Date: Fri, 29 Mar 2024 06:30:07 +0000 (UTC) Message-ID: <1728087091.7555.1711693807329@ip-10-10-7-29.ec2.internal> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_7554_1677718754.1711693807327" ------=_Part_7554_1677718754.1711693807327 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
This wiki documents the steps taken for the Grouper demo server to use d= atabase configuration.
Note, if you have more than one configuration file in your hierarchy, yo= u need to adjust this procedure.
Bring the various components (UI/WS/daemon), up to grouper_v2_4_0_u= i_patch_49. Or get the container that has that patch.
Get the grouper-ui.properties from the UI WEB-INF/classes
Get the grouper-ws.properties from the WS WEB-INF/classes
Get the grouper-loader.properties from the daemon /classes
Get the grouper.cache.properties (generally this is empty)
Note: after importing a config file, look in the bottom section "Remaini= ng config", maybe remove those if you discover they arent used.
Note, if you want to, you can diff each config in various envs to make s= ure everything is there... e.g.
[appadm= in@i2midev6 classes]$ diff /opt/tomcats/tomcat_b_gsh/webapps/grouper_v2_4/W= EB-INF/classes/grouper-loader.properties /opt/tomcats/tomcat_b/webapps/grou= per_v2_4/WEB-INF/classes/grouper-loader.properties 26c26 < loader.retain.db.audit_entry_no_logged_in_user.days=3D31 --- > loader.retain.db.audit_entry_no_logged_in_user.days=3D1825 35c35 < loader.retain.db.audit_entry.days=3D365 --- > loader.retain.db.audit_entry.days=3D3650 45c45 < loader.retain.db.point_in_time_deleted_objects.days=3D31 --- > loader.retain.db.point_in_time_deleted_objects.days=3D365 59c59 < loader.retain.db.folder.courses.parentFolderName=3Dusers:penn --- > loader.retain.db.folder.courses.parentFolderName=3Dmy:folder:for:cours= es 61,70d60 <=20 < ## TIER Instrumentation daemon - send stats to TIER. < # otherJob.tierInstrumentationDaemon.class =3D edu.internet2.middlewar= e.grouper.instrumentation.TierInstrumentationDaemon < # otherJob.tierInstrumentationDaemon.quartzCron =3D 0 0 2 * * ? < otherJob.tierInstrumentationDaemon.discoveryUrl =3D https://id.interne= t2.edu/ti/jrd/collector < otherJob.tierInstrumentationDaemon.exclude.transactionCounts =3D false < otherJob.tierInstrumentationDaemon.exclude.registryCounts =3D false < otherJob.tierInstrumentationDaemon.exclude.patchesInstalled =3D false < otherJob.tierInstrumentationDaemon.exclude.version =3D false < otherJob.tierInstrumentationDaemon.exclude.instanceData =3D false [appadmin@i2midev6 classes]$ diff /opt/tomcats/tomcat_b_gsh/webapps/grouper= _v2_4/WEB-INF/classes/grouper-loader.properties /opt/tomcats/tomcat_e/webap= ps/grouper-ws_v2_4/WEB-INF/classes/grouper-loader.properties 1,5c1,2 < # Grouper loader uses Grouper Configuration Overlays (documented on wi= ki) < # By default the configuration is read from grouper-loader.base.proper= ties < # (which should not be edited), and the grouper-loader.properties over= lays < # the base settings. See the grouper-loader.base.properties for the p= ossible < # settings that can be applied to the grouper.properties --- > # auto-add grouper loader types and attributes when grouper starts up = if they are not there > loader.autoadd.typesAttributes =3D false 6a4,10 > ################################## > ## Daily report > ################################## >=20 > #days on which to sync flat tables with daily report (comma separated) > #blank means run never. e.g. to run on all days: monday, tuesday, we= dnesday, thursday, friday, saturday, sunday > daily.report.syncFlatTables.daysToRun =3D monday, tuesday, wednesday, = thursday, friday, saturday, sunday 7a12,16 > #Whether or not notifications should be sent out for changes made to t= he flat tables. > daily.report.syncFlatTables.sendNotifications =3D true >=20 > #Whether issues in the flat tables should be fixed or just reported. > daily.report.syncFlatTables.saveUpdates =3D true 16c25,29 < ldap.personLdap.url =3D ldap://ldap.andrew.cmu.edu/dc=3Dcmu,dc=3Dedu --- > #note the URL should start with ldap: or ldaps: if it is SSL. =20 > #It should contain the server and port (optional if not default), and = baseDn,=20 > #e.g. ldaps://ldapserver.school.edu:636/dc=3Dschool,dc=3Dedu > ldap.cmuLdap.url =3D ldap://ldap.andrew.cmu.edu:389 >=20 18,70d30 < ############################################ < ## audit entries with no logged in user aren't really all that useful.