build.properties.example - directory-fortress-core - Git at Google

 #
 #   Licensed to the Apache Software Foundation (ASF) under one
 #   or more contributor license agreements.  See the NOTICE file
 #   distributed with this work for additional information
 #   regarding copyright ownership.  The ASF licenses this file
 #   to you under the Apache License, Version 2.0 (the
 #   "License"); you may not use this file except in compliance
 #   with the License.  You may obtain a copy of the License at
 #
 #     http://www.apache.org/licenses/LICENSE-2.0
 #
 #   Unless required by applicable law or agreed to in writing,
 #   software distributed under the License is distributed on an
 #   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 #   KIND, either express or implied.  See the License for the
 #   specific language governing permissions and limitations
 #   under the License.
 #
 #
 ########################################################################
 # 0. About the fortress build.properties file
 ########################################################################

 # Use this property file to specify environment settings specific to your environment and fortress runtime components.
 # These parameters are bound for the following locations by the Fortress during the init targets within the build.xml ant management utility:
 # a. fortress.properties - Fortress' configuration file tells fortress runtime how to connect to remote resources
 # b. refreshLDAPData.xml - Used by fortress to initialize and base load the LDAP DIT data structures.  Fortress also stores runtime params inside 'ou=Config' container on remote server.

 # The ant property subsystem is fed using three files:
 # i.   user.properties  - optional, when found, located in user's home directory.  Properties found here take precedence over those following.
 # ii.  slapd.properties - optional, when found, located in root folder of the package.  These props override those found in the build.properties file.
 # iii. build.properties - this file is required and must be located in the root folder of the package.
 # More info on the fortress configuration subsystem in the README-CONFIG.

 ########################################################################
 # 1. BEGIN BASIC CONFIGURATION SECTION
 ########################################################################

 # Use this Fortress Core version:
 version=1.0-RC41-SNAPSHOT

 # Enable local.mode property if your machine does not have connection to Internet and runtime dependencies have already downloaded to FORTRESS_HOME/lib folder on this machine:
 #local.mode=true

 # Ths variable sets default tenant for current running ant process.  It is used during ldap initialization operations.
 tenant=HOME

 ########################################################################
 # 2. BEGIN LDAP CLIENT CONFIGURATION SECTION: (Ignore if using HTTP):
 ########################################################################

 # This is default, tells fortress what type of ldap server in use:
 ldap.server.type=apacheds
 #ldap.server.type=openldap

 # These parameters point fortress to LDAP host:
 ldap.host=localhost
 ldap.port=10389
 # These are needed for client SSL connections with LDAP Server:
 #enable.ldap.ssl=true
 #ldap.host=fortressdemo2.com
 #ldap.port=10636
 #enable.ldap.ssl.debug=true
 # The trust store is picked up off the classpath:
 #trust.store=mytruststore
 #trust.store.password=changeit
 #trust.store.set.prop=true

 # These are the connection parameters used for LDAP service account:
 root.dn=uid=admin,ou=system
 # This admin pass is bound for fortress.properties used by 'admin' pooled connections:
 cfg.root.pw=secret

 # This is the default:
 ldap.client.type=apache

 # These are used to construct suffix for DIT, i.e. dc=example,dc=com.
 suffix.name=example
 suffix.dc=com
 #suffix.name=coe
 #suffix.dc=hawaii
 #suffix.dc2=edu
 # Do not change suffix param unless you know what you are doing:
 suffix=dc=${suffix.name},dc=${suffix.dc}
 #suffix=dc=${suffix.name},dc=${suffix.dc},dc=${suffix.dc2}

 #  These properties define the structure of Fortress DIT:
 users.dn=ou=People,${suffix}
 roles.dn=ou=Roles,ou=RBAC,${suffix}
 policies.dn=ou=Policies,${suffix}
 perms.dn=ou=Permissions,ou=RBAC,${suffix}
 constraints.dn=ou=Constraints,ou=RBAC,${suffix}
 userous.dn=ou=OS-U,ou=ARBAC,${suffix}
 permous.dn=ou=OS-P,ou=ARBAC,${suffix}
 adminroles.dn=ou=AdminRoles,ou=ARBAC,${suffix}
 adminperms.dn=ou=AdminPerms,ou=ARBAC,${suffix}
 audits.dn=cn=log
 groups.dn=ou=Groups,${suffix}

