...
Config | Example | Description | Notes |
---|---|---|---|
class | edu.internet2.middleware.grouper.app.sqlProvisioning.SqlMembershipProvisioner | Class extends the base provisioner class | This class informs configuration decisions. Required. Read-only. |
hasSubjectLink | true false | If the subject API is needed to resolve attribute on subject | required, drives requirements of other configurations. defaults to false. |
hasTargetUserLink | true false | If subjects need to be resolved in the target before provisioning | defaults to false. required. |
hasTargetGroupLink | true false | If groups need to be resolved in the target before provisioning | defaults to false. required. |
subjectSourcesToProvision | pennperson | subject sources to provision | required. defaults to all except g:gsa, grouperExternal, g:isa, localEntities. comma separated list. checkboxes. |
userTableName | users | table to query to lookup users | required if hasTargetUserLink |
userSearchAttributeName | employee_id | column to filter on | required if hasTargetUserLink |
userSearchAttributeValueFormat | ${subject.id} | value for the user search attribute name | required if hasTargetUserLink |
userPrimaryKey | id | primary key column(s) of user table | required |
membershipTableName | memberships | table where memberships go | required |
membershipUserColumn | user_id | column in memberships table for user | required |
membershipUserValueFormat | ${targetEntity.attributes['uid']} | value for the membership user value | required |
membershipGroupColumn | group_id | column in memberships table for group | required |
membershipGroupValueFormat | ${targetGroup.attributes['id']} | value for the membership group value | required |
syncMemberToId2AttributeValueFormat | ${targetEntity.attributes['user_id']} | main identifier of the user on the target side | show = false |
syncMemberToId3AttributeValueFormat | ${targetEntity.attributes['uid']} | identifier of the user as referred to by the membership | show = false |
syncMemberFromId2AttributeValueFormat | ${targetEntity.attributes['netId']} | target attribute value that helps look up user | show = false |
syncMemberFromId3AttributeValueFormat | ${subject.attributes['mySqlId']} | subject attribute value that helps look up user | show = false |
syncGroupToId2AttributeValueFormat | ${targetGroup.attributes['group_id']} | main identifier of the group on the target side | show = false |
syncGroupToId3AttributeValueFormat | ${targetEntity.attributes['gid']} | identifier of the group as referred to by the membership | show = false |
syncGroupFromId2AttributeValueFormat | ${targetEntity.attributes['groupName']} | target attribute value that helps look up group | show = false |
userSearchAttributes | user_id, name, email | columns to search when getting users | optional. show if hasTargetUserLink. |
groupSearchAttributes | group_id, group_name | columns to search when getting groups | optional, show if hasTargetGroupLink |
membershipSearchAttributes | group_id, user_id, membership_id | columns to search when getting memberships | optional |
createMissingUsers | true or false | defaults false, optional. show if hasTargetUserLink | |
createMissingGroups | true or false | defaults to true. show if hasTargetGroupLink | |
groupSearchAttributeName | gid_number | column name to filter on | show if hasTargetGroupLink required |
groupSearchAttributeValueFormat | ${syncGroup.groupIdIndex} | value to filter group on | show if hasTargetGroupLink required |
groupSearchAttributes | cn,gidNumber,samAccountName,objectclass | attributes to get if searching for groups | optional show if hasTargetGroupLink |
deleteGroupsInTargetIfInTargetAndNotGrouper | true or false | if groups in full sync should be deleted if in group all query and not in grouper or for attributes delete other attribute not provisioned by grouper | default to false |
deleteGroupsInTargetIfDeletedInGrouper | true or false | if groups that were created in grouper were deleted should it be deleted in sql? or for attributes, delete attribute value if deleted in grouper | default to true |
doNotDeleteTheseGroupsInTarget | groupAttribute formats to not delete in target, in case there are groups that should always remain | ||
deleteMembershipsInTargetIfInTargetAndNotGrouper | if memberships in full sync should be deleted if in membership all query and not in grouper or for attributes delete other attribute not provisioned by grouper | default to false | |
groupIdOfUsersToProvision | overall group of users to provision. uuid. If not specified, then provision users with any memberships | optional | |
deleteUsersInTargetIfInTargetAndNotGrouper | if user in target and not in grouper then delete in target | default to false | |
deleteUsersInTargetIfDeletedInGrouper | if user in target and removed from grouper then delete in target | default to false | |
doNotDeleteTheseUsersInTarget | userAttribute formats to not delete in target, in case there are admin or test accounts | ||
membershipFields | members read,admin update,admin admin | if provisioning normal memberships or privileges | default to "members" for normal memberships |
dbExternalSystemConfigId | warehouse | links to DB external system in grouper-loader.properties | required |
userSearchQuery | select * from users where ... | if this is more complicated than just a simple select, put the query here | optional |
groupSearchQuery | select * from groups where ... | if this is more complicated than just a simple select, put the query here | optional |
membershipSearchQuery | select * from memberships where ... | if this is more complicated than just a simple select, put the query here | optional |
groupCreationNumberOfAttributes | integer between 1 and 10 | required. show if createMissingGroups | |
groupCreationTemplate_attr_[0-9] | group_id | the 0th attribute name | required if createMissingGroups |
groupCreationLdifTemplate_val_[0-9] | ${syncMember.memberToId2} | the 0th attribute value | required if createMissingGroups |
userCreationNumberOfAttributes | integer between 1 and 10 | required if createMissingUsers | |
userCreationTemplate_attr_[0-9] | user_id | the 0th attribute name | required if createMissingUsers |
userCreationTemplate_val_[0-9] | ${syncGroup.groupToId2} | the 0th attribute value | required if createMissingUsers |
membershipCreationNumberOfAttributes | integer between 1 and 10 | required | |
membershipCreationTemplate_attr_[0-9] | membership_id | the 0th attribute name | required |
membershipCreationTemplate_val_[0-9] | ${syncMembership.membershipToId2} | he 0th attribute value | required |
...