################
+
+# Don't do anything if more than this number of unresolvable subjects are found
+usdu.failsafe.maxUnresolvableSubjects = 200
+
+
+################# DIAGNOSTICS ##################
+# In UI and WS
+
+#if ignore tests.  Note, in job names, invalid chars need to be replaced with underscore (e.g. colon)
+#anything in this regex: [^a-zA-Z0-9._-]
+ws.diagnostic.ignore.memoryTest = false
+ws.diagnostic.ignore.dbTest_grouper = false
+ws.diagnostic.ignore.source_jdbc = false
+ws.diagnostic.ignore.loader_CHANGE_LOG_changeLogTempToChangeLog = false
+
+#this is 52 hours... 48 for 2 days, and 4 more for the job to run.  So if the warehouse is down for updates,
+#then the daily job will not give an error
+ws.diagnostic.defaultMinutesSinceLastSuccess = 3120
+
+#change log can only for 30 minutes of failing before diagnostics fails
+ws.diagnostic.defaultMinutesChangeLog = 30
+
+#number of minute that can go by without a success before an error is thrown
+ws.diagnostic.minutesSinceLastSuccess.loader_SQL_GROUP_LIST__aStem_aGroup2 = 60
+
+#list groups which should check the size, in this case, "employee" or "students" in the key name is a variable
+#ws.diagnostic.checkGroupSize.employees.groupName = community:employees
+#ws.diagnostic.checkGroupSize.employees.minSize = 28000
+
+#ws.diagnostic.checkGroupSize.students.groupName = community:students
+#ws.diagnostic.checkGroupSize.students.minSize = 18000
+

http://git-wip-us.apache.org/repos/asf/airavata/blob/89e0fdc8/modules/group-manager/src/main/resources/grouper.client.base.properties
----------------------------------------------------------------------
diff --git a/modules/group-manager/src/main/resources/grouper.client.base.properties b/modules/group-manager/src/main/resources/grouper.client.base.properties
new file mode 100755
index 0000000..cf78604
--- /dev/null
+++ b/modules/group-manager/src/main/resources/grouper.client.base.properties
@@ -0,0 +1,552 @@
+#
+# Copyright 2014 Internet2
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+#
+# Grouper client configuration
+# $Id: grouper.client.base.properties,v 1.24 2009-12-30 04:23:02 mchyzer Exp $
+#
+
+# The grouper client uses Grouper Configuration Overlays (documented on wiki)
+# By default the configuration is read from grouper.client.base.properties
+# (which should not be edited), and the grouper.client.properties overlays
+# the base settings.  See the grouper.client.base.properties for the possible
+# settings that can be applied to the grouper.client.properties
+
+########################################
+## LDAP connection settings
+########################################
+
+# url of directory, including the base DN (distinguished name)
+# e.g. ldap://server.school.edu/dc=school,dc=edu
+# e.g. ldaps://server.school.edu/dc=school,dc=edu
+grouperClient.ldap.url = 
+
+# kerberos principal used to connect to ldap
+grouperClient.ldap.login = 
+
+# password for shared secret authentication to ldap
+# or you can put a filename with an encrypted password
+grouperClient.ldap.password = 
+
+########################################
+## Web service Connection settings
+########################################
+
+# url of web service, should include everything up to the first resource to access
+# e.g. http://groups.school.edu:8090/grouper-ws/servicesRest
+# e.g. https://groups.school.edu/grouper-ws/servicesRest
+grouperClient.webService.url = 
+
+# kerberos principal used to connect to web service
+grouperClient.webService.login = 
+
+# password for shared secret authentication to web service
+# or you can put a filename with an encrypted password
+grouperClient.webService.password = 
+
+########################################
+## Config chaining hierarchy
+########################################
+
+# comma separated config files that override each other (files on the right override the left)
+# each should start with file: or classpath:
+# e.g. classpath:grouper.client.example.properties, file:c:/something/myconfig.properties
+grouperClient.config.hierarchy = classpath:grouper.client.base.properties, classpath:grouper.client.properties
+
+# seconds between checking to see if the config files are updated
+grouperClient.config.secondsBetweenUpdateChecks = 60
+
+########################################
+## Misc settings
+########################################
+
+# path of a writable directory where files can be created or stored
+# for example, cache of discovery configuration, or failover state
+# dot is the current directory...  note, this directory must exist
+# or it will be created (attempted)
+# if this is blank, none of these features will be used, and 
+# no files will be saved
+grouperClient.cacheDirectory = .