 # This specifies the number of default LDAP connections to maintain in the pool:
 admin.min.conn=1
 admin.max.conn=10
 # This speicifes the number of user LDAP connections (used for user authentication operations only) to maintain in the pool:
 # User Pool:
 user.min.conn=1
 user.max.conn=10

 # Only disable audit IF ldap.server.type=openldap AND the slapo access log overlay is NOT enabled.  This will save roundtrip w/ server for ldapcompare:
 #disable.audit=true

 # Used for searching openldap slapo access log:
 log.admin.user=cn=Manager,cn=log
 log.admin.pw=secret

 # Used for slapd logger connection pool.  Leave zeros when using apacheds:
 min.log.conn=1
 max.log.conn=3

 ########################################################################
 # 3. GROUP OBJECT CLASS DEFINITIONS
 ########################################################################

 # Use Fortress defined LDAP Group objectclass:
 group.objectclass=configGroup
 group.protocol=configProtocol
 group.properties=configParameter

 # Use Guacamole defined LDAP Group objectclass:
 #group.objectclass=guacConfigGroup
 #group.protocol=guacConfigProtocol
 #group.properties=guacConfigParameter

 ########################################################################
 # 4. BEGIN HTTP CLIENT CONFIGURATION SECTION (Ignore if using LDAPv3):
 ########################################################################

 # The following optional HTTP parameters are needed when Fortress client communicates though EnMasse HTTP proxy (rather than LDAP) server:
 # Setting the enable.mgr.impl.rest to 'true' sets Fortress instance to use HTTP services rather than LDAPv3 protocol. Default value is 'false':
 # Using REST/HTTP allows Fortress communications to pass through firewalls and other non-LDAP network intermediaries.
 enable.mgr.impl.rest=false
 #enable.mgr.impl.rest=true

 # This user account is added automatically during init-slapd or init-apacheds target via 'FortressDemoUsers.xml' policy file:
 http.user=demouser4
 http.pw=password
 http.host=localhost
 http.port=8080
 http.protocol=http
 # For TLs connections:
 #http.port=8443
 #http.protocol=https
	#
	# Licensed to the Apache Software Foundation (ASF) under one
	# or more contributor license agreements. See the NOTICE file
	# distributed with this work for additional information
	# regarding copyright ownership. The ASF licenses this file
	# to you under the Apache License, Version 2.0 (the
	# "License"); you may not use this file except in compliance
	# with the License. You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing,
	# software distributed under the License is distributed on an
	# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	# KIND, either express or implied. See the License for the
	# specific language governing permissions and limitations
	# under the License.
	#
	#
	########################################################################
	# 0. About the fortress build.properties file
	########################################################################

	# Use this property file to specify environment settings specific to your environment and fortress runtime components.
	# These parameters are bound for the following locations by the Fortress during the init targets within the build.xml ant management utility:
	# a. fortress.properties - Fortress' configuration file tells fortress runtime how to connect to remote resources
	# b. refreshLDAPData.xml - Used by fortress to initialize and base load the LDAP DIT data structures. Fortress also stores runtime params inside 'ou=Config' container on remote server.

	# The ant property subsystem is fed using three files:
	# i. user.properties - optional, when found, located in user's home directory. Properties found here take precedence over those following.
	# ii. slapd.properties - optional, when found, located in root folder of the package. These props override those found in the build.properties file.
	# iii. build.properties - this file is required and must be located in the root folder of the package.
	# More info on the fortress configuration subsystem in the README-CONFIG.

