[11/24] airavata git commit: implementing airavata sharing manager

[sc...@apache.org]

http://git-wip-us.apache.org/repos/asf/airavata/blob/82e57526/modules/group-manager/src/main/resources/grouper.client.properties
----------------------------------------------------------------------
diff --git a/modules/group-manager/src/main/resources/grouper.client.properties b/modules/group-manager/src/main/resources/grouper.client.properties
deleted file mode 100755
index cf78604..0000000
--- a/modules/group-manager/src/main/resources/grouper.client.properties
+++ /dev/null
@@ -1,552 +0,0 @@
-#
-# Copyright 2014 Internet2
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#   http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-#
-# Grouper client configuration
-# $Id: grouper.client.base.properties,v 1.24 2009-12-30 04:23:02 mchyzer Exp $
-#
-
-# The grouper client uses Grouper Configuration Overlays (documented on wiki)
-# By default the configuration is read from grouper.client.base.properties
-# (which should not be edited), and the grouper.client.properties overlays
-# the base settings.  See the grouper.client.base.properties for the possible
-# settings that can be applied to the grouper.client.properties
-
-########################################
-## LDAP connection settings
-########################################
-
-# url of directory, including the base DN (distinguished name)
-# e.g. ldap://server.school.edu/dc=school,dc=edu
-# e.g. ldaps://server.school.edu/dc=school,dc=edu
-grouperClient.ldap.url = 
-
-# kerberos principal used to connect to ldap
-grouperClient.ldap.login = 
-
-# password for shared secret authentication to ldap
-# or you can put a filename with an encrypted password
-grouperClient.ldap.password = 
-
-########################################
-## Web service Connection settings
-########################################
-
-# url of web service, should include everything up to the first resource to access
-# e.g. http://groups.school.edu:8090/grouper-ws/servicesRest
-# e.g. https://groups.school.edu/grouper-ws/servicesRest
-grouperClient.webService.url = 
-
-# kerberos principal used to connect to web service
-grouperClient.webService.login = 
-
-# password for shared secret authentication to web service
-# or you can put a filename with an encrypted password
-grouperClient.webService.password = 
-
-########################################
-## Config chaining hierarchy
-########################################
-
-# comma separated config files that override each other (files on the right override the left)
-# each should start with file: or classpath:
-# e.g. classpath:grouper.client.example.properties, file:c:/something/myconfig.properties
-grouperClient.config.hierarchy = classpath:grouper.client.base.properties, classpath:grouper.client.properties
-
-# seconds between checking to see if the config files are updated
-grouperClient.config.secondsBetweenUpdateChecks = 60
-
-########################################
-## Misc settings
-########################################
-
-# path of a writable directory where files can be created or stored
-# for example, cache of discovery configuration, or failover state
-# dot is the current directory...  note, this directory must exist
-# or it will be created (attempted)
-# if this is blank, none of these features will be used, and 
-# no files will be saved
-grouperClient.cacheDirectory = .
-
-########################################
-## Encrypted password settings
-########################################
-
-# Put a random alphanumeric string (Case sensitive) for the password encryption.  e.g. fh43IRJ4Nf5
-# or put a filename where the random alphanumeric string is.  
-# e.g. c:/whatever/key.txt
-# e.g. sdfklj24lkj34lk34
-encrypt.key = 
-
-# set this to true if you have slashes in your passwords and dont want to look in external files or unencrypt
-encrypt.disableExternalFileLookup = false 
-
-# pre grouper 2.0, the client encrypted passwords differently than the server.  Now that the client is part of the server,
-# there are more reasons to be consistent.  Change to false for pre-2.0 password encryption behavior
-encrypt.encryptLikeServer = true
-
-########################################
-## Logging
-########################################
-
-# For java.util.logging, only for the grouperClient package (not below)
-# from java java.util.logging.Level class: ALL, CONFIG, FINE, FINER, FINEST, OFF, SEVERE, WARNING 
-grouperClient.logging.grouperClientOnly.logLevel = WARNING
-
-# If you are not using log4j (will use java.util.logging, you can turn logging on which will go to stderr 
-# (if no file specified below).  This is default log level
-# from java java.util.logging.Level class: ALL, CONFIG, FINE, FINER, FINEST, OFF, SEVERE, WARNING 
-grouperClient.logging.logLevel = WARNING
-
-# If you dont want the logging to go to stderr, then put a log file location here: e.g. f:/temp/grouperClient.log
-grouperClient.logging.logFile = 
-
-# if you want ws requests and responses being logged to files, put the directory here.  
-# The grouper client will create subdirs
-grouperClient.logging.webService.documentDir = 
-
-# try to indent the xml.  If this fails for some reason, or you want the raw xml, 
-# set to false
-grouperClient.logging.webService.indent = true
-
-# if the masked password should be logged (if false, dont log anything about password)
-# the masked password will show how many chars the password is (helpful for diagnosing 
-# password encryption issues)
-grouperClient.logging.logMaskedPassword = false
-
-########################################
-## Service discovery settings
-########################################
-
-# number of minutes to remember that a connection had errors
-grouperClient.minutesToKeepErrors = 2
-
-# if you are using a discovery service, but a discovery properties
-# at a URL (preferably SSL with valid certificate)
-# you should have multiple discovery URLs hosted at independent locations
-# to add more, increment the integer
-grouperClient.urlOfDiscovery.0 = 
-grouperClient.urlOfDiscovery.1 = 
-
-# if your app has a slow startup time, and the initial connections are timing out
-# esp if you arent just using the command line client (e.g. if using it as a jar), 
-# then add more time here
-grouperClient.secondsForClassesToLoad = 20
-
-# this will save the failover state to a file so if the JVM is stopped, it 
-# will be there when it starts again.  
-# Set to 0 to store on every use (recommended if used command line)
-# or set to -1 to not store or read ever
-# grouperClient.cacheDirectory must be set
-grouperClient.saveFailoverStateEverySeconds = 60
-
-# if the failover client should use threads.  If it doesnt then you cant detect timeouts
-grouperClient.failoverClientUseThreads = true
-
-# this will cache the discovery properties in memory or on disk
-# if you want to cache the discovery properties locally, put a directory here:
-# this is recommended especially if you are using the grouper client as a command
-# line application and the process is constantly restarting
-# note, this will be used for a failsafe cache if all discovery servers are unavailable
-# grouperClient.cacheDirectory must be set
-# set to 0 or -1 to not cache
-grouperClient.cacheDiscoveryPropertiesForSeconds = 120
-
-# this is the path in the discovery server there the grouper.client.discovery.properties is
-grouperClient.discoveryGrouperClientPropertiesDirectory = 
-
-####
-## Below here are default values and override values for the discovery 
-## properties at your institution.  Note: if the override keys are there
-## with no value then it will blank out the discovery service value
-####
-
-# default urls of directory, including the base DN (distinguished name)
-# add more properties and increment the integer (.1, .2, etc)
-# e.g. ldap://server.school.edu/dc=school,dc=edu
-# e.g. ldaps://server.school.edu/dc=school,dc=edu
-grouperClient.discoveryDefault.ldap.0.url = 
-#grouperClient.discoveryOverride.ldap.0.url = 
-
-# default active/active or active/standby
-# active/active will pick a server randomly,
-# and will stick with it for as long as the affinity is set
-# active/standby will always use the first connection 
-# if no errors, then try the second one etc.