= There is point in time data still. < ## So removing these shouldn't be a big deal < ## default is remove these that are 5 years old. < ############################################ <=20 < # number of days to retain db rows in grouper_audit_entry with no logg= ed in user (loader, gsh, etc). -1 is forever. < # suggested is 365 or five years: 1825. Default is -1 < loader.retain.db.audit_entry_no_logged_in_user.days=3D31 <=20 < ############################################ < ## Some think its ok to remove all audit entries over 10 (or X) years,= but will default this < ## to never since even at large institutions there aren't that many re= cords. < ## These are audits for things people do on the UI or WS generally (as= a different to records with no logged in user) < ############################################ <=20 < # number of days to retain db rows in grouper_audit_entry. -1 is fore= ver. suggested is -1 or ten years: 3650 < loader.retain.db.audit_entry.days=3D365 <=20 < ############################################ < ## After you delete an object in grouper, it is still in point in time= . So if you want to know who < ## was in a group a year ago, you need this info < ## However, after some time it might be ok to let it go. So the defau= lt is 5 years < ############################################ <=20 < # number of days to retain db rows for point in time deleted objects. = -1 is forever. < # suggested is 365 or five years: 1825. Default is -1 < loader.retain.db.point_in_time_deleted_objects.days=3D31 <=20 < ############################################ < ## This is optional. You can automatically obliterate folders *direct= ly in a parent folder* that are a < ## certain age old e.g. courses. < ## so you could delete a term of courses 4 years old if you like. Not= e, make sure the loader isn't < ## going to recreate or you will get churn < ## Note this can also delete the point in time data as well. < ############################################ <=20 < # number of days after a subfolder (directly in a parent folder) is cr= eated that it will be obliterated (deleted) < # and point in time will be deleted too. < # "courses" or "anotherLabel" are variables you make up in these examp= les < loader.retain.db.folder.courses.days=3D1825 < loader.retain.db.folder.courses.parentFolderName=3Dusers:penn < loader.retain.db.folder.courses.deletePointInTime=3Dtrue <=20 < ## TIER Instrumentation daemon - send stats to TIER. < # otherJob.tierInstrumentationDaemon.class =3D edu.internet2.middlewar= e.grouper.instrumentation.TierInstrumentationDaemon < # otherJob.tierInstrumentationDaemon.quartzCron =3D 0 0 2 * * ? < otherJob.tierInstrumentationDaemon.discoveryUrl =3D https://id.interne= t2.edu/ti/jrd/collector < otherJob.tierInstrumentationDaemon.exclude.transactionCounts =3D false < otherJob.tierInstrumentationDaemon.exclude.registryCounts =3D false < otherJob.tierInstrumentationDaemon.exclude.patchesInstalled =3D false < otherJob.tierInstrumentationDaemon.exclude.version =3D false < otherJob.tierInstrumentationDaemon.exclude.instanceData =3D false [appadmin@i2midev6 classes]$=20 [appadmin@i2midev6 classes]$ diff /opt/tomcats/tomcat_b_gsh/webapps/grouper= _v2_4/WEB-INF/classes/grouper-ui.properties /opt/tomcats/tomcat_b/webapps/g= rouper_v2_4/WEB-INF/classes/grouper-ui.properties [appadmin@i2midev6 classes]$ diff /opt/tomcats/tomcat_b_gsh/webapps/grouper= _v2_4/WEB-INF/classes/grouper-ui.properties /opt/tomcats/tomcat_e/webapps/g= rouper-ws_v2_4/WEB-INF/classes/grouper-ui.properties diff: /opt/tomcats/tomcat_e/webapps/grouper-ws_v2_4/WEB-INF/classes/grouper= -ui.properties: No such file or directory [appadmin@i2midev6 classes]$ diff /opt/tomcats/tomcat_b_gsh/webapps/grouper= _v2_4/WEB-INF/classes/grouper-ws.properties /opt/tomcats/tomcat_b/webapps/g= rouper_v2_4/WEB-INF/classes/grouper-ws.properties diff: /opt/tomcats/tomcat_b_gsh/webapps/grouper_v2_4/WEB-INF/classes/groupe= r-ws.properties: No such file or directory [appadmin@i2midev6 classes]$ diff /opt/tomcats/tomcat_b_gsh/webapps/grouper= _v2_4/WEB-INF/classes/grouper-ws.properties /opt/tomcats/tomcat_e/webapps/g= rouper-ws_v2_4/WEB-INF/classes/grouper-ws.properties diff: /opt/tomcats/tomcat_b_gsh/webapps/grouper_v2_4/WEB-INF/classes/groupe= r-ws.properties: No such file or directory [appadmin@i2midev6 patchesAutoLoader]$ diff /opt/tomcats/tomcat_b_gsh/webap= ps/grouper_v2_4/WEB-INF/classes/grouper.cache.properties /opt/tomcats/tomca= t_b/webapps/grouper_v2_4/WEB-INF/classes/grouper.cache.properties [appadmin@i2midev6 patchesAutoLoader]$ diff /opt/tomcats/tomcat_b_gsh/webap= ps/grouper_v2_4/WEB-INF/classes/grouper.cache.properties /opt/tomcats/tomca= t_e/webapps/grouper-ws_v2_4/WEB-INF/classes/grouper.cache.properties [appadmin@i2midev6 patchesAutoLoader]$=20
That looks ok, SyncFlatTables isnt a thing anymore I think.
