src/main/resources/CommanderDemoUsers.xml

<?xml version="1.0" encoding="UTF-8"?>
<!--
  ~ This work is part of OpenLDAP Software <http://www.openldap.org/>.
  ~
  ~ Copyright 1998-2014 The OpenLDAP Foundation.
  ~ All rights reserved.
  ~
  ~ Redistribution and use in source and binary forms, with or without
  ~ modification, are permitted only as authorized by the OpenLDAP
  ~ Public License.
  ~
  ~ A copy of this license is available in the file LICENSE in the
  ~ top-level directory of the distribution or, alternatively, at
  ~ <http://www.OpenLDAP.org/license.html>.
  -->
<project basedir="." default="all" name="Fortress Sample Data">
    <taskdef classname="org.openldap.fortress.ant.FortressAntTask" name="FortressAdmin" >
        <classpath path="${java.class.path}"/>
    </taskdef>

    <target name="all">
        <FortressAdmin>

            <adduser>
                <user userId="test" password="test" description="Commander Demo User" ou="demousrs1" cn="test" sn="user"  pwPolicy="Test1" beginTime="0000" endTime="0000" beginDate="20090101" endDate="20990101" beginLockDate="none" endLockDate="none" dayMask="1234567" timeout="0" photo="TestPhoto1.jpeg"/>
                <user userId="test1" password="test" description="Commander Demo User1" ou="demousrs1" cn="test1" sn="user"  pwPolicy="Test1" beginTime="0000" endTime="0000" beginDate="20090101" endDate="20990101" beginLockDate="none" endLockDate="none" dayMask="1234567" timeout="0"/>
                <user userId="test2" password="test" description="Commander Demo User2" ou="demousrs1" cn="test2" sn="user"  pwPolicy="Test1" beginTime="0000" endTime="0000" beginDate="20090101" endDate="20990101" beginLockDate="none" endLockDate="none" dayMask="1234567" timeout="0"/>
                <user userId="test3" password="test" description="Commander Group Demo User2" ou="demousrs1" cn="test3" sn="user"  pwPolicy="Test1" beginTime="0000" endTime="0000" beginDate="20090101" endDate="20990101" beginLockDate="none" endLockDate="none" dayMask="1234567" timeout="0"/>                
            </adduser>

            <adduseradminrole>
                <userrole userId="test" name="FortressSuperAdmin" beginTime="0000" endTime="0000" beginDate="none" endDate="none" beginLockDate="none" endLockDate="none" dayMask="all" timeout="0"/>
                <userrole userId="test1" name="UserAdmin" beginTime="0000" endTime="0000" beginDate="none" endDate="none" beginLockDate="none" endLockDate="none" dayMask="all" timeout="0"/>
                <userrole userId="test2" name="AuditAdmin" beginTime="0000" endTime="0000" beginDate="none" endDate="none" beginLockDate="none" endLockDate="none" dayMask="all" timeout="0"/>
                <userrole userId="test3" name="FortressSuperAdmin" beginTime="0000" endTime="0000" beginDate="none" endDate="none" beginLockDate="none" endLockDate="none" dayMask="all" timeout="0"/>                
            </adduseradminrole>

            <adduserrole>
                <userrole userId="test" name="CommanderSuperUser"  beginTime="0000" endTime="0000" beginDate="none" endDate="none" beginLockDate="none" endLockDate="none" dayMask="all" timeout="0"/>
                <userrole userId="test1" name="ROLE_USERS"  beginTime="0000" endTime="0000" beginDate="none" endDate="none" beginLockDate="none" endLockDate="none" dayMask="all" timeout="0"/>
                <userrole userId="test2" name="ROLE_AUDITOR"  beginTime="0000" endTime="0000" beginDate="none" endDate="none" beginLockDate="none" endLockDate="none" dayMask="all" timeout="0"/>
                <userrole userId="test3" name="CommanderGroupAdmin"  beginTime="0000" endTime="0000" beginDate="none" endDate="none" beginLockDate="none" endLockDate="none" dayMask="all" timeout="0"/>                
            </adduserrole>

            <addadminrole>
                <role name="UserAdmin" description="Fortress User Admin" osps="APP0" osus="DEV0" begininclusive="true" endinclusive="true" beginTime="0000" endTime="0000" beginDate="none" endDate="none" beginLockDate="none" endLockDate="none" dayMask="all" timeout="0" beginrange="" endrange=""/>
                <role name="AuditAdmin" description="Fortress Auditor" osps="APP0" osus="DEV0" begininclusive="true" endinclusive="true" beginTime="0000" endTime="0000" beginDate="none" endDate="none" beginLockDate="none" endLockDate="none" dayMask="all" timeout="0" beginrange="" endrange=""/>
            </addadminrole>