-# if a connection has more errors and has a higher priority,
-# then it will not be tried again until the 
-# takeConnectionOutOfPoolOnErrorForSeconds timeout
-# passes
-grouperClient.discoveryDefault.ldap.loadBalancing = active/active
-#grouperClient.discoveryOverride.ldap.loadBalancing = active/active
-
-# if we are active/active, then the same connection will
-# be used for a certain number of seconds.  If this is -1, then 
-# always keep the same server (unless errors)
-grouperClient.discoveryDefault.ldap.affinitySeconds = 28800
-#grouperClient.discoveryOverride.ldap.affinitySeconds = 28800
-
-# if a connection has more errors than another, it will not be
-# used until this error timeout passes (unless the other is throwing errors
-# too)
-grouperClient.discoveryDefault.ldap.lowerConnectionPriorityOnErrorForMinutes = 3
-#grouperClient.discoveryOverride.ldap.lowerConnectionPriorityOnErrorForMinutes = 3
-
-# when a connection is attempted, this is the timeout that it will use before trying
-# another connection
-grouperClient.discoveryDefault.ldap.timeoutSeconds = 30
-#grouperClient.discoveryOverride.ldap.timeoutSeconds = 30
-
-# after all connections have been attempted, it will wait for this long
-# to see if any finish
-grouperClient.discoveryDefault.ldap.extraTimeoutSeconds = 15
-#grouperClient.discoveryOverride.ldap.extraTimeoutSeconds = 15
-
-# urls of web service, should include everything up to the first resource to access
-# this is for read or write operations
-# add more properties and increment the integer (.1, .2, etc)
-# e.g. http://groups.school.edu:8090/grouper-ws/servicesRest
-# e.g. https://groups.school.edu/grouper-ws/servicesRest
-grouperClient.discoveryDefault.webService.readWrite.0.url = 
-#grouperClient.discoveryOverride.webService.readWrite.0.url = 
-
-# url of web service, should include everything up to the first resource to access
-# this is for only read operations
-# add more properties and increment the integer (.1, .2, etc)
-# e.g. http://groups.school.edu:8090/grouper-ws/servicesRest
-# e.g. https://groups.school.edu/grouper-ws/servicesRest
-grouperClient.discoveryDefault.webService.readOnly.0.url = 
-#grouperClient.discoveryOverride.webService.readOnly.0.url = 
-
-# active/active or active/standby
-# active/active will pick a server randomly,
-# and will stick with it for as long as the affinity is set
-# active/standby will always use the first connection 
-# if no errors, then try the second one etc.
-# if a connection has more errors and has a higher priority,
-# then it will not be tried again until the 
-# takeConnectionOutOfPoolOnErrorForSeconds timeout
-# passes
-grouperClient.discoveryDefault.webService.loadBalancing = active/active
-#grouperClient.discoveryOverride.webService.loadBalancing = active/active
-
-# if you want to always try read/write before readOnly (i.e. if you are
-# worried about if you make a write and read right after each other)
-grouperClient.discoveryDefault.webService.preferReadWrite = true
-#grouperClient.discoveryOverride.webService.preferReadWrite = true
-
-# if we are active/active, then the same connection will
-# be used for a certain number of seconds.  If this is -1, then 
-# always keep the same server (unless errors)
-grouperClient.discoveryDefault.webService.affinitySeconds = 28800
-#grouperClient.discoveryOverride.webService.affinitySeconds = 28800
-
-# if a connection has more errors than another, it will not be
-# used until this error timeout passes (unless the other is throwing errors
-# too)
-grouperClient.discoveryDefault.webService.lowerConnectionPriorityOnErrorForMinutes = 3
-#grouperClient.discoveryOverride.webService.lowerConnectionPriorityOnErrorForMinutes = 3
-
-# when a connection is attempted, this is the timeout that it will use before trying
-# another connection
-grouperClient.discoveryDefault.webService.timeoutSeconds = 60
-#grouperClient.discoveryOverride.webService.timeoutSeconds = 60
-
-# after all connections have been attempted, it will wait for this long
-# to see if any finish
-grouperClient.discoveryDefault.webService.extraTimeoutSeconds = 30
-#grouperClient.discoveryOverride.webService.extraTimeoutSeconds = 30
-
-
-
-####################################################################################
-####################################################################################
-#### Institutional and advanced settings
-####################################################################################
-####################################################################################
-
-#######################################
-## output templates
-#######################################
-
-webService.addMember.output = Index ${index}: success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: ${wsSubject.id}$newline$
-webService.getMembers.output = GroupIndex ${groupIndex}: success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: group: ${wsGroup.name}: subjectIndex: ${subjectIndex}: ${wsSubject.id}$newline$
-webService.deleteMember.output = Index ${index}: success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: ${wsSubject.id}$newline$
-webService.hasMember.output = Index ${index}: success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: ${wsSubject.id}: ${hasMember}$newline$
-webService.getGroups.output = SubjectIndex ${subjectIndex}: success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: subject: ${wsSubject.id}: groupIndex: ${groupIndex}: ${wsGroup.name}$newline$
-webService.groupSave.output = Success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: ${wsGroup.name}$newline$
-webService.stemSave.output = Success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: ${wsStem.name}$newline$
-webService.groupDelete.output = Index ${index}: success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: ${wsGroup.name}$newline$
-webService.stemDelete.output = Index ${index}: success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: ${wsStem.name}$newline$
-webService.getGrouperPrivilegesLite.output = Index ${index}: success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: ${objectType}: ${objectName}: subject: ${wsSubject.id}: ${wsGrouperPrivilegeResult.privilegeType}: ${wsGrouperPrivilegeResult.privilegeName}$newline$
-webService.assignGrouperPrivileges.output = Index: ${index}, success: ${resultMetadata.success}, code: ${resultMetadata.resultCode}, ${objectType}: ${objectName}, subject: ${wsSubject.id}, ${wsAssignGrouperPrivilegesResult.privilegeType}: ${wsAssignGrouperPrivilegesResult.privilegeName}$newline$
-webService.assignGrouperPrivilegesLite.output = Success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: ${objectType}: ${objectName}: subject: ${wsSubject.id}: ${wsAssignGrouperPrivilegesLiteResult.privilegeType}: ${wsAssignGrouperPrivilegesLiteResult.privilegeName}$newline$
-webService.findGroups.output = Index ${index}: name: ${wsGroup.name}, displayName: ${wsGroup.displayName}$newline$
-webService.findStems.output = Index ${index}: name: ${wsStem.name}, displayName: ${wsStem.displayName}$newline$
-webService.memberChangeSubject.output = Success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: oldSubject: ${wsSubjectOld.id}, newSubject: ${wsSubjectNew.id}$newline$