Take each config file and import into the UI
Miscellaneous =E2=86=92 Configuration =E2=86=92 Configuration = files =E2=86=92 More actions =E2=86=92 Import config file
=
=
=
=
=
= p>
Note, notice grouper-ws.properties had diagnostics configs, and those we= re migrated to grouper.properties, so removed those from grouper-ws.propert= ies before importing
=
=
grouper.properties, grouper.client.properties, subject.propertie
[appadm= in@i2midev6 patchesAutoLoader]$ diff /opt/tomcats/tomcat_b_gsh/webapps/grou= per_v2_4/WEB-INF/classes/grouper.properties /opt/tomcats/tomcat_b/webapps/g= rouper_v2_4/WEB-INF/classes/grouper.properties 42d41 <=20 44d42 <=20 46d43 <=20 48d44 <=20 50d45 <=20 52d46 <=20 54a49,59 >=20 > #mail.smtp.server =3D smtp.sparkpostmail.com > #mail.smtp.port =3D 587 > #mail.smtp.starttls.enable =3D true > #mail.smtp.user =3D SMTP_Injection > #mail.smtp.pass =3D 7ef6a8eeb15b93ea9ba8de07a22a1668f284c801 > #mail.smtp.ssl.protocols =3D TLSv1.2 > #mail.from.address =3D mchyzer@mchyzer.co > #mail.debug =3D true >=20 >=20 112a118,141 >=20 >=20 > ################################## > ## Lockout groups. Could be used for other things, but used for polic= y group templates at least > ## if there is no allowed group, then anyone could use it > ################################## >=20 > # group name of a lockout group > grouper.lockoutGroup.name.0 =3D ref:lockout >=20 > ################################## > ## Require groups. Could be used for other things, but used for polic= y group templates at least > ## if there is no allowed group, then anyone could use it > ################################## >=20 > # group name of a require group > grouper.requireGroup.name.0 =3D ref:active >=20 > # group name of a require group > grouper.requireGroup.name.1 =3D ref:employee >=20 >=20 >=20 >=20 [appadmin@i2midev6 patchesAutoLoader]$=20 NOTE: use the UI grouper.properties, compare with WS grouper.properties [appadmin@i2midev6 patchesAutoLoader]$ diff /opt/tomcats/tomcat_b/webapps/g= rouper_v2_4/WEB-INF/classes/grouper.properties /opt/tomcats/tomcat_e/webapp= s/grouper-ws_v2_4/WEB-INF/classes/grouper.properties 1c1,4 < grouper.ui.url =3D https://grouperdemo.internet2.edu/grouper_v2_4/ --- > # > # Grouper Configuration > # $Id: grouper.example.properties,v 1.48 2009-12-16 06:02:30 mchyzer E= xp $ > # 3a7,26 >=20 > ######################################## > ## General settings > ######################################## >=20 > # in cases where grouper is logging or emailing, it will use this to d= ifferentiate test vs dev vs prod > # grouper.env.name =3D GROUPERDEMO_2_2_2 > grouper.env.name.elConfig =3D ${java.lang.System.getenv().get('GROUPER= _ENV')} >=20 > ####################################### > ## inititalization and configuration settings > ####################################### >=20 > #auto-create groups (increment the integer index), and auto-populate w= ith users > #(comma separated subject ids) to bootstrap the registry on startup > #(note: check config needs to be on) > #configuration.autocreate.group.name.0 =3D etc:uiUsers > #configuration.autocreate.group.description.0 =3D users allowed to log= in to the UI > #configuration.autocreate.group.subjects.0 =3D johnsmith >=20 10c33 < configuration.autocreate.group.subjects.1 =3D mchyzer,mchyzer@upenn.ed= u --- > configuration.autocreate.group.subjects.1 =3D mchyzer 14,88c37 < configuration.autocreate.group.subjects.2 =3D mchyzer,mchyzer@upenn.ed= u <=20 < configuration.autocreate.group.name.3 =3D aStem:library < configuration.autocreate.group.description.3 =3D access to the library= application <=20 < configuration.autocreate.group.name.4 =3D etc:externalSubjectInviters < configuration.autocreate.group.description.4 =3D allowed to invite peo= ple to this application <=20 <=20 < groups.wheel.use =3D true <=20 < # A viewonly wheel group allows you to enable non-GrouperSystem subjec= ts to act < # like a root user when viewing the