build.properties.example

#
#   Licensed to the Apache Software Foundation (ASF) under one
#   or more contributor license agreements.  See the NOTICE file
#   distributed with this work for additional information
#   regarding copyright ownership.  The ASF licenses this file
#   to you under the Apache License, Version 2.0 (the
#   "License"); you may not use this file except in compliance
#   with the License.  You may obtain a copy of the License at
#
#     https://www.apache.org/licenses/LICENSE-2.0
#
#   Unless required by applicable law or agreed to in writing,
#   software distributed under the License is distributed on an
#   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
#   KIND, either express or implied.  See the License for the
#   specific language governing permissions and limitations
#   under the License.
#
#
########################################################################
# 0. About the fortress build.properties file
########################################################################

# The file contains Apache Directory Server specific configs.
# Use this property file to specify environment settings specific to your environment and fortress runtime components.
# These parameters are bound for the following locations by the Fortress during the init targets within the build.xml ant management utility:
# a. fortress.properties - Fortress' configuration file tells fortress runtime how to connect to remote resources
# b. refreshLDAPData.xml - Used by fortress to initialize and base load the LDAP DIT data structures.  Fortress also stores runtime params inside 'ou=Config' container on remote server.

# The ant property subsystem is fed using three files:
# i.   user.properties  - optional, when found, located in user's home directory.  Properties found here take precedence over those following.
# ii.  slapd.properties - optional, when found, located in root folder of the package.  These props override those found in the build.properties file.
# iii. build.properties - this file is required and must be located in the root folder of the package.
# More info on the fortress configuration subsystem in the README-CONFIG.

########################################################################
# 1. BEGIN BASIC CONFIGURATION SECTION
########################################################################

# Enable local.mode property if your machine does not have connection to Internet and runtime dependencies have already downloaded to FORTRESS_HOME/lib folder on this machine:
#local.mode=true

# Ths variable sets default tenant for current running ant process.  It is used during ldap initialization operations.
tenant=HOME

########################################################################
# 2. BEGIN LDAP CLIENT CONFIGURATION SECTION: (Ignore if using HTTP):
########################################################################

# This is default, tells fortress what type of ldap server in use:
ldap.server.type=apacheds

# These parameters point fortress to LDAP host:
ldap.host=localhost
ldap.port=10389

# This sets the maximum search result set from LDAP, default is 1000:
ldap.max.batch.size=1000

# These are needed for client SSL connections with LDAP Server:
#enable.ldap.ssl=true
# The LDAP hostname must match the common name in the server certificate:
#ldap.host=fortressdemo2.com
# 10636 is default apacheds LDAPS port:
#ldap.port=10636
# If you need the ldap api to spit out more info on ssl connections:
#enable.ldap.ssl.debug=true
#trust.store.password=changeit
# Will pick up the truststore from the classpath if set to true  which is the default.
#trust.store.onclasspath=true
#trust.store=mytruststore
# Otherwise, file must be specified a fully qualified filename:
#trust.store.onclasspath=false
#trust.store=/fully/qualified/path/to/mytruststore

# These are the connection parameters used for LDAP service account:
root.dn=uid=admin,ou=system
# This admin pass is bound for fortress.properties used by 'admin' pooled connections:
cfg.root.pw=secret

# This is the default:
ldap.client.type=apache

# A value of 'false' disables storing user membership on role object, default is 'false':
#role.occupants=false

# These are used to construct suffix for DIT, i.e. dc=example,dc=com.
suffix.name=example
suffix.dc=com
#suffix.name=coe
#suffix.dc=hawaii
#suffix.dc2=edu
# Do not change suffix param unless you know what you are doing:
suffix=dc=${suffix.name},dc=${suffix.dc}
#suffix=dc=${suffix.name},dc=${suffix.dc},dc=${suffix.dc2}

#  These properties define the structure of Fortress DIT:
users.dn=ou=People,${suffix}
roles.dn=ou=Roles,ou=RBAC,${suffix}
policies.dn=ou=Policies,${suffix}
perms.dn=ou=Permissions,ou=RBAC,${suffix}
constraints.dn=ou=Constraints,ou=RBAC,${suffix}
userous.dn=ou=OS-U,ou=ARBAC,${suffix}
permous.dn=ou=OS-P,ou=ARBAC,${suffix}
adminroles.dn=ou=AdminRoles,ou=ARBAC,${suffix}
adminperms.dn=ou=AdminPerms,ou=ARBAC,${suffix}
groups.dn=ou=Groups,${suffix}

# This specifies the number of default LDAP connections to maintain in the pool:
admin.min.conn=1
admin.max.conn=10
# This speicifes the number of user LDAP connections (used for user authentication operations only) to maintain in the pool:
# User Pool:
user.min.conn=1
user.max.conn=10

# Applies to all pools, connection validated on retrieval with dummy ldapsearch. (default is false)
#all.validate.conn.borrow=false
# Applies to all pools, connection validated when idle with dummy ldapsearch. (default is false)
#all.validate.conn.idle=false
# Applies to all pools, when all connections are exhausted will block. (default is true)
#all.max.conn.block=true
# Applies to all pools, when all connections are exhausted will block for this many milliseconds. (default is 5000)
#all.max.conn.block.time=5000

########################################################################
# 3. GROUP OBJECT CLASS DEFINITIONS
########################################################################

# Use Fortress defined LDAP Group objectclass:
group.objectclass=configGroup
group.protocol=configProtocol
group.properties=configParameter

# Use Guacamole defined LDAP Group objectclass:
#group.objectclass=guacConfigGroup
#group.protocol=guacConfigProtocol
#group.properties=guacConfigParameter

########################################################################
# 4. BEGIN HTTP CLIENT CONFIGURATION SECTION (Ignore if using LDAPv3):
########################################################################

# The following optional HTTP parameters are needed when Fortress core client-side communicates though fortress-rest HTTP proxy (rather than LDAP) server:
# Thr nav URL to fortress-rest impl: uri = httpProtocol + "://" + httpHost + ":" + httpPort + "/" + "fortress-rest-" + version; + "/";:
# version is set as system property, i.e. -Dversion=3.0.0
# Setting the enable.mgr.impl.rest to 'true' sets Fortress instance to use HTTP services rather than LDAPv3 protocol. Default value is 'false':
# Use interface over REST/HTTP?  Default is false (use LDAPv3)
#enable.mgr.impl.rest=true

# This user account is added automatically during deployment of fortress-rest via -Dload.file=./src/main/resources/FortressRestServerPolicy.xml:
#http.user=demouser4
#http.pw=password
#http.host=localhost
#http.port=8080
#http.protocol=http
# For TLs connections:
#http.port=8443
#http.protocol=https

########################################################################
# 5. RFC2307 OBJECT CLASS DEFINITIONS
########################################################################
# Boolean value. If true, requires rfc2307bis schema because posixUser and posixGroup must be auxiliary object classes to work with ftRls which is structural..
rfc2307=false