-webService.getMemberships.output = Index: ${index}: ${type}: ${ownerName}, subject: ${wsSubject.id}, list: ${wsMembership.listName}, type: ${wsMembership.membershipType}, enabled: ${wsMembership.enabled}$newline$
-webService.getSubjects.output = Index: ${index}: success: ${success}, code: ${wsSubject.resultCode}, subject: ${wsSubject.id}$newline$
-webService.getAttributeAssignments.output = Index: ${index}: attributeAssignType: ${wsAttributeAssign.attributeAssignType}, owner: ${ownerName}, attributeDefNameName: ${wsAttributeDefName.name}, action: ${wsAttributeAssign.attributeAssignActionName}, values: ${valuesString}, enabled: ${wsAttributeAssign.enabled}, id: ${wsAttributeAssign.id}$newline$
-webService.getAttributeAssignActions.output = Index: ${index}: nameOfAttributeDef: ${wsAttributeAssignActionTuple.nameOfAttributeDef}, action: ${wsAttributeAssignActionTuple.action}$newline$
-webService.assignAttributes.output = Index: ${index}: attributeAssignType: ${wsAttributeAssign.attributeAssignType}, owner: ${ownerName}, attributeDefNameName: ${wsAttributeDefName.name}, action: ${wsAttributeAssign.attributeAssignActionName}, values: ${valuesString}, enabled: ${wsAttributeAssign.enabled}, id: ${wsAttributeAssign.id}, changed: ${wsAssignAttributeResult.changed}, deleted: ${wsAssignAttributeResult.deleted}, valuesChanged: ${wsAssignAttributeResult.valuesChanged}$newline$
-webService.assignAttributesBatch.output = Index: ${assignIndex}, itemIndex: ${assignItemIndex}: attributeAssignType: ${wsAttributeAssign.attributeAssignType}, owner: ${ownerName}, attributeDefNameName: ${wsAttributeDefName.name}, action: ${wsAttributeAssign.attributeAssignActionName}, values: ${valuesString}, enabled: ${wsAttributeAssign.enabled}, id: ${wsAttributeAssign.id}, changed: ${wsAssignAttributeBatchResult.changed}, deleted: ${wsAssignAttributeBatchResult.deleted}, valuesChanged: ${wsAssignAttributeBatchResult.valuesChanged}$newline$
-webService.getPermissionAssignments.output = Index: ${index}: permissionType: ${wsPermissionAssign.permissionType}, role: ${wsPermissionAssign.roleName}, subject: ${wsPermissionAssign.sourceId} - ${wsPermissionAssign.subjectId}, attributeDefNameName: ${wsPermissionAssign.attributeDefNameName}, action: ${wsPermissionAssign.action}, allowedOverall: ${wsPermissionAssign.allowedOverall}, enabled: ${wsPermissionAssign.enabled}$newline$
-webService.assignPermissions.output = Index: ${index}: permissionType: ${permissionType}, owner: ${ownerName}, permissionDefNameName: ${wsAttributeDefName.name}, action: ${wsAttributeAssign.attributeAssignActionName}, disallowed: ${wsAttributeAssign.disallowed}, enabled: ${wsAttributeAssign.enabled}, attributeAssignId: ${wsAttributeAssign.id}, changed: ${wsAssignPermissionResult.changed}, deleted: ${wsAssignPermissionResult.deleted}$newline$
-webService.assignAttributeDefNameInheritance.output = Success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}, message: ${resultMetadata.resultMessage}$newline$
-webService.attributeDefNameSave.output = Success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: ${wsAttributeDefName.name}$newline$
-webService.attributeDefNameDelete.output = Index ${index}: success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: ${wsAttributeDefName.name}$newline$
-webService.findAttributeDefNames.output = Index ${index}: name: ${wsAttributeDefName.name}, displayName: ${wsAttributeDefName.displayName}$newline$
-webService.assignAttributeDefActions.output=Index ${index}: nameOfAttributeDef: ${nameOfAttributeDef}, action: ${actionWithOperation.action}, status: ${actionWithOperation.status}$newline$
-
-#######################################
-## ldap queries
-#######################################
-
-# operation name
-ldapSearchAttribute.operationName.0 = pennnameToPennid
-ldapSearchAttribute.ldapName.0 = ou=pennnames
-ldapSearchAttribute.matchingAttributes.0 = pennname
-ldapSearchAttribute.matchingAttributeLabels.0 = pennnameToDecode
-ldapSearchAttribute.returningAttributes.0 = pennid
-ldapSearchAttribute.outputTemplate.0 = pennid: ${pennid}
-ldapSearchAttribute.resultType.0 = STRING
-
-ldapSearchAttribute.operationName.1 = pennidToPennname
-ldapSearchAttribute.ldapName.1 = ou=pennnames
-ldapSearchAttribute.matchingAttributes.1 = pennid
-ldapSearchAttribute.matchingAttributeLabels.1 = pennidToDecode
-ldapSearchAttribute.returningAttributes.1 = pennname
-ldapSearchAttribute.outputTemplate.1 = pennname: ${pennname}
-ldapSearchAttribute.resultType.1 = STRING
-
-ldapSearchAttribute.operationName.2 = hasMemberLdap
-ldapSearchAttribute.ldapName.2 = ou=groups
-ldapSearchAttribute.matchingAttributes.2 = cn, hasMember
-ldapSearchAttribute.matchingAttributeLabels.2 = groupName, pennnameToCheck
-ldapSearchAttribute.returningAttributes.2 = cn
-ldapSearchAttribute.outputTemplate.2 = hasMember: ${resultBoolean}
-ldapSearchAttribute.resultType.2 = BOOLEAN
-
-ldapSearchAttribute.operationName.3 = getMembersLdap
-ldapSearchAttribute.ldapName.3 = ou=groups
-ldapSearchAttribute.matchingAttributes.3 = cn
-ldapSearchAttribute.matchingAttributeLabels.3 = groupName
-ldapSearchAttribute.returningAttributes.3 = hasMember
-ldapSearchAttribute.outputTemplate.3 = ${resultString}$newline$
-ldapSearchAttribute.resultType.3 = STRING_LIST
-
-########################################
-## Custom operations
-## Implement the interface ClientOperation, put it in the jar
-## Increment the int index for multiples (must be in order)
-########################################
-
-#customOperation.name.0 = cosignLikeWebsec
-#customOperation.class.0 = edu.upenn.isc.grouperClient.CosignLikeWebsecOperation
-
-
-########################################
-## Authentication settings
-########################################
-
-# user prefix
-grouperClient.ldap.user.prefix = uid=
-
-# user suffix
-grouperClient.ldap.user.suffix = ,ou=entities,dc=upenn,dc=edu
-
-# config name for the ldap user name between prefix and suffix
-grouperClient.ldap.user.label = login
-
-# config name for the webService user name between prefix and suffix
-grouperClient.webService.user.label = login
-
-########################################
-## Web service settings
-########################################
-
-# web service client version
-grouperClient.webService.client.version = v2_2_000
-
-# socket timeout
-grouperClient.webService.httpSocketTimeoutMillis = 90000
-
-# connection manager timeout
-grouperClient.webService.httpConnectionManagerTimeoutMillis = 90000
-
-# ignore extraneous xml fields from server (e.g. on server upgrade, when the client isnt upgraded)
-# if you dont ignore, and there is an extraneous field which is not omitted (below), then an exception 
-# will be thrown
-grouperClient.webService.ignoreExtraneousXmlFields = true
-
-# register fields to be ignored with xstream.  this is useful if you are not
-# ignoring extraneous fields (above), but know that there are a few to be ignored
-# place them here with fully qualified classname dont property name, comma separated
-# e.g. edu.internet2.middleware.grouperClient.ws.beans.WsResponseMeta.millis, edu.internet2.middleware.grouperClient.ws.beans.WsResponseMeta.millis2
-grouper.webService.omitXmlProperties = 
-
-########################################
-## Misc
-########################################
-
-# if there are extra command line args, should we fail or just log?