registry. < groups.wheel.viewonly.use =3D true <=20 < # A readonly wheel group allows you to enable non-GrouperSystem subjec= ts to act < # like a root user when reading the registry. < groups.wheel.readonly.use =3D true <=20 <=20 <=20 < grouperIncludeExclude.use =3D true < grouperIncludeExclude.requireGroups.use =3D true <=20 < rules.act.as.group =3D etc:rulesActAsGroup <=20 <=20 < mail.smtp.server =3D smtp.gmail.com < mail.smtp.user =3D groupersystem@gmail.com < mail.smtp.pass =3D /opt/grouper/2.3/pass/smtp_2.3.pass < mail.smtp.ssl =3D true < mail.from.address =3D groupersystem@gmail.com < mail.subject.prefix =3D GROUPERDEMO_2_4: < mail.test.address =3D mchyzer@yahoo.com <=20 <=20 < #mail.smtp.server =3D smtp.sparkpostmail.com < #mail.smtp.port =3D 587 < #mail.smtp.starttls.enable =3D true < #mail.smtp.user =3D SMTP_Injection < #mail.smtp.pass =3D 7ef6a8eeb15b93ea9ba8de07a22a1668f284c801 < #mail.smtp.ssl.protocols =3D TLSv1.2 < #mail.from.address =3D mchyzer@mchyzer.co < #mail.debug =3D true <=20 <=20 < externalSubjects.desc.el =3D [unverifiedInfo] ${grouperUtil.appendIfNo= tBlankString(externalSubject.name, ' - ', externalSubject.institution)} [ex= ternalUserID] ${externalSubject.identifier} <=20 < externalSubjects.institution.required =3D true <=20 < externalSubjects.attributes.jabber.systemName =3D jabber < externalSubjects.attributes.jabber.required =3D false <=20 < externalSubjects.attributes.jabber.comment =3D The jabber ID of the us= er <=20 < externalSubjects.autoaddGroups=3Detc:uiGroup,etc:externalSubjectInvite= rs <=20 < externalSubjects.autoadd.testingLibrary.externalSubjectInviteName=3Dli= brary <=20 < externalSubjects.autoadd.testingLibrary.groups=3DaStem:library <=20 < externalSubjects.autoadd.testingLibrary.actions=3Dinsert,update <=20 < externalSubjects.registerRequiresInvite=3Dfalse <=20 <=20 <=20 <=20 < hooks.group.class =3D edu.internet2.middleware.grouper.hooks.examples.= UniqueObjectGroupHook < hooks.stem.class =3D edu.internet2.middleware.grouper.hooks.examples.U= niqueObjectStemHook < hooks.attributeDef.class =3D edu.internet2.middleware.grouper.hooks.ex= amples.UniqueObjectAttributeDefHook < hooks.attributeDefName.class =3D edu.internet2.middleware.grouper.hook= s.examples.UniqueObjectAttributeDefNameHook < hooks.membership.class =3D edu.internet2.middleware.grouper.hooks.exam= ples.MembershipOneInFolderMaxHook < # put in a group name to exclude non admins who have a lot of privileg= es who have bad performance < security.show.all.folders.if.in.group =3Dtest:testGroup --- > configuration.autocreate.group.subjects.2 =3D mchyzer 91c40 < ## Deprovisioning --- > ## security settings 94,131c43,49 < # comma separated affiliations for deprovisioning e.g. employee, stude= nt, etc < # these need to be alphanumeric suitable for properties keys for furth= er config or for group extensions < deprovisioning.affiliations =3D employee, student, alumni <=20 < ######################################### < ## GSH < ######################################### < gsh.useLegacy =3D true <=20 < ######################################### < ## Provisioning in UI < ######################################### <=20 < # if provisioning in ui should be enabled < # {valueType: "boolean", required: true} < provisioningInUi.enable =3D true <=20 < ###################################### < ## Grouper Reporting < ###################################### < =20 < # grouper reporting file system path where reports will be stored, e.g= . /opt/grouper/reports < # {valueType: "string", required: false} < reporting.file.system.path =3D /opt/tomcats/tomcat_b/grouperReports <=20 <=20 < ################################## < ## Lockout groups. Could be used for other things, but used for polic= y group templates at least < ## if there is no allowed group, then anyone could use it < ################################## <=20 < # group name of a lockout group < grouper.lockoutGroup.name.0 =3D ref:lockout <=20 < ################################## < ## Require