            <addpermgrant>
                <permgrant objName="org.openldap.fortress.rbac.AuditMgrImpl" opName="searchBinds" roleNm="AuditAdmin" admin="true"/>
                <permgrant objName="org.openldap.fortress.rbac.AuditMgrImpl" opName="searchAuthZs" roleNm="AuditAdmin" admin="true"/>
                <permgrant objName="org.openldap.fortress.rbac.AuditMgrImpl" opName="getUserAuthZs" roleNm="AuditAdmin" admin="true"/>
                <permgrant objName="org.openldap.fortress.rbac.AuditMgrImpl" opName="searchUserSessions" roleNm="AuditAdmin" admin="true"/>
                <permgrant objName="org.openldap.fortress.rbac.AuditMgrImpl" opName="searchAdminMods" roleNm="AuditAdmin" admin="true"/>
                <permgrant objName="org.openldap.fortress.rbac.AuditMgrImpl" opName="searchInvalidUsers" roleNm="AuditAdmin" admin="true"/>
                <permgrant objName="org.openldap.fortress.rbac.ReviewMgrImpl" opName="readUser" roleNm="AuditAdmin" admin="true"/>
                <permgrant objName="org.openldap.fortress.rbac.ReviewMgrImpl" opName="findUsers" roleNm="AuditAdmin" admin="true"/>
                <permgrant objName="org.openldap.fortress.rbac.ReviewMgrImpl" opName="findPermissions" roleNm="AuditAdmin" admin="true"/>

                <permgrant objName="org.openldap.fortress.rbac.ReviewMgrImpl" opName="readUser" roleNm="UserAdmin" admin="true"/>
                <permgrant objName="org.openldap.fortress.rbac.ReviewMgrImpl" opName="findUsers" roleNm="UserAdmin" admin="true"/>
                <permgrant objName="org.openldap.fortress.rbac.ReviewMgrImpl" opName="assignedUsers" roleNm="UserAdmin" admin="true"/>
                <permgrant objName="org.openldap.fortress.rbac.ReviewMgrImpl" opName="assignedRoles" roleNm="UserAdmin" admin="true"/>
                <permgrant objName="org.openldap.fortress.rbac.ReviewMgrImpl" opName="authorizedUsers" roleNm="UserAdmin" admin="true"/>
                <permgrant objName="org.openldap.fortress.rbac.ReviewMgrImpl" opName="authorizedRoles" roleNm="UserAdmin" admin="true"/>
                <permgrant objName="org.openldap.fortress.rbac.ReviewMgrImpl" opName="userPermissions" roleNm="UserAdmin" admin="true"/>
                <permgrant objName="org.openldap.fortress.rbac.ReviewMgrImpl" opName="findPermissions" roleNm="UserAdmin" admin="true"/>
                <permgrant objName="org.openldap.fortress.rbac.ReviewMgrImpl" opName="findRoles" roleNm="UserAdmin" admin="true"/>
                <permgrant objName="org.openldap.fortress.rbac.DelReviewMgrImpl" opName="searchOU" roleNm="UserAdmin" admin="true"/>

                <permgrant objName="org.openldap.fortress.rbac.AdminMgrImpl" opName="addUser" roleNm="UserAdmin" admin="true"/>
                <permgrant objName="org.openldap.fortress.rbac.AdminMgrImpl" opName="disableUser" roleNm="UserAdmin" admin="true"/>
                <permgrant objName="org.openldap.fortress.rbac.AdminMgrImpl" opName="deleteUser" roleNm="UserAdmin" admin="true"/>
                <permgrant objName="org.openldap.fortress.rbac.AdminMgrImpl" opName="updateUser" roleNm="UserAdmin" admin="true"/>
                <permgrant objName="org.openldap.fortress.rbac.AdminMgrImpl" opName="changePassword" roleNm="UserAdmin" admin="true"/>
                <permgrant objName="org.openldap.fortress.rbac.AdminMgrImpl" opName="lockUserAccount" roleNm="UserAdmin" admin="true"/>
                <permgrant objName="org.openldap.fortress.rbac.AdminMgrImpl" opName="unlockUserAccount" roleNm="UserAdmin" admin="true"/>
                <permgrant objName="org.openldap.fortress.rbac.AdminMgrImpl" opName="resetPassword" roleNm="UserAdmin" admin="true"/>
                <permgrant objName="org.openldap.fortress.rbac.AdminMgrImpl" opName="assignUser" roleNm="UserAdmin" admin="true"/>
                <permgrant objName="org.openldap.fortress.rbac.AdminMgrImpl" opName="deassignUser" roleNm="UserAdmin" admin="true"/>
                <permgrant objName="org.openldap.fortress.rbac.PwPolicyMgrImpl" opName="updateUserPolicy" roleNm="FortressSuperAdmin" admin="true"/>