-grouperClient.failOnExtraCommandLineArgs = true
-
-# you can have aliases for subjectId and subjectIdentifer in command line args 
-# (though subjectId will still be allowed, but you cant pass both)
-# if this value is pennIds, then e.g. for addMemberWs, you can use --pennIds=123,234
-# instead of --subjectIds=123,345
-grouperClient.alias.subjectIds = 
-
-# if this value is pennKeys, then e.g. for addMemberWs, you can use --pennKeys=abc,bcd
-# instead of --subjectIdentifiers=abc,bcd
-grouperClient.alias.subjectIdentifiers = 
-
-# if this value is pennId, then e.g. for getGrouperPrivilegesLite, you can use --pennId=123
-# instead of --subjectId=123
-grouperClient.alias.subjectId = 
-
-# if this value is pennKey, then e.g. for getGrouperPrivilegesLite, you can use --pennKey=abc
-# instead of --subjectIdentifiers=abc
-grouperClient.alias.subjectIdentifier = 
-
-# if this value is PennId, then e.g. for addMemberWs, you can use --actAsPennId=123
-# instead of --actAsSubjectId=abc,bcd
-grouperClient.alias.SubjectId = 
-
-# if this value is PennKey, then e.g. for addMemberWs, you can use --actAsPennKey=abc
-# instead of --actAsSubjectIdentifier=abc
-grouperClient.alias.SubjectIdentifier = 
-
-# the encoding used to read config files
-grouperClient.config.encoding = UTF-8
-
-# this should probably be changed to UTF-8 for international charsets... for US it can be: ISO-8859-1
-grouperClient.default.fileEncoding = UTF-8
-
-# to not require valid SSL, use: edu.internet2.middleware.grouperClient.ssl.EasySslSocketFactory
-grouperClient.https.customSocketFactory = 
-
-# to not require valid SSL, use: edu.internet2.middleware.grouperClient.ssl.BlindSslSocketFactory
-grouperClient.ldaps.customSocketFactory = 
-
-
-##############################
-## Kuali Identity settings
-##############################
-
-kuali.identity.source.0 = jdbc
-kuali.identity.nameAttribute.0 = name
-kuali.identity.identifierAttribute.0 = loginid
-
-# separate a sourceId from a subjectId or sourceId
-kuali.identity.sourceSeparator = ::::
-
-
-########################################
-## JDBC settings
-########################################
-
-# default database connection name
-grouperClient.jdbc.defaultName = default
-
-# the part between jdbc. and the last . is the name of the connection, in this case "default"
-# e.g. mysql:           com.mysql.jdbc.Driver
-# e.g. p6spy (log sql): com.p6spy.engine.spy.P6SpyDriver
-#   for p6spy, put the underlying driver in spy.properties
-# e.g. oracle:          oracle.jdbc.driver.OracleDriver
-# e.g. hsqldb:          org.hsqldb.jdbcDriver
-# e.g. postgres:        org.postgresql.Driver
-# e.g. mssql:           com.microsoft.sqlserver.jdbc.SQLServerDriver
-grouperClient.jdbc.default.driver = oracle.jdbc.driver.OracleDriver
-
-# e.g. mysql:           jdbc:mysql://localhost:3306/grouper
-# e.g. p6spy (log sql): [use the URL that your DB requires]
-# e.g. oracle:          jdbc:oracle:thin:@server.school.edu:1521:sid
-# e.g. hsqldb (a):      jdbc:hsqldb:dist/run/grouper;create=true
-# e.g. hsqldb (b):      jdbc:hsqldb:hsql://localhost:9001/grouper
-# e.g. postgres:        jdbc:postgresql://localhost:5432/database
-# e.g. mssql:           jdbc:sqlserver://localhost:3280
-grouperClient.jdbc.default.url = jdbc:oracle:thin:@server.school.edu:1521:sid
-grouperClient.jdbc.default.user = some_schema
-grouperClient.jdbc.default.pass = abc123
-
-
-
-################################
-## AWS settings
-################################
-
-# sqs settings
-grouperClient.awsAccessKey = ABC123
-grouperClient.awsSecretKey = xyz789
-grouperClient.awsSqsQueueUrl = https://sqs.region.amazonaws.com/1234/queue_name
-
-
-################################
-## ESB settings
-################################
-
-## if you want to encrypt messages, set this to an implementation of edu.internet2.middleware.grouperClient.encryption.GcEncryptionInterface
-esb.consumer.encryptionImplementation = edu.internet2.middleware.grouperClient.encryption.GcSymmetricEncryptAesCbcPkcs5Padding
-## this is a key or could be encrypted in a file as well like other passwords
-## generate a key with: java -cp grouperClient.jar edu.internet2.middleware.grouperClient.encryption.GcGenerateKey 
-## number these if there are multiple
-#esb.consumer.encryptionKey.0 = abc123
-
-
-################################
-## XMPP client settings
-## Note: you need the smack.jar in your classpath, see the grouper xmpp wiki for usage
-## https://spaces.internet2.edu/display/Grouper/Grouper+XMPP+notifications+v1.6.0
-################################
-
-
-## general xmpp configuration
-grouperClient.xmpp.server.host = jabber.school.edu
-grouperClient.xmpp.server.port = 5222
-grouperClient.xmpp.user = username
-# note, pass can be in an external file with morphstring
-grouperClient.xmpp.pass = 
-grouperClient.xmpp.resource = grouperClient
-# note, you need the exact id and resource here or it wont match
-grouperClient.xmpp.trustedMessagesFromJabberIds = user@school.edu/resource, user2@school.edu/resource2
-
-# if true, then each quartz trigger name will be unique
-# do this for atlassian since it doesnt do quartz right, and wont delete or reuse old triggers
-grouperClient.xmpp.uniqueQuartzTriggerNames = false
-
-# if true, send this to smack, if we should debug.  not sure if it does anything
-grouperClient.xmpp.debuggerEnabled = false
-
-grouperClient.xmpp.job.myJobName.groupNames = test:xmppGroups:test1
-grouperClient.xmpp.job.myJobName.allowIncrementalNotInGroupNamesList = false
-grouperClient.xmpp.job.myJobName.handlerClass = edu.internet2.middleware.grouperClientExt.xmpp.GrouperClientXmppFileHandler
-# set this to reload_group or incremental if not reload on each event
-grouperClient.xmpp.job.myJobName.eventAction = incremental
-# how often a full refresh should occur regardless of events
-grouperClient.xmpp.job.myJobName.fullRefreshQuartzCronString = 0 0 5 * * ?