groups. Could be used for other things, but used for polic= y group templates at least < ## if there is no allowed group, then anyone could use it < ################################## --- > # If set to _true_, the ALL subject will be granted that privilege on > # each new group that is created. Note, you can override the default > # checkboxes on screen of UI in media.properties. > groups.create.grant.all.admin =3D false > groups.create.grant.all.read =3D true > groups.create.grant.all.update =3D false > groups.create.grant.all.view =3D true 133,134d50 < # group name of a require group < grouper.requireGroup.name.0 =3D ref:active 136,137d51 < # group name of a require group < grouper.requireGroup.name.1 =3D ref:employee 138a53,55 > # A wheel group allows you to enable non-GrouperSystem subjects to act > # like a root user when interacting with the registry. > groups.wheel.use =3D true 139a57,63 > ################################### > ## allow and deny for db/ldap data or object deletes, without promptin= g the user to confirm > ## if a listing is in the allow, it will be allowed to delete db/ldap > ## if a listing is in the deny, it will be denied from deleting db/lda= p > ## multiple inputs can be entered with .0, .1, .2, etc. These numbers= must be sequential, starting with 0 > ################################### > db.change.allow.url.0=3Djdbc:hsqldb:hsql://localhost/grouper 140a65,90 > ##################################### > ## Settings to track last membership changes for groups and stems. > ##################################### >=20 > # If true, when a membership is added to a group (either a privilege o= r a list member), > # then an update will be made to the lastMembershipChange property for= the group. > groups.updateLastMembershipTime =3D true >=20 > # If true, when a membership is added to a stem (this would be a namin= g privilege), > # then an update will be made to the lastMembershipChange property for= the stem. > stems.updateLastMembershipTime =3D true >=20 > ##################################### > ## misc settings which probably dont need to be changed > ##################################### >=20 > # Use this interface implementation for access privileges > privileges.access.interface =3D edu.internet2.middleware.gro= uper.GrouperAccessAdapter > # Use this interface implementation for naming privileges > privileges.naming.interface =3D edu.internet2.middleware.gro= uper.GrouperNamingAdapter > # Use this interface implementation for attributeDef privileges > privileges.attributeDef.interface =3D edu.internet2.middleware.gro= uper.privs.GrouperAttributeDefAdapter >=20 > ##################################### > ## attribute framework > ##################################### 141a92,93 > # if the attribute loader attributes should be autoconfigured (created= , etc) > grouper.attribute.loader.autoconfigure =3D false [appadmin@i2midev6 patchesAutoLoader]$
Load in the WS grouper.properties, then overwrite with grouper UI groupe= r.properties (since most recent is UI, but also want WS)
=
=
[appadm= in@i2midev6 patchesAuto]$ diff /opt/tomcats/tomcat_b_gsh/webapps/grouper_v2= _4/WEB-INF/classes/grouper.client.properties /opt/tomcats/tomcat_e/webapps/= grouper-ws_v2_4/WEB-INF/classes/grouper.client.properties 1c1,7 < encrypt.key =3D /opt/grouper/2.2/pass/encrypt.key --- >=20 > # The grouper.client.properties file uses Grouper Configuration Overla= ys (documented on wiki) > # By default the configuration is read from grouper.client.base.proper= ties > # (which should not be edited), and the grouper.client.properties over= lays > # the base settings. See the grouper.client.base.properties for the p= ossible > # settings that can be applied to the grouper.client.properties >
= p>