                <permgrant objName="org.openldap.fortress.ldap.group.GroupMgrImpl" opName="add" roleNm="UserAdmin" admin="true"/>
                <permgrant objName="org.openldap.fortress.ldap.group.GroupMgrImpl" opName="update" roleNm="UserAdmin" admin="true"/>
                <permgrant objName="org.openldap.fortress.ldap.group.GroupMgrImpl" opName="delete" roleNm="UserAdmin" admin="true"/>
                <permgrant objName="org.openldap.fortress.ldap.group.GroupMgrImpl" opName="addProperty" roleNm="UserAdmin" admin="true"/>
                <permgrant objName="org.openldap.fortress.ldap.group.GroupMgrImpl" opName="deleteProperty" roleNm="UserAdmin" admin="true"/>
                <permgrant objName="org.openldap.fortress.ldap.group.GroupMgrImpl" opName="assign" roleNm="UserAdmin" admin="true"/>
                <permgrant objName="org.openldap.fortress.ldap.group.GroupMgrImpl" opName="deassign" roleNm="UserAdmin" admin="true"/>
                <permgrant objName="org.openldap.fortress.ldap.group.GroupMgrImpl" opName="read" roleNm="UserAdmin" admin="true"/>
                <permgrant objName="org.openldap.fortress.ldap.group.GroupMgrImpl" opName="find" roleNm="UserAdmin" admin="true"/>
                <permgrant objName="org.openldap.fortress.ldap.group.GroupMgrImpl" opName="findWithUsers" roleNm="UserAdmin" admin="true"/>
            </addpermgrant>


            <addrole>
                <role name="ROLE_USERS" description="Grants User page access in Commander"/>
                <role name="ROLE_ROLES" description="Grants Role page access in Commander"/>
                <role name="ROLE_PERMS" description="Grants Perm page access in Commander"/>
                <role name="ROLE_SSDS" description="Grants Static SoD page access in Commander"/>
                <role name="ROLE_DSDS" description="Grants Dynamic SoD page access in Commander"/>
                <role name="ROLE_POLICIES" description="Grants Password Policy page access in Commander"/>
                <role name="ROLE_PERMOBJS" description="Grants Permission Object page access in Commander"/>
                <role name="ROLE_USEROUS" description="Grants User Organization page access in Commander"/>
                <role name="ROLE_PERMOUS" description="Grants Permission Organization page access in Commander"/>
                <role name="ROLE_ADMINROLES" description="Grants Admin Role page access in Commander"/>
                <role name="ROLE_ADMINOBJS" description="Grants Admin Permission Object page access in Commander"/>
                <role name="ROLE_ADMINPERMS" description="Grants Admin Permission page access in Commander"/>
                <role name="ROLE_AUDIT_AUTHZS" description="Grants Audit Authorization page access in Commander"/>
                <role name="ROLE_AUDIT_MODS" description="Grants Audit Modification page access in Commander"/>
                <role name="ROLE_AUDIT_BINDS" description="Grants Audit Bind page access in Commander"/>
                <role name="ROLE_AUDITOR" description="Grants acces to all Audit pages"/>
                <role name="ROLE_GROUPS" description="Grants Group page access in Commander"/>
                <role name="CommanderSuperUser" description="Role to access Commander pages and funtions"/>
                <role name="CommanderGroupAdmin" description="Access User, Group, Audit and PW Policy Pages"/>                
            </addrole>

            <addroleinheritance>
                <relationship child="CommanderSuperUser" parent="ROLE_USERS"/>
                <relationship child="CommanderSuperUser" parent="ROLE_ROLES"/>
                <relationship child="CommanderSuperUser" parent="ROLE_PERMS"/>
                <relationship child="CommanderSuperUser" parent="ROLE_SSDS"/>
                <relationship child="CommanderSuperUser" parent="ROLE_DSDS"/>
                <relationship child="CommanderSuperUser" parent="ROLE_POLICIES"/>
                <relationship child="CommanderSuperUser" parent="ROLE_PERMOBJS"/>
                <relationship child="CommanderSuperUser" parent="ROLE_USEROUS"/>
                <relationship child="CommanderSuperUser" parent="ROLE_PERMOUS"/>
                <relationship child="CommanderSuperUser" parent="ROLE_ADMINROLES"/>
                <relationship child="CommanderSuperUser" parent="ROLE_ADMINOBJS"/>
                <relationship child="CommanderSuperUser" parent="ROLE_ADMINPERMS"/>
                <relationship child="CommanderSuperUser" parent="ROLE_AUDIT_AUTHZS"/>
                <relationship child="CommanderSuperUser" parent="ROLE_AUDIT_BINDS"/>
                <relationship child="CommanderSuperUser" parent="ROLE_AUDIT_MODS"/>
                <relationship child="CommanderSuperUser" parent="ROLE_GROUPS"/>
                <relationship child="CommanderGroupAdmin" parent="ROLE_GROUPS"/>                
                <relationship child="CommanderGroupAdmin" parent="ROLE_POLICIES"/>
                <relationship child="CommanderGroupAdmin" parent="ROLE_USERS"/>
                <relationship child="CommanderGroupAdmin" parent="ROLE_AUDIT_AUTHZS"/>
                <relationship child="CommanderGroupAdmin" parent="ROLE_AUDIT_BINDS"/>
                <relationship child="CommanderGroupAdmin" parent="ROLE_AUDIT_MODS"/>                
                <relationship child="ROLE_AUDITOR" parent="ROLE_AUDIT_BINDS"/>
                <relationship child="ROLE_AUDITOR" parent="ROLE_AUDIT_AUTHZS"/>
                <relationship child="ROLE_AUDITOR" parent="ROLE_AUDIT_MODS"/>
            </addroleinheritance>

         </FortressAdmin>
    </target>
</project>