-grouperClient.xmpp.job.myJobName.fileHandler.targetFile = c:/temp/targetFile.txt
-grouperClient.xmpp.job.myJobName.fileHandler.filePrefix = c:/temp/filePrefix.txt
-grouperClient.xmpp.job.myJobName.fileHandler.iteratorEl = ${subject.attribute['pennname']}$space$
-grouperClient.xmpp.job.myJobName.fileHandler.fileSuffix = c:/temp/fileSuffix.txt
-grouperClient.xmpp.job.myJobName.subjectAttributeNames = pennname
-# subjects wont notify in not in these sources, comma separated, or blank for all
-grouperClient.xmpp.job.myJobName.requireSources = pennperson
-# subjects wont notify if they dont have a non blank value for these attributes, or blank for all
-grouperClient.xmpp.job.myJobName.requireAttributes = pennname
-
-

http://git-wip-us.apache.org/repos/asf/airavata/blob/82e57526/modules/group-manager/src/main/resources/grouper.hibernate.base.properties
----------------------------------------------------------------------
diff --git a/modules/group-manager/src/main/resources/grouper.hibernate.base.properties b/modules/group-manager/src/main/resources/grouper.hibernate.base.properties
deleted file mode 100755
index 7070b17..0000000
--- a/modules/group-manager/src/main/resources/grouper.hibernate.base.properties
+++ /dev/null
@@ -1,120 +0,0 @@
-#
-# Copyright 2014 Internet2
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#   http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-#
-# Grouper Hibernate Configuration
-# $Id: grouper.hibernate.example.properties,v 1.9 2009-08-11 20:18:09 mchyzer Exp $
-#
-
-# The grouper hibernate config uses Grouper Configuration Overlays (documented on wiki)
-# By default the configuration is read from grouper.hibernate.base.properties
-# (which should not be edited), and the grouper.hibernate.properties overlays
-# the base settings.  See the grouper.hibernate.base.properties for the possible
-# settings that can be applied to the grouper.hibernate.properties
-
-########################################
-## Config chaining hierarchy
-########################################
-
-# comma separated config files that override each other (files on the right override the left)
-# each should start with file: or classpath:
-# e.g. classpath:grouper.hibernate.base.properties, file:c:/temp/myFile.properties
-grouper.hibernate.config.hierarchy = classpath:grouper.hibernate.base.properties, classpath:grouper.hibernate.properties
-
-# seconds between checking to see if the config files are updated
-grouper.hibernate.config.secondsBetweenUpdateChecks = 60
-
-########################################
-## DB settings
-########################################
-
-# e.g. mysql:           jdbc:mysql://localhost:3306/grouper
-# e.g. p6spy (log sql): [use the URL that your DB requires]
-# e.g. oracle:          jdbc:oracle:thin:@server.school.edu:1521:sid
-# e.g. hsqldb (a):      jdbc:hsqldb:dist/run/grouper;create=true
-# e.g. hsqldb (b):      jdbc:hsqldb:hsql://localhost:9001/grouper
-# e.g. postgres:        jdbc:postgresql://localhost:5432/database
-# e.g. mssql:           jdbc:sqlserver://localhost:3280;databaseName=grouper
-hibernate.connection.url = jdbc:hsqldb:hsql://localhost:9001/grouper
-
-hibernate.connection.username         = sa
-# If you are using an empty password, depending upon your version of
-# Java and Ant you may need to specify a password of "".
-# Note: you can keep passwords external and encrypted: https://bugs.internet2.edu/jira/browse/GRP-122
-hibernate.connection.password         = 
-
-################  BELOW HERE YOU GENERALLY DO NOT NEED TO CHANGE ####################
-
-# Leave blank to autodetect based on URL, or specify
-# Hibernate3.  
-# e.g. org.hibernate.dialect.Oracle10gDialect, org.hibernate.dialect.HSQLDialect
-# e.g. org.hibernate.dialect.PostgreSQLDialect ,org.hibernate.dialect.MySQL5Dialect
-# e.g. org.hibernate.dialect.SQLServerDialect
-hibernate.dialect               = 
-
-# see http://ehcache.org/documentation/user-guide/hibernate#Configure-Ehcache-as-the-Second-Level-Cache-Provider
-# Hibernate 3.0 - 3.2
-# hibernate.cache.provider_class  = org.hibernate.cache.EhCacheProvider
-# Hibernate 3.3+
-hibernate.cache.region.factory_class = net.sf.ehcache.hibernate.EhCacheRegionFactory
-
-
-#
-# Generic Hibernate Configuration
-#
-
-hibernate.cache.use_query_cache       = true
-
-# leave blank to autodetect based on URL
-# e.g. mysql:           com.mysql.jdbc.Driver
-# e.g. p6spy (log sql): com.p6spy.engine.spy.P6SpyDriver
-#   for p6spy, put the underlying driver in spy.properties
-# e.g. oracle:          oracle.jdbc.driver.OracleDriver
-# e.g. hsqldb:          org.hsqldb.jdbcDriver
-# e.g. postgres:        org.postgresql.Driver
-# e.g. mssql:           com.microsoft.sqlserver.jdbc.SQLServerDriver
-hibernate.connection.driver_class = 
-
-
-hibernate.connection.autocommit       = false
-
-# Use c3p0 connection pooling (since dbcp not supported in hibernate anymore)
-# http://www.hibernate.org/214.html, http://www.hibernate.org/hib_docs/reference/en/html/session-configuration.html
-hibernate.c3p0.max_size 16
-hibernate.c3p0.min_size 0
-#seconds
-hibernate.c3p0.timeout 100
-hibernate.c3p0.max_statements 0
-hibernate.c3p0.idle_test_period 100
-hibernate.c3p0.acquire_increment 1
-hibernate.c3p0.validate false
-
-#What to do if there are connection problems - see http://www.mchange.com/projects/c3p0/index.html#configuration_properties
-#These settings are designed to cause exceptions sooner rather than later so end users are not left with a hanging UI. Once the database
-#is available again a connection will be made witout further intervention
-#If tou get intermittent connection problems in the UI even though the database is OK try increasing the max_size setting above and
-#tune the settings below
-hibernate.c3p0.acquireRetryAttempts=2
-hibernate.c3p0.acquireRetryDelay=500
-hibernate.c3p0.checkoutTimeout=30000
-
-hibernate.jdbc.use_streams_for_binary = true
-
-hibernate.max_fetch_depth             = 1
-
-hibernate.show_sql                    = false
-
-hibernate.jdbc.batch_size 20

http://git-wip-us.apache.org/repos/asf/airavata/blob/82e57526/modules/group-manager/src/main/resources/grouper.hibernate.properties
----------------------------------------------------------------------
diff --git a/modules/group-manager/src/main/resources/grouper.hibernate.properties b/modules/group-manager/src/main/resources/grouper.hibernate.properties
deleted file mode 100755
index d119c3f..0000000
--- a/modules/group-manager/src/main/resources/grouper.hibernate.properties
+++ /dev/null
@@ -1,10 +0,0 @@
-hibernate.connection.url = jdbc:mysql://localhost:3306/grouper
-
-hibernate.connection.username         =root
-# If you are using an empty password, depending upon your version of
-# Java and Ant you may need to specify a password of "".