[appadm= in@i2midev6 patchesAuto]$ diff /opt/tomcats/tomcat_b/webapps/grouper_v2_4/W= EB-INF/classes/subject.properties /opt/tomcats/tomcat_e/webapps/grouper-ws_= v2_4/WEB-INF/classes/subject.properties 117a118,212 >=20 > ######################################### > ## Configuration for source id: cmuDirectory > ## Source configName: cmuDirectory > ######################################### > subjectApi.source.cmuDirectory.id =3D cmuDirectory >=20 > # this is a friendly name for the source > subjectApi.source.cmuDirectory.name =3D CMU Directory >=20 > # type is not used all that much. Can have multiple types, comma sepa= rate. Can be person, group, application > subjectApi.source.cmuDirectory.types =3D person >=20 > # the adapter class implements the interface: edu.internet2.middleware= .subject.Source > # adapter class must extend: edu.internet2.middleware.subject.provider= .BaseSourceAdapter > # edu.internet2.middleware.grouper.subj.GrouperJdbcSourceAdapter2 : = if doing JDBC this should be used if possible. All subject data in one tab= le/view. > # edu.internet2.middleware.grouper.subj.GrouperJdbcSourceAdapter : = oldest JDBC source. Put freeform queries in here > # edu.internet2.middleware.grouper.subj.GrouperJndiSourceAdapter : = used for LDAP > subjectApi.source.cmuDirectory.adapterClass =3D edu.internet2.middlewa= re.grouper.subj.GrouperJndiSourceAdapter >=20 > # link back to grouper-loader.properties > subjectApi.source.cmuDirectory.param.ldapServerId.value =3D cmuLdap >=20 > # e.g. com.sun.jndi.ldap.LdapCtxFactory > #subjectApi.source.cmuDirectory.param.INITIAL_CONTEXT_FACTORY.value = =3D com.sun.jndi.ldap.LdapCtxFactory >=20 > # e.g. ldap://localhost:389 > #subjectApi.source.cmuDirectory.param.PROVIDER_URL.value =3D ldap://ld= ap.andrew.cmu.edu:389 >=20 > # e.g. simple, none, sasl_mech > #subjectApi.source.cmuDirectory.param.SECURITY_AUTHENTICATION.value = =3D none >=20 > # ldap attribute which is the subject id. e.g. exampleEduRegID Each= subject has one and only one subject id. Generally it is opaque and perma= nent. > subjectApi.source.cmuDirectory.param.SubjectID_AttributeType.value =3D= guid >=20 > # if the subject id should be changed to lower case after reading from= datastore. true or false > subjectApi.source.cmuDirectory.param.SubjectID_formatToLowerCase.value= =3D false >=20 > # attribute which is the subject name > subjectApi.source.cmuDirectory.param.Name_AttributeType.value =3D cn >=20 > # attribute which is the subject description > subjectApi.source.cmuDirectory.param.Description_AttributeType.value = =3D cn >=20 > # the 1st sort attribute for lists on screen that are derived from mem= ber table (e.g. search for member in group) > # you can have up to 5 sort attributes=20 > subjectApi.source.cmuDirectory.param.sortAttribute0.value =3D cn >=20 > # the 1st search attribute for lists on screen that are derived from m= ember table (e.g. search for member in group) > # you can have up to 5 search attributes=20 > subjectApi.source.cmuDirectory.param.searchAttribute0.value =3D search= Attribute0 >=20 > #searchSubject: find a subject by ID. ID is generally an opaque and p= ermanent identifier, e.g. 12345678. > # Each subject has one and only on ID. Returns one result when searc= hing for one ID. >=20 > # sql is the sql to search for the subject by id. %TERM% will be subs= ituted by the id searched for > subjectApi.source.cmuDirectory.search.searchSubject.param.filter.value= =3D (& (guid=3D%TERM%) (objectclass=3DcmuPerson)) >=20 > # Scope Values can be: OBJECT_SCOPE, ONELEVEL_SCOPE, SUBTREE_SCOPE > subjectApi.source.cmuDirectory.search.searchSubject.param.scope.value = =3D SUBTREE_SCOPE >=20 > # base dn to search in > subjectApi.source.cmuDirectory.search.searchSubject.param.base.value = =3D ou=3Dperson,dc=3Dcmu,dc=3Dedu >=20 > #searchSubjectByIdentifier: find a subject by identifier. Identifier = is anything that uniquely > # identifies the user, e.g. jsmith or jsmith@institution.edu. > # Subjects can have multiple identifiers. Note: it is nice to have i= f identifiers are unique > # even across sources. Returns one result when searching for one ide= ntifier. >=20 > # sql is the sql to search for the subject by identifier. %TERM% will= be subsituted by the identifier searched for > subjectApi.source.cmuDirectory.search.searchSubjectByIdentifier.param.