+
+########################################
+## Encrypted password settings
+########################################
+
+# Put a random alphanumeric string (Case sensitive) for the password encryption.  e.g. fh43IRJ4Nf5
+# or put a filename where the random alphanumeric string is.  
+# e.g. c:/whatever/key.txt
+# e.g. sdfklj24lkj34lk34
+encrypt.key = 
+
+# set this to true if you have slashes in your passwords and dont want to look in external files or unencrypt
+encrypt.disableExternalFileLookup = false 
+
+# pre grouper 2.0, the client encrypted passwords differently than the server.  Now that the client is part of the server,
+# there are more reasons to be consistent.  Change to false for pre-2.0 password encryption behavior
+encrypt.encryptLikeServer = true
+
+########################################
+## Logging
+########################################
+
+# For java.util.logging, only for the grouperClient package (not below)
+# from java java.util.logging.Level class: ALL, CONFIG, FINE, FINER, FINEST, OFF, SEVERE, WARNING 
+grouperClient.logging.grouperClientOnly.logLevel = WARNING
+
+# If you are not using log4j (will use java.util.logging, you can turn logging on which will go to stderr 
+# (if no file specified below).  This is default log level
+# from java java.util.logging.Level class: ALL, CONFIG, FINE, FINER, FINEST, OFF, SEVERE, WARNING 
+grouperClient.logging.logLevel = WARNING
+
+# If you dont want the logging to go to stderr, then put a log file location here: e.g. f:/temp/grouperClient.log
+grouperClient.logging.logFile = 
+
+# if you want ws requests and responses being logged to files, put the directory here.  
+# The grouper client will create subdirs
+grouperClient.logging.webService.documentDir = 
+
+# try to indent the xml.  If this fails for some reason, or you want the raw xml, 
+# set to false
+grouperClient.logging.webService.indent = true
+
+# if the masked password should be logged (if false, dont log anything about password)
+# the masked password will show how many chars the password is (helpful for diagnosing 
+# password encryption issues)
+grouperClient.logging.logMaskedPassword = false
+
+########################################
+## Service discovery settings
+########################################
+
+# number of minutes to remember that a connection had errors
+grouperClient.minutesToKeepErrors = 2
+
+# if you are using a discovery service, but a discovery properties
+# at a URL (preferably SSL with valid certificate)
+# you should have multiple discovery URLs hosted at independent locations
+# to add more, increment the integer
+grouperClient.urlOfDiscovery.0 = 
+grouperClient.urlOfDiscovery.1 = 
+
+# if your app has a slow startup time, and the initial connections are timing out
+# esp if you arent just using the command line client (e.g. if using it as a jar), 
+# then add more time here
+grouperClient.secondsForClassesToLoad = 20
+
+# this will save the failover state to a file so if the JVM is stopped, it 
+# will be there when it starts again.  