-# Note: you can keep passwords external and encrypted: https://bugs.internet2.edu/jira/browse/GRP-122
-hibernate.connection.password         =
-
-hibernate.cache.use_second_level_cache=true
-hibernate.cache.region.factory_class=org.hibernate.cache.ehcache.EhCacheRegionFactory
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/airavata/blob/82e57526/modules/group-manager/src/main/resources/grouper.properties
----------------------------------------------------------------------
diff --git a/modules/group-manager/src/main/resources/grouper.properties b/modules/group-manager/src/main/resources/grouper.properties
deleted file mode 100755
index 1cc0805..0000000
--- a/modules/group-manager/src/main/resources/grouper.properties
+++ /dev/null
@@ -1,1017 +0,0 @@
-#
-# Copyright 2014 Internet2
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#   http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-#
-# Grouper Configuration
-# $Id: grouper.example.properties,v 1.48 2009-12-16 06:02:30 mchyzer Exp $
-#
-
-# Grouper uses Grouper Configuration Overlays (documented on wiki)
-# By default the configuration is read from grouper.base.properties
-# (which should not be edited), and the grouper.properties overlays
-# the base settings.  See the grouper.base.properties for the possible
-# settings that can be applied to the grouper.properties
-
-
-########################################
-## Config chaining hierarchy
-########################################
-
-# comma separated config files that override each other (files on the right override the left)
-# each should start with file: or classpath:
-# e.g. classpath:grouper.example.properties, file:c:/something/myconfig.properties
-grouper.config.hierarchy = classpath:grouper.base.properties, classpath:grouper.properties
-
-# seconds between checking to see if the config files are updated
-grouper.config.secondsBetweenUpdateChecks = 60
-
-
-########################################
-## General settings
-########################################
-
-# in cases where grouper is logging or emailing, it will use this to differentiate test vs dev vs prod
-grouper.env.name = 
-
-#put the URL which will be used e.g. in emails to users.  include the webappname at the end, and nothing after that.
-#e.g. https://server.school.edu/grouper/
-grouper.ui.url =
-
-# tmp dir to use, will set this to the env var for tmp dir during cache operations...
-# note, if you are using a backslash, you need to escape it with another, e.g. c:\\temp
-# see the temp dir in logs with this in log4j.properties
-# log4j.logger.edu.internet2.middleware.grouper.util.GrouperUtil = INFO
-grouper.tmp.dir = 
-
-# main stem for grouper built in objects
-# Note: there are more locations to change than just this
-grouper.rootStemForBuiltinObjects = etc
-
-#######################################
-## inititalization and configuration settings
-#######################################
-
-#if grouper should auto init the registry if not initted (i.e. insert the root stem, built in fields, etc)
-#defaults to true
-registry.autoinit = true
-
-#if grouper should try and detect and log configuration errors on startup
-#in general this should be true, unless the output is too annoying or if it is causing a problem
-configuration.detect.errors = true
-
-#if the startup message should display
-configuration.display.startup.message = true
-
-#if groups like the wheel group should be auto-created for convenience (note: check config needs to be on)
-configuration.autocreate.system.groups = false
-
-#auto-create groups (increment the integer index), and auto-populate with users 
-#(comma separated subject ids) to bootstrap the registry on startup
-#(note: check config needs to be on)
-#configuration.autocreate.group.name.0 = etc:uiUsers
-#configuration.autocreate.group.description.0 = users allowed to log in to the UI
-#configuration.autocreate.group.subjects.0 = johnsmith
-
-# if should check java version and make sure ok
-configuration.checkJavaVersion = true
-
-# if should check database and utf in new thread
-configuration.checkDatabaseAndUtf.inNewThread = true
-
-# if grouper should check to see if the database has case sensitive selects
-configuration.detect.db.caseSensitive.problems = true
-configuration.display.db.caseSensitive.success.message = false
-
-# if grouper should check to see if utf-8 works on startup in files
-configuration.detect.utf8.file.problems = true
-# if grouper should check to see if utf-8 works on startup in the database
-configuration.detect.utf8.problems = true
-configuration.display.utf8.success.message = false
-
-# if grouper in the utf8 check will check to see if grouper supports transaction
-configuration.detect.db.transaction.problems = true
-configuration.display.transaction.success.message = false
-
-###################################
-## security settings
-###################################
-
-# If set to _true_, the ALL subject will be granted that privilege on
-# each new group that is created.  Note, you can override the default
-# checkboxes on screen of UI in media.properties.
-groups.create.grant.all.optin         = false
-groups.create.grant.all.optout        = false
-groups.create.grant.all.read          = false
-groups.create.grant.all.view          = false
-groups.create.grant.all.groupAttrRead = false
-
-# If set to _true_, the ALL subject will be granted that privilege on
-# each new stem that is created.  
-stems.create.grant.all.create         = false
-stems.create.grant.all.stemAdmin      = false
-stems.create.grant.all.stemAttrRead   = false
-stems.create.grant.all.stemAttrUpdate = false
-
-# If set to _true_, the ALL subject will be granted that privilege on
-# each new attributeDef that is created.  
-attributeDefs.create.grant.all.attrAdmin         = false
-attributeDefs.create.grant.all.attrOptin         = false
-attributeDefs.create.grant.all.attrOptout        = false
-attributeDefs.create.grant.all.attrRead          = false
-attributeDefs.create.grant.all.attrUpdate        = false
-attributeDefs.create.grant.all.attrView          = false
-attributeDefs.create.grant.all.attrDefAttrRead   = false
-attributeDefs.create.grant.all.attrDefAttrUpdate = false
-
-# if set to true, then the ALL subject will be granted view on new entities
-entities.create.grant.all.view = false
-
-
-# A wheel group allows you to enable non-GrouperSystem subjects to act
-# like a root user when interacting with the registry.
-groups.wheel.use                      = false
-
-# Set to the name of the group you want to treat as the wheel group.
-# The members of this group will be treated as root-like users.
-groups.wheel.group                    = etc:sysadmingroup
-
-# A viewonly wheel group allows you to enable non-GrouperSystem subjects to act
-# like a root user when viewing the registry.
-groups.wheel.viewonly.use                      = false
-
-# Set to the name of the group you want to treat as the viewonly wheel group.
-# The members of this group will be treated as root-like users when viewing objects.
-groups.wheel.viewonly.group                    = etc:sysadminViewersGroup
-
-# A readonly wheel group allows you to enable non-GrouperSystem subjects to act
-# like a root user when reading the registry.
