blob: 35baf019a513bfd9570dc683d628fd897ac32e1d [file] [log] [blame]
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
#
########################################################################
# 0. About the fortress build.properties file
########################################################################
# The file contains Apache Directory Server specific configs.
# Use this property file to specify environment settings specific to your environment and fortress runtime components.
# These parameters are bound for the following locations by the Fortress during the init targets within the build.xml ant management utility:
# a. fortress.properties - Fortress' configuration file tells fortress runtime how to connect to remote resources
# b. refreshLDAPData.xml - Used by fortress to initialize and base load the LDAP DIT data structures. Fortress also stores runtime params inside 'ou=Config' container on remote server.
# The ant property subsystem is fed using three files:
# i. user.properties - optional, when found, located in user's home directory. Properties found here take precedence over those following.
# ii. slapd.properties - optional, when found, located in root folder of the package. These props override those found in the build.properties file.
# iii. build.properties - this file is required and must be located in the root folder of the package.
# More info on the fortress configuration subsystem in the README-CONFIG.
########################################################################
# 1. BEGIN BASIC CONFIGURATION SECTION
########################################################################
# Enable local.mode property if your machine does not have connection to Internet and runtime dependencies have already downloaded to FORTRESS_HOME/lib folder on this machine:
#local.mode=true
# Ths variable sets default tenant for current running ant process. It is used during ldap initialization operations.
tenant=HOME
########################################################################
# 2. BEGIN LDAP CLIENT CONFIGURATION SECTION: (Ignore if using HTTP):
########################################################################
# This is default, tells fortress what type of ldap server in use:
ldap.server.type=apacheds
# These parameters point fortress to LDAP host:
ldap.host=localhost
ldap.port=10389
# These are needed for client SSL connections with LDAP Server:
#enable.ldap.ssl=true
# The LDAP hostname must match the common name in the server certificate:
#ldap.host=fortressdemo2.com
# 10636 is default apacheds LDAPS port:
#ldap.port=10636
# If you need the ldap api to spit out more info on ssl connections:
#enable.ldap.ssl.debug=true
#trust.store.password=changeit
# Will pick up the truststore from the classpath if set to true which is the default.
#trust.store.onclasspath=true
#trust.store=mytruststore
# Otherwise, file must be specified a fully qualified filename:
#trust.store.onclasspath=false
#trust.store=/fully/qualified/path/to/mytruststore
# These are the connection parameters used for LDAP service account:
root.dn=uid=admin,ou=system
# This admin pass is bound for fortress.properties used by 'admin' pooled connections:
cfg.root.pw=secret
# This is the default:
ldap.client.type=apache
# A value of 'false' disables storing user membership on role object, default is 'true':
#role.occupants=false
# These are used to construct suffix for DIT, i.e. dc=example,dc=com.
suffix.name=example
suffix.dc=com
#suffix.name=coe
#suffix.dc=hawaii
#suffix.dc2=edu
# Do not change suffix param unless you know what you are doing:
suffix=dc=${suffix.name},dc=${suffix.dc}
#suffix=dc=${suffix.name},dc=${suffix.dc},dc=${suffix.dc2}
# These properties define the structure of Fortress DIT:
users.dn=ou=People,${suffix}
roles.dn=ou=Roles,ou=RBAC,${suffix}
policies.dn=ou=Policies,${suffix}
perms.dn=ou=Permissions,ou=RBAC,${suffix}
constraints.dn=ou=Constraints,ou=RBAC,${suffix}
userous.dn=ou=OS-U,ou=ARBAC,${suffix}
permous.dn=ou=OS-P,ou=ARBAC,${suffix}
adminroles.dn=ou=AdminRoles,ou=ARBAC,${suffix}
adminperms.dn=ou=AdminPerms,ou=ARBAC,${suffix}
groups.dn=ou=Groups,${suffix}
# This specifies the number of default LDAP connections to maintain in the pool:
admin.min.conn=1
admin.max.conn=10
# This speicifes the number of user LDAP connections (used for user authentication operations only) to maintain in the pool:
# User Pool:
user.min.conn=1
user.max.conn=10
# Used for slapd logger connection pool. Leave zeros when using apacheds:
min.log.conn=0
max.log.conn=0
########################################################################
# 3. GROUP OBJECT CLASS DEFINITIONS
########################################################################
# Use Fortress defined LDAP Group objectclass:
group.objectclass=configGroup
group.protocol=configProtocol
group.properties=configParameter
# Use Guacamole defined LDAP Group objectclass:
#group.objectclass=guacConfigGroup
#group.protocol=guacConfigProtocol
#group.properties=guacConfigParameter
########################################################################
# 4. BEGIN HTTP CLIENT CONFIGURATION SECTION (Ignore if using LDAPv3):
########################################################################
# The following optional HTTP parameters are needed when Fortress core client-side communicates though fortress-rest HTTP proxy (rather than LDAP) server:
# Thr nav URL to fortress-rest impl: uri = httpProtocol + "://" + httpHost + ":" + httpPort + "/" + "fortress-rest-" + version; + "/";:
# version is set as system property, i.e. -Dversion=2.0.1
# Setting the enable.mgr.impl.rest to 'true' sets Fortress instance to use HTTP services rather than LDAPv3 protocol. Default value is 'false':
# Use interface over REST/HTTP? Default is false (use LDAPv3)
#enable.mgr.impl.rest=true
# This user account is added automatically during deployment of fortress-rest via -Dload.file=./src/main/resources/FortressRestServerPolicy.xml:
#http.user=demouser4
#http.pw=password
#http.host=localhost
#http.port=8080
#http.protocol=http
# For TLs connections:
#http.port=8443
#http.protocol=https
########################################################################
# 5. RFC2307 OBJECT CLASS DEFINITIONS
########################################################################
# Boolean value. If true, requires rfc2307bis schema because posixUser and posixGroup must be auxiliary object classes to work with ftRls which is structural..
rfc2307=false