+# Set to 0 to store on every use (recommended if used command line)
+# or set to -1 to not store or read ever
+# grouperClient.cacheDirectory must be set
+grouperClient.saveFailoverStateEverySeconds = 60
+
+# if the failover client should use threads.  If it doesnt then you cant detect timeouts
+grouperClient.failoverClientUseThreads = true
+
+# this will cache the discovery properties in memory or on disk
+# if you want to cache the discovery properties locally, put a directory here:
+# this is recommended especially if you are using the grouper client as a command
+# line application and the process is constantly restarting
+# note, this will be used for a failsafe cache if all discovery servers are unavailable
+# grouperClient.cacheDirectory must be set
+# set to 0 or -1 to not cache
+grouperClient.cacheDiscoveryPropertiesForSeconds = 120
+
+# this is the path in the discovery server there the grouper.client.discovery.properties is
+grouperClient.discoveryGrouperClientPropertiesDirectory = 
+
+####
+## Below here are default values and override values for the discovery 
+## properties at your institution.  Note: if the override keys are there
+## with no value then it will blank out the discovery service value
+####
+
+# default urls of directory, including the base DN (distinguished name)
+# add more properties and increment the integer (.1, .2, etc)
+# e.g. ldap://server.school.edu/dc=school,dc=edu
+# e.g. ldaps://server.school.edu/dc=school,dc=edu
+grouperClient.discoveryDefault.ldap.0.url = 
+#grouperClient.discoveryOverride.ldap.0.url = 
+
+# default active/active or active/standby
+# active/active will pick a server randomly,
+# and will stick with it for as long as the affinity is set
+# active/standby will always use the first connection 
+# if no errors, then try the second one etc.
+# if a connection has more errors and has a higher priority,
+# then it will not be tried again until the 
+# takeConnectionOutOfPoolOnErrorForSeconds timeout
+# passes
+grouperClient.discoveryDefault.ldap.loadBalancing = active/active
+#grouperClient.discoveryOverride.ldap.loadBalancing = active/active
+
+# if we are active/active, then the same connection will
+# be used for a certain number of seconds.  If this is -1, then 
+# always keep the same server (unless errors)
+grouperClient.discoveryDefault.ldap.affinitySeconds = 28800
+#grouperClient.discoveryOverride.ldap.affinitySeconds = 28800
+
+# if a connection has more errors than another, it will not be
+# used until this error timeout passes (unless the other is throwing errors
+# too)
+grouperClient.discoveryDefault.ldap.lowerConnectionPriorityOnErrorForMinutes = 3
+#grouperClient.discoveryOverride.ldap.lowerConnectionPriorityOnErrorForMinutes = 3
+
+# when a connection is attempted, this is the timeout that it will use before trying
+# another connection
+grouperClient.discoveryDefault.ldap.timeoutSeconds = 30
+#grouperClient.discoveryOverride.ldap.timeoutSeconds = 30
+
+# after all connections have been attempted, it will wait for this long
+# to see if any finish
+grouperClient.discoveryDefault.ldap.extraTimeoutSeconds = 15
+#grouperClient.discoveryOverride.ldap.extraTimeoutSeconds = 15
+
+# urls of web service, should include everything up to the first resource to access
+# this is for read or write operations
+# add more properties and increment the integer (.1, .2, etc)
+# e.g. http://groups.school.edu:8090/grouper-ws/servicesRest
+# e.g. https://groups.school.edu/grouper-ws/servicesRest
+grouperClient.discoveryDefault.webService.readWrite.0.url = 
+#grouperClient.discoveryOverride.webService.readWrite.0.url = 
+
+# url of web service, should include everything up to the first resource to access
+# this is for only read operations
+# add more properties and increment the integer (.1, .2, etc)
+# e.g. http://groups.school.edu:8090/grouper-ws/servicesRest
+# e.g. https://groups.school.edu/grouper-ws/servicesRest
+grouperClient.discoveryDefault.webService.readOnly.0.url = 
+#grouperClient.discoveryOverride.webService.readOnly.0.url = 
+
+# active/active or active/standby
+# active/active will pick a server randomly,
+# and will stick with it for as long as the affinity is set
+# active/standby will always use the first connection 
+# if no errors, then try the second one etc.