= filter.value =3D (& (cmuAndrewCommonNamespaceId=3D%TERM%) (objectclass= =3DcmuPerson)) >=20 > # Scope Values can be: OBJECT_SCOPE, ONELEVEL_SCOPE, SUBTREE_SCOPE > subjectApi.source.cmuDirectory.search.searchSubjectByIdentifier.param.= scope.value =3D SUBTREE_SCOPE >=20 > # base dn to search in > subjectApi.source.cmuDirectory.search.searchSubjectByIdentifier.param.= base.value =3D ou=3Dperson,dc=3Dcmu,dc=3Dedu >=20 > # search: find subjects by free form search. Returns multiple resul= ts. >=20 > # sql is the sql to search for the subject by free form search. %TERM= % will be subsituted by the text searched for > subjectApi.source.cmuDirectory.search.search.param.filter.value =3D (&= amp; (|(guid=3D%TERM%)(|(cn=3D*%TERM%*)(cmuAndrewCommonNamespaceId=3D*%TERM= %*)))(objectclass=3DcmuPerson)) >=20 > # Scope Values can be: OBJECT_SCOPE, ONELEVEL_SCOPE, SUBTREE_SCOPE > subjectApi.source.cmuDirectory.search.search.param.scope.value =3D SUB= TREE_SCOPE >=20 > # base dn to search in > subjectApi.source.cmuDirectory.search.search.param.base.value =3D ou= =3Dperson,dc=3Dcmu,dc=3Dedu >=20 > # attributes from ldap object to become subject attributes. comma sep= arated > subjectApi.source.cmuDirectory.attributes =3D cn, guid, cmuAndrewCommo= nNamespaceId >=20 > # internal attributes are used by grouper only not exposed to code tha= t uses subjects. comma separated > subjectApi.source.cmuDirectory.internalAttributes =3D searchAttribute0 >
Lets leave the CMU source out of there for performance reasons
= p>
[appadm= in@i2midev6 configBackup]$ mkdir ui [appadmin@i2midev6 configBackup]$ mkdir ws [appadmin@i2midev6 configBackup]$ mkdir daemon [appadmin@i2midev6 configBackup]$ cp /opt/tomcats/tomcat_e/webapps/grouper-= ws_v2_4/WEB-INF/classes/subject.properties ws [appadmin@i2midev6 configBackup]$ cp /opt/tomcats/tomcat_e/webapps/grouper-= ws_v2_4/WEB-INF/classes/grouper.properties ws [appadmin@i2midev6 configBackup]$ cp /opt/tomcats/tomcat_e/webapps/grouper-= ws_v2_4/WEB-INF/classes/grouper.client.properties ws [appadmin@i2midev6 configBackup]$ cp /opt/tomcats/tomcat_e/webapps/grouper-= ws_v2_4/WEB-INF/classes/grouper-ws.properties ws [appadmin@i2midev6 configBackup]$ cp /opt/tomcats/tomcat_e/webapps/grouper-= ws_v2_4/WEB-INF/classes/grouper-ui.properties ws cp: cannot stat =C3=A2=E2=82=AC=CB=9C/opt/tomcats/tomcat_e/webapps/grouper-= ws_v2_4/WEB-INF/classes/grouper-ui.properties=C3=A2=E2=82=AC=E2=84=A2: No s= uch file or directory [appadmin@i2midev6 configBackup]$ cp /opt/tomcats/tomcat_e/webapps/grouper-= ws_v2_4/WEB-INF/classes/grouper.cache.properties ws [appadmin@i2midev6 configBackup]$ cp /opt/tomcats/tomcat_e/webapps/grouper-= ws_v2_4/WEB-INF/classes/grouper-loader.properties ws [appadmin@i2midev6 configBackup]$ cp /opt/tomcats/tomcat_b_gsh/webapps/grou= per_v2_4/WEB-INF/classes/subject.properties daemon [appadmin@i2midev6 configBackup]$ cp /opt/tomcats/tomcat_b_gsh/webapps/grou= per_v2_4/WEB-INF/classes/grouper.properties daemon [appadmin@i2midev6 configBackup]$ cp /opt/tomcats/tomcat_b_gsh/webapps/grou= per_v2_4/WEB-INF/classes/grouper.client.properties daemon [appadmin@i2midev6 configBackup]$ cp /opt/tomcats/tomcat_b_gsh/webapps/grou= per_v2_4/WEB-INF/classes/grouper-ws.properties daemon cp: cannot stat =C3=A2=E2=82=AC=CB=9C/opt/tomcats/tomcat_b_gsh/webapps/grou= per_v2_4/WEB-INF/classes/grouper-ws.properties=C3=A2=E2=82=AC=E2=84=A2: No = such file or directory [appadmin@i2midev6 configBackup]$ cp /opt/tomcats/tomcat_b_gsh/webapps/grou= per_v2_4/WEB-INF/classes/grouper-ui.properties daemon [appadmin@i2midev6 configBackup]$ cp /opt/tomcats/tomcat_b_gsh/webapps/grou= per_v2_4/WEB-INF/classes/grouper.cache.properties daemon [appadmin@i2midev6 configBackup]$ cp /opt/tomcats/tomcat_b_gsh/webapps/grou= per_v2_4/WEB-INF/classes/grouper-loader.properties daemon [appadmin@i2midev6 configBackup]$ cp /opt/tomcats/tomcat_b/webapps/grouper_= v2_4/WEB-INF/classes/subject.properties ui [appadmin@i2midev6 configBackup]$ cp /opt/tomcats/tomcat_b/webapps/grouper_= v2_4/WEB-INF/classes/grouper.properties ui [appadmin@i2midev6 configBackup]$ cp /opt/tomcats/tomcat_b/webapps/grouper_= v2_4/WEB-INF/classes/grouper.client.properties ui [appadmin@i2midev6 configBackup]$ cp /opt/tomcats/tomcat_b/webapps/grouper_= v2_4/WEB-INF/classes/grouper-loader.properties ui [appadmin@i2midev6 configBackup]$ cp /opt/tomcats/tomcat_b/webapps/grouper_= v2_4/WEB-INF/classes/grouper-ui.properties ui [appadmin@i2midev6 configBackup]$ cp /opt/tomcats/tomcat_b/webapps/grouper_= v2_4/WEB-INF/classes/grouper-ws.properties ui [appadmin@i2midev6 configBackup]$ cp /opt/tomcats/tomcat_b/webapps/grouper_= v2_4/WEB-INF/classes/grouper.cache.properties ui [appadmin@i2midev6 configBackup]$ rm /opt/tomcats/tomcat_b/webapps/grouper_= v2_4/WEB-INF/classes/subject.properties [appadmin@i2midev6 configBackup]$ touch /opt/tomcats/tomcat_b/webapps/group= er_v2_4/WEB-INF/classes/subject.properties [appadmin@i2midev6 configBackup]$ rm /opt/tomcats/tomcat_b/webapps/grouper_= v2_4/WEB-INF/classes/grouper.properties [appadmin@i2midev6 configBackup]$ touch /opt/tomcats/tomcat_b/webapps/grou= per_v2_4/WEB-INF/classes/grouper.properties [appadmin@i2midev6 configBackup]$ rm /opt/tomcats/tomcat_b/webapps/grouper_= v2_4/WEB-INF/classes/grouper.cache.properties [appadmin@i2midev6 configBackup]$ touch /opt/tomcats/tomcat_b/webapps/group= er_v2_4/WEB-INF/classes/grouper.cache.properties [appadmin@i2midev6 configBackup]$ rm /opt/tomcats/tomcat_b/webapps/grouper_= v2_4/WEB-INF/classes/grouper-ui.properties [appadmin@i2midev6 configBackup]$ touch /opt/tomcats/tomcat_b/webapps/group= er_v2_4/WEB-INF/classes/grouper-ui.properties [appadmin@i2midev6 configBackup]$ rm /opt/tomcats/tomcat_b/webapps/grouper_= v2_4/WEB-INF/classes/grouper-ws.properties [appadmin@i2midev6 configBackup]$ touch /opt/tomcats/tomcat_b/webapps/grou= per_v2_4/WEB-INF/classes/grouper-ws.properties [appadmin@i2midev6 configBackup]$ rm /opt/tomcats/tomcat_b/webapps/grouper_= v2_4/WEB-INF/classes/grouper-loader.properties [appadmin@i2midev6 configBackup]$ touch /opt/tomcats/tomcat_b/webapps/grou= per_v2_4/WEB-INF/classes/grouper-loader.properties [appadmin@i2midev6 configBackup]$ rm /opt/tomcats/tomcat_b/webapps/grouper_= v2_4/WEB-INF/classes/grouper.client.properties [appadmin@i2midev6 configBackup]$ touch /opt/tomcats/tomcat_b/webapps/group= er_v2_4/WEB-INF/classes/grouper.client.properties rm /opt/tomcats/tomcat_b_gsh/webapps/grouper_v2_4/WEB-INF/classes/subject.p= roperties touch /opt/tomcats/tomcat_b_gsh/webapps/grouper_v2_4/WEB-INF/classes/subjec= t.properties rm /opt/tomcats/tomcat_b_gsh/webapps/grouper_v2_4/WEB-INF/classes/grouper.p= roperties touch /opt/tomcats/tomcat_b_gsh/webapps/grouper_v2_4/WEB-INF/classes/group= er.properties rm /opt/tomcats/tomcat_b_gsh/webapps/grouper_v2_4/WEB-INF/classes/grouper.c= ache.properties touch /opt/tomcats/tomcat_b_gsh/webapps/grouper_v2_4/WEB-INF/classes/groupe= r.cache.properties rm /opt/tomcats/tomcat_b_gsh/webapps/grouper_v2_4/WEB-INF/classes/grouper-u= i.properties touch /opt/tomcats/tomcat_b_gsh/webapps/grouper_v2_4/WEB-INF/classes/groupe= r-ui.properties rm /opt/tomcats/tomcat_b_gsh/webapps/grouper_v2_4/WEB-INF/classes/grouper-w= s.properties touch /opt/tomcats/tomcat_b_gsh/webapps/grouper_v2_4/WEB-INF/classes/group= er-ws.properties rm /opt/tomcats/tomcat_b_gsh/webapps/grouper_v2_4/WEB-INF/classes/grouper-l= oader.properties touch /opt/tomcats/tomcat_b_gsh/webapps/grouper_v2_4/WEB-INF/classes/group= er-loader.properties rm /opt/tomcats/tomcat_b_gsh/webapps/grouper_v2_4/WEB-INF/classes/grouper.c= lient.properties touch /opt/tomcats/tomcat_b_gsh/webapps/grouper_v2_4/WEB-INF/classes/groupe= r.client.properties
Bounce all JVMs. You are done!