-groups.wheel.readonly.use                      = false
-
-# Set to the name of the group you want to treat as the readonly wheel group.
-# The members of this group will be treated as root-like users when reading objects.
-groups.wheel.readonly.group                    = etc:sysadminReadersGroup
-
-
-# To change the internal names for GrouperAll and GrouperSystem
-# uncomment and change. Review UI nav.properties to ensure consistency
-subject.internal.grouperall.name   = EveryEntity
-subject.internal.groupersystem.name   = GrouperSysAdmin
-
-# Search and sort strings for internal users
-internalSubjects.searchAttribute0.el = ${subject.name},${subject.id}
-internalSubjects.sortAttribute0.el = ${subject.name}
-
-
-#by default, anyone with admin rights on a group can edit the types or attributes
-#specify types (related attributes will also be protected) which are wheel only, or restricted to a certain group
-#security.types.typeName.wheelOnly = true
-security.types.grouperLoader.wheelOnly = true
-security.types.grouperGroupMembershipSettings.wheelOnly = true
-
-#security.types.typeName.allowOnlyGroup = etc:someAdminGroup
-
-
-# If this property is set, then to move a stem, in addition to having the appropriate stem privileges for the stem being moved and the destination stem,
-# a user must also be a member of the defined group.  Note that users in the wheel group will have access regardless of this property.
-#security.stem.groupAllowedToMoveStem = etc:someAdminGroup
-
-# If this property is set, then to rename a stem, in addition to having the appropriate stem privilege for the stem being renamed,
-# a user must also be a member of the defined group.  Note that users in the wheel group will have access regardless of this property.
-#security.stem.groupAllowedToRenameStem = etc:someAdminGroup
-
-# If this property is set, then to copy a stem, a user must be a member of the defined group.  Note that users in the wheel group will have access regardless of this property.
-#security.stem.groupAllowedToCopyStem = etc:someAdminGroup
-
-# By default, all users have access to sort using any of the sort strings in the member table and search using any of the search strings in the member table.
-# You can restrict to wheel only or to a certain group.
-#security.member.sort.string0.allowOnlyGroup = etc:someGroup
-#security.member.sort.string1.allowOnlyGroup = etc:someGroup
-#security.member.sort.string2.wheelOnly = true
-#security.member.sort.string3.wheelOnly = true
-#security.member.sort.string4.wheelOnly = true
-#security.member.search.string0.allowOnlyGroup = etc:someGroup
-#security.member.search.string1.allowOnlyGroup = etc:someGroup
-#security.member.search.string2.wheelOnly = true
-#security.member.search.string3.wheelOnly = true
-#security.member.search.string4.wheelOnly = true
-
-
-###################################
-## Member sort and search
-###################################
-
-# Attributes of members are kept in the grouper_members table to allow easy sorting and searching (for instance when listing group members).
-# When performing a sort or search and an index is not specified, then a default index will be used as configured below.  The value is comma-separated,
-# so that if the user does not have access to the first index, then next will be tried and so forth.
-# Note:  all sources should have attributes configured for all default indexes.
-member.search.defaultIndexOrder=0
-member.sort.defaultIndexOrder=0
-
-
-###################################
-## whitelist (allow) and blacklist (deny) for db/ldap data or object deletes, without prompting the user to confirm
-## if a listing is in the whitelist (allow), it will be allowed to delete db/ldap
-## if a listing is in the blacklist (deny), it will be denied from deleting db/ldap
-## multiple inputs can be entered with .0, .1, .2, etc.  These numbers must be sequential, starting with 0
-###################################
-
-db.change.allow.user.0=sa
-db.change.allow.url.0=jdbc:hsqldb:hsql://localhost:9001/grouper
-db.change.allow.user.1=grouper1
-db.change.allow.url.1=jdbc:mysql://localhost:3306/grouper1
-
-db.change.deny.user.0=grouper2
-db.change.deny.url.0=jdbc:mysql://localhost:3306/grouper2
-
-# db.change.allow.user.2=uid=admin,ou=system
-# db.change.allow.url.2=ldap://localhost:10389
-
-# if should give error when detect driver mismatch (set to false if using an 
-# unknown driver, and tell the grouper team so we can add to list)
-db.log.driver.mismatch = true
-
-###################################
-## Grouper include / exclude and requireGroups
-## If enabled, will make sure the Type is installed, and when that type is
-## applied to a group, it will auto-create the other groups needed to manage the include and exclude lists
-## see: https://bugs.internet2.edu/jira/browse/GRP-178
-## the naming settings below are only used when the type is applied to a group, will not affect
-## existing include/exclude groups
-###################################
-
-#if the addIncludeExclude and requireInGroups should be enabled, and if the type(s) should be 
-#auto-created, and used to auto create groups to facilitate include and exclude lists, and require lists
-grouperIncludeExclude.use = false
-grouperIncludeExclude.requireGroups.use = false
-
-#for requireGroups (groups that the members must be to be in the overall group).  name is the name of the attribute or type
-#attributeOrType is either attribute for an attribute underneath the requireInGroups type, or type to be a top level type
-#group is the group to be anded in.  note attributes are a global namespace, so you might want to use a naming convention,
-#e.g. prefix with "require".  description is the tooltip.  add as many as you like.
-#grouperIncludeExclude.requireGroup.name.0 = requireActiveEmployee
-#grouperIncludeExclude.requireGroup.attributeOrType.0 = type
-#grouperIncludeExclude.requireGroup.group.0 = school:community:activeEmployee
-#grouperIncludeExclude.requireGroup.description.0 = If value is true, members of the overall group must be an active employee (in the school:community:activeEmployee group).  Otherwise, leave this value not filled in.
-
-#grouperIncludeExclude.requireGroup.name.1 = requireActiveStudent
-#grouperIncludeExclude.requireGroup.attributeOrType.1 = attribute
-#grouperIncludeExclude.requireGroup.group.1 = school:community:activeStudent
-#grouperIncludeExclude.requireGroup.description.1 = If value is true, members of the overall group must be an active student (in the school:community:activeStudent group).  Otherwise leave this value not filled in.
-
-
-# set some names and tooltips
-grouperIncludeExclude.type.name = addIncludeExclude
-grouperIncludeExclude.tooltip = Select this type to auto-create other groups which facilitate having include and exclude list
-
-grouperIncludeExclude.requireGroups.type.name = requireInGroups
-grouperIncludeExclude.requireGroups.tooltip = Select this type to auto-create other groups which set up group math so that other groups can be required for membership (e.g. activeEmployee)
-
-#leave grouperIncludeExclude.andGroups.attributeName blank if you dont want to use this attribute...  
-#though if you were using it, it wont remove already configured groups
-grouperIncludeExclude.requireGroups.attributeName = requireAlsoInGroups
-grouperIncludeExclude.requireGroups.attribute.tooltip = Enter in comma separated group path(s).  An entity must be in these groups for it to be in the overall group.  e.g. stem1:stem2:group1, stem1:stem3:group2
-
-#suffixes for various include/exclude groups (can use ${space} for space).