+# if a connection has more errors and has a higher priority,
+# then it will not be tried again until the 
+# takeConnectionOutOfPoolOnErrorForSeconds timeout
+# passes
+grouperClient.discoveryDefault.webService.loadBalancing = active/active
+#grouperClient.discoveryOverride.webService.loadBalancing = active/active
+
+# if you want to always try read/write before readOnly (i.e. if you are
+# worried about if you make a write and read right after each other)
+grouperClient.discoveryDefault.webService.preferReadWrite = true
+#grouperClient.discoveryOverride.webService.preferReadWrite = true
+
+# if we are active/active, then the same connection will
+# be used for a certain number of seconds.  If this is -1, then 
+# always keep the same server (unless errors)
+grouperClient.discoveryDefault.webService.affinitySeconds = 28800
+#grouperClient.discoveryOverride.webService.affinitySeconds = 28800
+
+# if a connection has more errors than another, it will not be
+# used until this error timeout passes (unless the other is throwing errors
+# too)
+grouperClient.discoveryDefault.webService.lowerConnectionPriorityOnErrorForMinutes = 3
+#grouperClient.discoveryOverride.webService.lowerConnectionPriorityOnErrorForMinutes = 3
+
+# when a connection is attempted, this is the timeout that it will use before trying
+# another connection
+grouperClient.discoveryDefault.webService.timeoutSeconds = 60
+#grouperClient.discoveryOverride.webService.timeoutSeconds = 60
+
+# after all connections have been attempted, it will wait for this long
+# to see if any finish
+grouperClient.discoveryDefault.webService.extraTimeoutSeconds = 30
+#grouperClient.discoveryOverride.webService.extraTimeoutSeconds = 30
+
+
+
+####################################################################################
+####################################################################################
+#### Institutional and advanced settings
+####################################################################################
+####################################################################################
+
+#######################################
+## output templates
+#######################################
+
+webService.addMember.output = Index ${index}: success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: ${wsSubject.id}$newline$
+webService.getMembers.output = GroupIndex ${groupIndex}: success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: group: ${wsGroup.name}: subjectIndex: ${subjectIndex}: ${wsSubject.id}$newline$
+webService.deleteMember.output = Index ${index}: success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: ${wsSubject.id}$newline$
+webService.hasMember.output = Index ${index}: success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: ${wsSubject.id}: ${hasMember}$newline$
+webService.getGroups.output = SubjectIndex ${subjectIndex}: success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: subject: ${wsSubject.id}: groupIndex: ${groupIndex}: ${wsGroup.name}$newline$
+webService.groupSave.output = Success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: ${wsGroup.name}$newline$
+webService.stemSave.output = Success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: ${wsStem.name}$newline$
+webService.groupDelete.output = Index ${index}: success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: ${wsGroup.name}$newline$
+webService.stemDelete.output = Index ${index}: success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: ${wsStem.name}$newline$
+webService.getGrouperPrivilegesLite.output = Index ${index}: success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: ${objectType}: ${objectName}: subject: ${wsSubject.id}: ${wsGrouperPrivilegeResult.privilegeType}: ${wsGrouperPrivilegeResult.privilegeName}$newline$
+webService.assignGrouperPrivileges.output = Index: ${index}, success: ${resultMetadata.success}, code: ${resultMetadata.resultCode}, ${objectType}: ${objectName}, subject: ${wsSubject.id}, ${wsAssignGrouperPrivilegesResult.privilegeType}: ${wsAssignGrouperPrivilegesResult.privilegeName}$newline$
