| # |
| # Licensed to the Apache Software Foundation (ASF) under one |
| # or more contributor license agreements. See the NOTICE file |
| # distributed with this work for additional information |
| # regarding copyright ownership. The ASF licenses this file |
| # to you under the Apache License, Version 2.0 (the |
| # "License"); you may not use this file except in compliance |
| # with the License. You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, |
| # software distributed under the License is distributed on an |
| # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| # KIND, either express or implied. See the License for the |
| # specific language governing permissions and limitations |
| # under the License. |
| # |
| # |
| ######################################################################## |
| # 0. About the fortress build.properties file |
| ######################################################################## |
| |
| # Use this property file to specify environment settings specific to your environment and fortress runtime components. |
| # These parameters will be loaded into the following locations by the Fortress during the init targets within the build.xml ant management utility: |
| # a. fortress.properties - Fortress' configuration file tells fortress runtime how to connect to remote resources |
| # b. refreshLDAPData.xml - Used by fortress to initialize and base load the LDAP DIT data structures. Fortress also stores runtime params inside 'ou=Config' container on remote server. |
| # c. slapd.conf - This will be used to configure the runtime OpenLDAP server (slapd) if applicable. |
| |
| ######################################################################## |
| # 1. BEGIN BASIC CONFIGURATION SECTION |
| ######################################################################## |
| |
| # Use this Fortress Core version: |
| version=1.0-RC40-SNAPSHOT |
| |
| # Enable local.mode property if your machine does not have connection to Internet and runtime dependencies have already downloaded to FORTRESS_HOME/lib folder on this machine: |
| #local.mode=true |
| |
| # Set sudo.pw is used by 'init-slapd', 'start-slapd' and 'stop-slapd' tagets on Linux machine when sudo access required, otherwise leave this value blank |
| # The sudo.pw variable must be uncommented and left empty iff installing Symas-OpenLDAP package onto Redhat Linux platform: |
| #sudo.pw= |
| |
| ######################################################################## |
| # 2. BEGIN HTTP CLIENT CONFIGURATION SECTION (Ignore if using LDAPv3): |
| ######################################################################## |
| |
| # The following optional HTTP parameters are needed when Fortress client communicates though EnMasse HTTP proxy (rather than LDAP) server: |
| # Setting the enable.mgr.impl.rest to 'true' sets Fortress instance to use HTTP services rather than LDAPv3 protocol. Default value is 'false': |
| # Using REST/HTTP allows Fortress communications to pass through firewalls and other non-LDAP network intermediaries. |
| enable.mgr.impl.rest=false |
| #enable.mgr.impl.rest=true |
| |
| # This user account is added automatically during init-slapd or init-apacheds target via 'FortressDemoUsers.xml' policy file: |
| http.user=demouser4 |
| http.pw=password |
| http.host=localhost |
| http.port=8080 |
| http.protocol=http |
| |
| ######################################################################## |
| # 3. BEGIN LDAP CLIENT CONFIGURATION SECTION: (Ignore if using HTTP): |
| ######################################################################## |
| |
| # This param tells fortress what type of ldap server in use: |
| #ldap.server.type=openldap |
| ldap.server.type=apacheds |
| # This is the default: |
| ldap.client.type=apache |
| |
| # These parameters point fortress to LDAP host: |
| ldap.host=localhost |
| ldap.port=10389 |
| enable.ldap.ssl=false |
| #ldap.uris=ldap://${ldap.host}:${ldap.port} |
| |
| # These are needed for client SSL connections with LDAP Server: |
| #enable.ldap.ssl=true |
| #ldap.host=fortressdemo2.com |
| #ldap.port=10636 |
| #enable.ldap.ssl.debug=true |
| #trust.store=/home/smckinn/GIT/fortressDev/directory-fortress-core/src/test/resources/certs/mytruststore |
| #trust.store.password=changeit |
| #trust.store.set.prop=true |
| |
| # These are needed for slapd startup SSL configuration: |
| #ldap.uris=ldap://${ldap.host}:389 ldaps://${ldap.host}:${ldap.port} |
| |
| # These are needed for slapd server-side SSL configuration: |
| #tls.ca.cert.file=ca-cert.pem |
| #tls.cert.file=server-cert.pem |
| #tls.key.file=server-key.pem |
| |
| # These are used to construct suffix for DIT, i.e. dc=example,dc=com. |
| suffix.name=example |
| suffix.dc=com |
| #suffix.name=coe |
| #suffix.dc=hawaii |
| #suffix.dc2=edu |
| # Do not change suffix param unless you know what you are doing: |
| suffix=dc=${suffix.name},dc=${suffix.dc} |
| #suffix=dc=${suffix.name},dc=${suffix.dc},dc=${suffix.dc2} |
| |
| # These properties define the structure of Fortress DIT: |
| users.dn=ou=People,${suffix} |
| roles.dn=ou=Roles,ou=RBAC,${suffix} |
| policies.dn=ou=Policies,${suffix} |
| perms.dn=ou=Permissions,ou=RBAC,${suffix} |
| constraints.dn=ou=Constraints,ou=RBAC,${suffix} |
| userous.dn=ou=OS-U,ou=ARBAC,${suffix} |
| permous.dn=ou=OS-P,ou=ARBAC,${suffix} |
| adminroles.dn=ou=AdminRoles,ou=ARBAC,${suffix} |
| adminperms.dn=ou=AdminPerms,ou=ARBAC,${suffix} |
| audits.dn=cn=log |
| groups.dn=ou=Groups,${suffix} |
| |
| # These are the connection parameters used for LDAP service account: |
| #root.dn=cn=Manager,${suffix} |
| root.dn=uid=admin,ou=system |
| # Used to load OpenLDAP admin root password in slapd.conf and was encrypted using 'slappasswd' command: |
| root.pw={SSHA}pSOV2TpCxj2NMACijkcMko4fGrFopctU |
| # This OpenLDAP admin root pass is bound for fortress.properties used by 'admin' pooled connections: |
| cfg.root.pw=secret |
| |
| # This specifies the number of default LDAP connections to maintain in the pool: |
| admin.min.conn=1 |
| admin.max.conn=10 |
| # This speicifes the number of user LDAP connections (used for user authentication operations only) to maintain in the pool: |
| # User Pool: |
| user.min.conn=1 |
| user.max.conn=10 |
| |
| # Used for searching slapd logger. Comment out for ApacheDS or other directory servers: |
| log.admin.user=cn=Manager,cn=log |
| log.admin.pw=secret |
| |
| # Used for slapd logger connection pool. Leave zeros when using apacheds: |
| min.log.conn=1 |
| max.log.conn=3 |
| |
| ######################################################################## |
| # 9. GROUP OBJECT CLASS DEFINITIONS |
| ######################################################################## |
| |
| # Use Fortress defined LDAP Group objectclass: |
| group.objectclass=configGroup |
| group.protocol=configProtocol |
| group.properties=configParameter |
| |
| # Use Guacamole defined LDAP Group objectclass: |
| #group.objectclass=guacConfigGroup |
| #group.protocol=guacConfigProtocol |
| #group.properties=guacConfigParameter |