	########################################################################
	# 1. BEGIN BASIC CONFIGURATION SECTION
	########################################################################

	# Use this Fortress Core version:
	version=1.0-RC41-SNAPSHOT

	# Enable local.mode property if your machine does not have connection to Internet and runtime dependencies have already downloaded to FORTRESS_HOME/lib folder on this machine:
	#local.mode=true

	# Ths variable sets default tenant for current running ant process. It is used during ldap initialization operations.
	tenant=HOME

	########################################################################
	# 2. BEGIN LDAP CLIENT CONFIGURATION SECTION: (Ignore if using HTTP):
	########################################################################

	# This is default, tells fortress what type of ldap server in use:
	ldap.server.type=apacheds
	#ldap.server.type=openldap

	# These parameters point fortress to LDAP host:
	ldap.host=localhost
	ldap.port=10389
	# These are needed for client SSL connections with LDAP Server:
	#enable.ldap.ssl=true
	#ldap.host=fortressdemo2.com
	#ldap.port=10636
	#enable.ldap.ssl.debug=true
	# The trust store is picked up off the classpath:
	#trust.store=mytruststore
	#trust.store.password=changeit
	#trust.store.set.prop=true

	# These are the connection parameters used for LDAP service account:
	root.dn=uid=admin,ou=system
	# This admin pass is bound for fortress.properties used by 'admin' pooled connections:
	cfg.root.pw=secret

	# This is the default:
	ldap.client.type=apache

	# These are used to construct suffix for DIT, i.e. dc=example,dc=com.
	suffix.name=example
	suffix.dc=com
	#suffix.name=coe
	#suffix.dc=hawaii
	#suffix.dc2=edu
	# Do not change suffix param unless you know what you are doing:
	suffix=dc=${suffix.name},dc=${suffix.dc}
	#suffix=dc=${suffix.name},dc=${suffix.dc},dc=${suffix.dc2}

	# These properties define the structure of Fortress DIT:
	users.dn=ou=People,${suffix}
	roles.dn=ou=Roles,ou=RBAC,${suffix}
	policies.dn=ou=Policies,${suffix}
	perms.dn=ou=Permissions,ou=RBAC,${suffix}
	constraints.dn=ou=Constraints,ou=RBAC,${suffix}
	userous.dn=ou=OS-U,ou=ARBAC,${suffix}
	permous.dn=ou=OS-P,ou=ARBAC,${suffix}
	adminroles.dn=ou=AdminRoles,ou=ARBAC,${suffix}
	adminperms.dn=ou=AdminPerms,ou=ARBAC,${suffix}
	audits.dn=cn=log
	groups.dn=ou=Groups,${suffix}

	# This specifies the number of default LDAP connections to maintain in the pool:
	admin.min.conn=1
	admin.max.conn=10
	# This speicifes the number of user LDAP connections (used for user authentication operations only) to maintain in the pool:
	# User Pool:
	user.min.conn=1
	user.max.conn=10

	# Only disable audit IF ldap.server.type=openldap AND the slapo access log overlay is NOT enabled. This will save roundtrip w/ server for ldapcompare:
	#disable.audit=true

	# Used for searching openldap slapo access log:
	log.admin.user=cn=Manager,cn=log
	log.admin.pw=secret

	# Used for slapd logger connection pool. Leave zeros when using apacheds:
	min.log.conn=1
	max.log.conn=3

	########################################################################
	# 3. GROUP OBJECT CLASS DEFINITIONS
	########################################################################

	# Use Fortress defined LDAP Group objectclass:
	group.objectclass=configGroup
	group.protocol=configProtocol
	group.properties=configParameter

	# Use Guacamole defined LDAP Group objectclass:
	#group.objectclass=guacConfigGroup
	#group.protocol=guacConfigProtocol
	#group.properties=guacConfigParameter

	########################################################################
	# 4. BEGIN HTTP CLIENT CONFIGURATION SECTION (Ignore if using LDAPv3):
	########################################################################

	# The following optional HTTP parameters are needed when Fortress client communicates though EnMasse HTTP proxy (rather than LDAP) server:
	# Setting the enable.mgr.impl.rest to 'true' sets Fortress instance to use HTTP services rather than LDAPv3 protocol. Default value is 'false':
	# Using REST/HTTP allows Fortress communications to pass through firewalls and other non-LDAP network intermediaries.
	enable.mgr.impl.rest=false
	#enable.mgr.impl.rest=true

	# This user account is added automatically during init-slapd or init-apacheds target via 'FortressDemoUsers.xml' policy file:
	http.user=demouser4
	http.pw=password
	http.host=localhost
	http.port=8080
	http.protocol=http
	# For TLs connections:
	#http.port=8443
	#http.protocol=https