+webService.assignGrouperPrivilegesLite.output = Success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: ${objectType}: ${objectName}: subject: ${wsSubject.id}: ${wsAssignGrouperPrivilegesLiteResult.privilegeType}: ${wsAssignGrouperPrivilegesLiteResult.privilegeName}$newline$
+webService.findGroups.output = Index ${index}: name: ${wsGroup.name}, displayName: ${wsGroup.displayName}$newline$
+webService.findStems.output = Index ${index}: name: ${wsStem.name}, displayName: ${wsStem.displayName}$newline$
+webService.memberChangeSubject.output = Success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: oldSubject: ${wsSubjectOld.id}, newSubject: ${wsSubjectNew.id}$newline$
+webService.getMemberships.output = Index: ${index}: ${type}: ${ownerName}, subject: ${wsSubject.id}, list: ${wsMembership.listName}, type: ${wsMembership.membershipType}, enabled: ${wsMembership.enabled}$newline$
+webService.getSubjects.output = Index: ${index}: success: ${success}, code: ${wsSubject.resultCode}, subject: ${wsSubject.id}$newline$
+webService.getAttributeAssignments.output = Index: ${index}: attributeAssignType: ${wsAttributeAssign.attributeAssignType}, owner: ${ownerName}, attributeDefNameName: ${wsAttributeDefName.name}, action: ${wsAttributeAssign.attributeAssignActionName}, values: ${valuesString}, enabled: ${wsAttributeAssign.enabled}, id: ${wsAttributeAssign.id}$newline$
+webService.getAttributeAssignActions.output = Index: ${index}: nameOfAttributeDef: ${wsAttributeAssignActionTuple.nameOfAttributeDef}, action: ${wsAttributeAssignActionTuple.action}$newline$
+webService.assignAttributes.output = Index: ${index}: attributeAssignType: ${wsAttributeAssign.attributeAssignType}, owner: ${ownerName}, attributeDefNameName: ${wsAttributeDefName.name}, action: ${wsAttributeAssign.attributeAssignActionName}, values: ${valuesString}, enabled: ${wsAttributeAssign.enabled}, id: ${wsAttributeAssign.id}, changed: ${wsAssignAttributeResult.changed}, deleted: ${wsAssignAttributeResult.deleted}, valuesChanged: ${wsAssignAttributeResult.valuesChanged}$newline$
+webService.assignAttributesBatch.output = Index: ${assignIndex}, itemIndex: ${assignItemIndex}: attributeAssignType: ${wsAttributeAssign.attributeAssignType}, owner: ${ownerName}, attributeDefNameName: ${wsAttributeDefName.name}, action: ${wsAttributeAssign.attributeAssignActionName}, values: ${valuesString}, enabled: ${wsAttributeAssign.enabled}, id: ${wsAttributeAssign.id}, changed: ${wsAssignAttributeBatchResult.changed}, deleted: ${wsAssignAttributeBatchResult.deleted}, valuesChanged: ${wsAssignAttributeBatchResult.valuesChanged}$newline$
+webService.getPermissionAssignments.output = Index: ${index}: permissionType: ${wsPermissionAssign.permissionType}, role: ${wsPermissionAssign.roleName}, subject: ${wsPermissionAssign.sourceId} - ${wsPermissionAssign.subjectId}, attributeDefNameName: ${wsPermissionAssign.attributeDefNameName}, action: ${wsPermissionAssign.action}, allowedOverall: ${wsPermissionAssign.allowedOverall}, enabled: ${wsPermissionAssign.enabled}$newline$
+webService.assignPermissions.output = Index: ${index}: permissionType: ${permissionType}, owner: ${ownerName}, permissionDefNameName: ${wsAttributeDefName.name}, action: ${wsAttributeAssign.attributeAssignActionName}, disallowed: ${wsAttributeAssign.disallowed}, enabled: ${wsAttributeAssign.enabled}, attributeAssignId: ${wsAttributeAssign.id}, changed: ${wsAssignPermissionResult.changed}, deleted: ${wsAssignPermissionResult.deleted}$newline$
+webService.assignAttributeDefNameInheritance.output = Success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}, message: ${resultMetadata.resultMessage}$newline$
+webService.attributeDefNameSave.output = Success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: ${wsAttributeDefName.name}$newline$
+webService.attributeDefNameDelete.output = Index ${index}: success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: ${wsAttributeDefName.name}$newline$
