| # |
| # Licensed to the Apache Software Foundation (ASF) under one |
| # or more contributor license agreements. See the NOTICE file |
| # distributed with this work for additional information |
| # regarding copyright ownership. The ASF licenses this file |
| # to you under the Apache License, Version 2.0 (the |
| # "License"); you may not use this file except in compliance |
| # with the License. You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, |
| # software distributed under the License is distributed on an |
| # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| # KIND, either express or implied. See the License for the |
| # specific language governing permissions and limitations |
| # under the License. |
| # |
| # |
| ######################################################################## |
| # 0. About the fortress build.properties file |
| ######################################################################## |
| |
| # Use this property file to specify environment settings specific to your environment and fortress runtime components. |
| # These parameters are bound for the following locations by the Fortress during the init targets within the build.xml ant management utility: |
| # a. fortress.properties - Fortress' configuration file tells fortress runtime how to connect to remote resources |
| # b. refreshLDAPData.xml - Used by fortress to initialize and base load the LDAP DIT data structures. Fortress also stores runtime params inside 'ou=Config' container on remote server. |
| |
| # The ant property subsystem is fed using three files: |
| # i. user.properties - optional, when found, located in user's home directory. Properties found here take precedence over those following. |
| # ii. slapd.properties - optional, when found, located in root folder of the package. These props override those found in the build.properties file. |
| # iii. build.properties - this file is required and must be located in the root folder of the package. |
| # More info on the fortress configuration subsystem in the README-CONFIG. |
| |
| ######################################################################## |
| # 1. BEGIN BASIC CONFIGURATION SECTION |
| ######################################################################## |
| |
| # Use this Fortress Core version: |
| version=1.0-RC41-SNAPSHOT |
| |
| # Enable local.mode property if your machine does not have connection to Internet and runtime dependencies have already downloaded to FORTRESS_HOME/lib folder on this machine: |
| #local.mode=true |
| |
| # Ths variable sets default tenant for current running ant process. It is used during ldap initialization operations. |
| tenant=HOME |
| |
| ######################################################################## |
| # 2. BEGIN LDAP CLIENT CONFIGURATION SECTION: (Ignore if using HTTP): |
| ######################################################################## |
| |
| # This is default, tells fortress what type of ldap server in use: |
| ldap.server.type=apacheds |
| #ldap.server.type=openldap |
| |
| # These parameters point fortress to LDAP host: |
| ldap.host=localhost |
| ldap.port=10389 |
| # These are needed for client SSL connections with LDAP Server: |
| #enable.ldap.ssl=true |
| #ldap.host=fortressdemo2.com |
| #ldap.port=10636 |
| #enable.ldap.ssl.debug=true |
| # The trust store is picked up off the classpath: |
| #trust.store=mytruststore |
| #trust.store.password=changeit |
| #trust.store.set.prop=true |
| |
| # These are the connection parameters used for LDAP service account: |
| root.dn=uid=admin,ou=system |
| # This admin pass is bound for fortress.properties used by 'admin' pooled connections: |
| cfg.root.pw=secret |
| |
| # This is the default: |
| ldap.client.type=apache |
| |
| # These are used to construct suffix for DIT, i.e. dc=example,dc=com. |
| suffix.name=example |
| suffix.dc=com |
| #suffix.name=coe |
| #suffix.dc=hawaii |
| #suffix.dc2=edu |
| # Do not change suffix param unless you know what you are doing: |
| suffix=dc=${suffix.name},dc=${suffix.dc} |
| #suffix=dc=${suffix.name},dc=${suffix.dc},dc=${suffix.dc2} |
| |
| # These properties define the structure of Fortress DIT: |
| users.dn=ou=People,${suffix} |
| roles.dn=ou=Roles,ou=RBAC,${suffix} |
| policies.dn=ou=Policies,${suffix} |
| perms.dn=ou=Permissions,ou=RBAC,${suffix} |
| constraints.dn=ou=Constraints,ou=RBAC,${suffix} |
| userous.dn=ou=OS-U,ou=ARBAC,${suffix} |
| permous.dn=ou=OS-P,ou=ARBAC,${suffix} |
| adminroles.dn=ou=AdminRoles,ou=ARBAC,${suffix} |
| adminperms.dn=ou=AdminPerms,ou=ARBAC,${suffix} |
| audits.dn=cn=log |
| groups.dn=ou=Groups,${suffix} |
| |
| # This specifies the number of default LDAP connections to maintain in the pool: |
| admin.min.conn=1 |
| admin.max.conn=10 |
| # This speicifes the number of user LDAP connections (used for user authentication operations only) to maintain in the pool: |
| # User Pool: |
| user.min.conn=1 |
| user.max.conn=10 |
| |
| # Only disable audit IF ldap.server.type=openldap AND the slapo access log overlay is NOT enabled. This will save roundtrip w/ server for ldapcompare: |
| #disable.audit=true |
| |
| # Used for searching openldap slapo access log: |
| log.admin.user=cn=Manager,cn=log |
| log.admin.pw=secret |
| |
| # Used for slapd logger connection pool. Leave zeros when using apacheds: |
| min.log.conn=1 |
| max.log.conn=3 |
| |
| ######################################################################## |
| # 3. GROUP OBJECT CLASS DEFINITIONS |
| ######################################################################## |
| |
| # Use Fortress defined LDAP Group objectclass: |
| group.objectclass=configGroup |
| group.protocol=configProtocol |
| group.properties=configParameter |
| |
| # Use Guacamole defined LDAP Group objectclass: |
| #group.objectclass=guacConfigGroup |
| #group.protocol=guacConfigProtocol |
| #group.properties=guacConfigParameter |
| |
| ######################################################################## |
| # 4. BEGIN HTTP CLIENT CONFIGURATION SECTION (Ignore if using LDAPv3): |
| ######################################################################## |
| |
| # The following optional HTTP parameters are needed when Fortress core client-side communicates though fortress-rest HTTP proxy (rather than LDAP) server: |
| # Setting the enable.mgr.impl.rest to 'true' sets Fortress instance to use HTTP services rather than LDAPv3 protocol. Default value is 'false': |
| # Using REST/HTTP allows Fortress communications to pass through firewalls and other non-LDAP network intermediaries. |
| enable.mgr.impl.rest=false |
| #enable.mgr.impl.rest=true |
| |
| # This user account is added automatically during deployment of fortress-rest via -Dload.file=./src/main/resources/FortressRestServerPolicy.xml: |
| http.user=demouser4 |
| http.pw=password |
| http.host=localhost |
| http.port=8080 |
| http.protocol=http |
| # For TLs connections: |
| #http.port=8443 |
| #http.protocol=https |
| |