+webService.findAttributeDefNames.output = Index ${index}: name: ${wsAttributeDefName.name}, displayName: ${wsAttributeDefName.displayName}$newline$
+webService.assignAttributeDefActions.output=Index ${index}: nameOfAttributeDef: ${nameOfAttributeDef}, action: ${actionWithOperation.action}, status: ${actionWithOperation.status}$newline$
+
+#######################################
+## ldap queries
+#######################################
+
+# operation name
+ldapSearchAttribute.operationName.0 = pennnameToPennid
+ldapSearchAttribute.ldapName.0 = ou=pennnames
+ldapSearchAttribute.matchingAttributes.0 = pennname
+ldapSearchAttribute.matchingAttributeLabels.0 = pennnameToDecode
+ldapSearchAttribute.returningAttributes.0 = pennid
+ldapSearchAttribute.outputTemplate.0 = pennid: ${pennid}
+ldapSearchAttribute.resultType.0 = STRING
+
+ldapSearchAttribute.operationName.1 = pennidToPennname
+ldapSearchAttribute.ldapName.1 = ou=pennnames
+ldapSearchAttribute.matchingAttributes.1 = pennid
+ldapSearchAttribute.matchingAttributeLabels.1 = pennidToDecode
+ldapSearchAttribute.returningAttributes.1 = pennname
+ldapSearchAttribute.outputTemplate.1 = pennname: ${pennname}
+ldapSearchAttribute.resultType.1 = STRING
+
+ldapSearchAttribute.operationName.2 = hasMemberLdap
+ldapSearchAttribute.ldapName.2 = ou=groups
+ldapSearchAttribute.matchingAttributes.2 = cn, hasMember
+ldapSearchAttribute.matchingAttributeLabels.2 = groupName, pennnameToCheck
+ldapSearchAttribute.returningAttributes.2 = cn
+ldapSearchAttribute.outputTemplate.2 = hasMember: ${resultBoolean}
+ldapSearchAttribute.resultType.2 = BOOLEAN
+
+ldapSearchAttribute.operationName.3 = getMembersLdap
+ldapSearchAttribute.ldapName.3 = ou=groups
+ldapSearchAttribute.matchingAttributes.3 = cn
+ldapSearchAttribute.matchingAttributeLabels.3 = groupName
+ldapSearchAttribute.returningAttributes.3 = hasMember
+ldapSearchAttribute.outputTemplate.3 = ${resultString}$newline$
+ldapSearchAttribute.resultType.3 = STRING_LIST
+
+########################################
+## Custom operations
+## Implement the interface ClientOperation, put it in the jar
+## Increment the int index for multiples (must be in order)
+########################################
+
+#customOperation.name.0 = cosignLikeWebsec
+#customOperation.class.0 = edu.upenn.isc.grouperClient.CosignLikeWebsecOperation
+
+
+########################################
+## Authentication settings
+########################################
+
+# user prefix
+grouperClient.ldap.user.prefix = uid=
+
+# user suffix
+grouperClient.ldap.user.suffix = ,ou=entities,dc=upenn,dc=edu
+
+# config name for the ldap user name between prefix and suffix
+grouperClient.ldap.user.label = login
+
+# config name for the webService user name between prefix and suffix
+grouperClient.webService.user.label = login
+
+########################################
+## Web service settings
+########################################
+
+# web service client version
+grouperClient.webService.client.version = v2_2_000
+
+# socket timeout
+grouperClient.webService.httpSocketTimeoutMillis = 90000
+
+# connection manager timeout
+grouperClient.webService.httpConnectionManagerTimeoutMillis = 90000
+
+# ignore extraneous xml fields from server (e.g. on server upgrade, when the client isnt upgraded)
+# if you dont ignore, and there is an extraneous field which is not omitted (below), then an exception 
+# will be thrown
+grouperClient.webService.ignoreExtraneousXmlFields = true
+
+# register fields to be ignored with xstream.  this is useful if you are not
+# ignoring extraneous fields (above), but know that there are a few to be ignored
+# place them here with fully qualified classname dont property name, comma separated
+# e.g. edu.internet2.middleware.grouperClient.ws.beans.WsResponseMeta.millis, edu.internet2.middleware.grouperClient.ws.beans.WsResponseMeta.millis2
+grouper.webService.omitXmlProperties = 
+
+########################################
+## Misc
+########################################
+
+# if there are extra command line args, should we fail or just log?
+grouperClient.failOnExtraCommandLineArgs = true
+
+# you can have aliases for subjectId and subjectIdentifer in command line args 
+# (though subjectId will still be allowed, but you cant pass both)
+# if this value is pennIds, then e.g. for addMemberWs, you can use --pennIds=123,234
+# instead of --subjectIds=123,345
+grouperClient.alias.subjectIds = 
+
+# if this value is pennKeys, then e.g. for addMemberWs, you can use --pennKeys=abc,bcd
+# instead of --subjectIdentifiers=abc,bcd
+grouperClient.alias.subjectIdentifiers = 
+
+# if this value is pennId, then e.g. for getGrouperPrivilegesLite, you can use --pennId=123
+# instead of --subjectId=123
+grouperClient.alias.subjectId = 
+
+# if this value is pennKey, then e.g. for getGrouperPrivilegesLite, you can use --pennKey=abc
+# instead of --subjectIdentifiers=abc
+grouperClient.alias.subjectIdentifier = 
+
+# if this value is PennId, then e.g. for addMemberWs, you can use --actAsPennId=123
+# instead of --actAsSubjectId=abc,bcd
+grouperClient.alias.SubjectId = 
+
+# if this value is PennKey, then e.g. for addMemberWs, you can use --actAsPennKey=abc
+# instead of --actAsSubjectIdentifier=abc
+grouperClient.alias.SubjectIdentifier = 
+
+# the encoding used to read config files
+grouperClient.config.encoding = UTF-8
+
+# this should probably be changed to UTF-8 for international charsets... for US it can be: ISO-8859-1
+grouperClient.default.fileEncoding = UTF-8
+
+# to not require valid SSL, use: edu.internet2.middleware.grouperClient.ssl.EasySslSocketFactory
+grouperClient.https.customSocketFactory = 
+
+# to not require valid SSL, use: edu.internet2.middleware.grouperClient.ssl.BlindSslSocketFactory
+grouperClient.ldaps.customSocketFactory = 
+
+
+##############################
+## Kuali Identity settings
+##############################
+
+kuali.identity.source.0 = jdbc
+kuali.identity.nameAttribute.0 = name
+kuali.identity.identifierAttribute.0 = loginid
+
+# separate a sourceId from a subjectId or sourceId
+kuali.identity.sourceSeparator = ::::
+
+
+########################################
+## JDBC settings
+########################################
+
+# default database connection name
+grouperClient.jdbc.defaultName = default
+
+# the part between jdbc. and the last . is the name of the connection, in this case "default"
+# e.g. mysql:           com.mysql.jdbc.Driver
+# e.g. p6spy (log sql): com.p6spy.engine.spy.P6SpyDriver
+#   for p6spy, put the underlying driver in spy.properties
+# e.g. oracle:          oracle.jdbc.driver.OracleDriver
+# e.g. hsqldb:          org.hsqldb.jdbcDriver
+# e.g. postgres:        org.postgresql.Driver
+# e.g. mssql:           com.microsoft.sqlserver.jdbc.SQLServerDriver
+grouperClient.jdbc.default.driver = oracle.jdbc.driver.OracleDriver
+
+# e.g. mysql:           jdbc:mysql://localhost:3306/grouper
+# e.g. p6spy (log sql): [use the URL that your DB requires]
+# e.g. oracle:          jdbc:oracle:thin:@server.school.edu:1521:sid
+# e.g. hsqldb (a):      jdbc:hsqldb:dist/run/grouper;create=true
+# e.g. hsqldb (b):      jdbc:hsqldb:hsql://localhost:9001/grouper
+# e.g. postgres:        jdbc:postgresql://localhost:5432/database
+# e.g. mssql:           jdbc:sqlserver://localhost:3280
+grouperClient.jdbc.default.url = jdbc:oracle:thin:@server.school.edu:1521:sid
+grouperClient.jdbc.default.user = some_schema
+grouperClient.jdbc.default.pass = abc123
+
+
+
+################################
+## AWS settings
+################################
+
+# sqs settings
+grouperClient.awsAccessKey = ABC123
+grouperClient.awsSecretKey = xyz789
+grouperClient.awsSqsQueueUrl = https://sqs.region.amazonaws.com/1234/queue_name
+
+
+################################
+## ESB settings
+################################
+
+## if you want to encrypt messages, set this to an implementation of edu.internet2.middleware.grouperClient.encryption.GcEncryptionInterface
+esb.consumer.encryptionImplementation = edu.internet2.middleware.grouperClient.encryption.GcSymmetricEncryptAesCbcPkcs5Padding
+## this is a key or could be encrypted in a file as well like other passwords
+## generate a key with: java -cp grouperClient.jar edu.internet2.middleware.grouperClient.encryption.GcGenerateKey 
+## number these if there are multiple
+#esb.consumer.encryptionKey.0 = abc123
+
+
+################################
+## XMPP client settings
+## Note: you need the smack.jar in your classpath, see the grouper xmpp wiki for usage
+## https://spaces.internet2.edu/display/Grouper/Grouper+XMPP+notifications+v1.6.0
+################################
+
+
+## general xmpp configuration
+grouperClient.xmpp.server.host = jabber.school.edu
+grouperClient.xmpp.server.port = 5222
+grouperClient.xmpp.user = username
+# note, pass can be in an external file with morphstring
+grouperClient.xmpp.pass = 
+grouperClient.xmpp.resource = grouperClient
+# note, you need the exact id and resource here or it wont match
+grouperClient.xmpp.trustedMessagesFromJabberIds = user@school.edu/resource, user2@school.edu/resource2
+
+# if true, then each quartz trigger name will be unique
+# do this for atlassian since it doesnt do quartz right, and wont delete or reuse old triggers
+grouperClient.xmpp.uniqueQuartzTriggerNames = false
+
+# if true, send this to smack, if we should debug.  not sure if it does anything
+grouperClient.xmpp.debuggerEnabled = false
+
+grouperClient.xmpp.job.myJobName.groupNames = test:xmppGroups:test1
+grouperClient.xmpp.job.myJobName.allowIncrementalNotInGroupNamesList = false
+grouperClient.xmpp.job.myJobName.handlerClass = edu.internet2.middleware.grouperClientExt.xmpp.GrouperClientXmppFileHandler
+# set this to reload_group or incremental if not reload on each event
+grouperClient.xmpp.job.myJobName.eventAction = incremental
+# how often a full refresh should occur regardless of events
+grouperClient.xmpp.job.myJobName.fullRefreshQuartzCronString = 0 0 5 * * ?
+grouperClient.xmpp.job.myJobName.fileHandler.targetFile = c:/temp/targetFile.txt
+grouperClient.xmpp.job.myJobName.fileHandler.filePrefix = c:/temp/filePrefix.txt
+grouperClient.xmpp.job.myJobName.fileHandler.iteratorEl = ${subject.attribute['pennname']}$space$
+grouperClient.xmpp.job.myJobName.fileHandler.fileSuffix = c:/temp/fileSuffix.txt
+grouperClient.xmpp.job.myJobName.subjectAttributeNames = pennname
+# subjects wont notify in not in these sources, comma separated, or blank for all
+grouperClient.xmpp.job.myJobName.requireSources = pennperson
+# subjects wont notify if they dont have a non blank value for these attributes, or blank for all
+grouperClient.xmpp.job.myJobName.requireAttributes = pennname
+
+


Mime
View raw message