-#note, these should uniquely identify various parts of the include/exclude.
-#i.e. if the grouperIncludeExclude type is applied to a group with a suffix of the include suffix,
-#the other groups will not be created...
-grouperIncludeExclude.systemOfRecord.extension.suffix = _systemOfRecord
-grouperIncludeExclude.include.extension.suffix = _includes
-grouperIncludeExclude.exclude.extension.suffix = _excludes
-grouperIncludeExclude.systemOfRecordAndIncludes.extension.suffix = _systemOfRecordAndIncludes
-grouperIncludeExclude.includesMinusExcludes.extension.suffix = _includesMinusExcludes
-#note, put a ${i} in there for where the 1 based index will go
-grouperIncludeExclude.requireGroups.extension.suffix = _requireGroups${i}
-
-#suffixes for various include/exclude groups (can use ${space} for space)
-grouperIncludeExclude.systemOfRecord.displayExtension.suffix = ${space}system of record
-grouperIncludeExclude.include.displayExtension.suffix = ${space}includes
-grouperIncludeExclude.exclude.displayExtension.suffix = ${space}excludes
-grouperIncludeExclude.systemOfRecordAndIncludes.displayExtension.suffix = ${space}system of record and includes
-grouperIncludeExclude.includesMinusExcludes.displayExtension.suffix = ${space}includes minus excludes
-#note, put a ${i} in there for where the 1 based index will go
-grouperIncludeExclude.requireGroups.displayExtension.suffix = ${space}requireGroups ${i}
-
-#can use ${extension} as the group extension, or ${displayExtension} for group display extension
-grouperIncludeExclude.overall.description = Group containing list of ${displayExtension} after adding the includes and subtracting the excludes
-grouperIncludeExclude.systemOfRecord.description = Group containing list of ${displayExtension} (generally straight from the system of record) without yet considering manual include or exclude lists
-grouperIncludeExclude.include.description = Group containing manual list of includes for group ${displayExtension} which will be added to the system of record list (unless the subject is also in the excludes group)
-grouperIncludeExclude.exclude.description = Group containing manual list of excludes for group ${displayExtension} which will not be in the overall group
-grouperIncludeExclude.systemOfRecordAndIncludes.description = Internal utility group for group ${displayExtension} which facilitates the group math for the include and exclude lists
-grouperIncludeExclude.includesMinusExclude.description = Internal utility group for group ${displayExtension} which facilitates includes, excludes, and required groups (e.g. activeEmployee)
-#note, put a ${i} in there for where the 1 based index will go
-grouperIncludeExclude.requireGroups.description = Internal utility group for group ${displayExtension} which facilitates required groups (e.g. activeEmployee)
-
-
-###################################
-## Subject settings
-###################################
-
-# if finding across multiple threadable sources, use threads to do the work faster
-subjects.allPage.useThreadForkJoin = false
-
-# if finding across multiple threadable sources, use threads to do the work faster
-subjects.idOrIdentifier.useThreadForkJoin = false
-
-# if the creator and last updater should be group subject attributes (you get
-# a performance gain if you set to false, but if true you can see subject id from UI in 2.0
-subjects.group.useCreatorAndModifierAsSubjectAttributes = true
-
-# customize subjects by implementing this interface: edu.internet2.middleware.grouper.subj.SubjectCustomizer
-# or extending this class: edu.internet2.middleware.grouper.subj.SubjectCustomizerBase (recommended)
-# note the instance will be reused to make sure it is threadsafe
-subjects.customizer.className = 
-
-# if we should use a root session if one isnt started for subject lookups (behavior in v2.0-
-subjects.startRootSessionIfOneIsntStarted = false
-
-###################################
-## Hooks
-## You can register multiple classes for one hook base class by comma separating the hooks implementations
-## You can also register hooks at runtime with: 
-## GrouperHookType.addHookManual("hooks.group.class", YourSchoolGroupHooks2.class);
-###################################
-
-#implement a group attribute hook by extending edu.internet2.middleware.grouper.hooks.AttributeHooks
-#hooks.attribute.class=edu.yourSchool.it.YourSchoolGroupHooks,edu.yourSchool.it.YourSchoolGroupHooks2
-
-#implement an attribute def hook by extending edu.internet2.middleware.grouper.hooks.AttributeDefHooks
-#hooks.attributeDef.class=edu.yourSchool.it.YourSchoolAttributeDefHooks,edu.yourSchool.it.YourSchoolAttributeDefHooks2
-
-#implement an attribute def name hook by extending edu.internet2.middleware.grouper.hooks.AttributeDefNameHooks
-#hooks.attributeDefName.class=edu.yourSchool.it.YourSchoolAttributeDefNameHooks,edu.yourSchool.it.YourSchoolAttributeDefNameHooks2
-
-#implement an attribute assign hook by extending edu.internet2.middleware.grouper.hooks.AttributeAssignHooks
-#hooks.attributeAssign.class=edu.yourSchool.it.YourSchoolAttributeAssignHooks,edu.yourSchool.it.YourSchoolAttributeAssignHooks2
-
-#implement an attribute assign hook by extending edu.internet2.middleware.grouper.hooks.AttributeAssignValueHooks
-#hooks.attributeAssignValue.class=edu.yourSchool.it.YourSchoolAttributeAssignValueHooks,edu.yourSchool.it.YourSchoolAttributeAssignValueHooks2
-
-#implement a group hook by extending edu.internet2.middleware.grouper.hooks.GroupHooks
-#hooks.group.class=edu.yourSchool.it.YourSchoolGroupHooks,edu.yourSchool.it.YourSchoolGroupHooks2
-
-#implement a grouper lifecycle hook by extending edu.internet2.middleware.grouper.hooks.LifecycleHooks
-#hooks.lifecycle.class=edu.yourSchool.it.YourSchoolLifecycleHooks
-
-#implement a membership hook by extending edu.internet2.middleware.grouper.hooks.MembershipHooks
-#hooks.membership.class=edu.yourSchool.it.YourSchoolMembershipHooks
-
-#implement a member hook by extending edu.internet2.middleware.grouper.hooks.MemberHooks
-#hooks.member.class=edu.yourSchool.it.YourSchoolMemberHooks
-
-#implement a stem hook by extending edu.internet2.middleware.grouper.hooks.StemHooks
-#hooks.stem.class=edu.yourSchool.it.YourSchoolStemHooks
-
-#implement a composite hook by extending edu.internet2.middleware.grouper.hooks.CompositeHooks
-#hooks.composite.class=edu.yourSchool.it.YourSchoolCompositeHooks
-
-#implement a field hook by extending edu.internet2.middleware.grouper.hooks.FieldHooks
-#hooks.field.class=edu.yourSchool.it.YourSchoolFieldHooks
-
-#implement a grouperSession hook by extending edu.internet2.middleware.grouper.hooks.GrouperSessionHooks
-#hooks.grouperSession.class=edu.yourSchool.it.YourSchoolGrouperSessionHooks
-
-#implement a groupType hook by extending edu.internet2.middleware.grouper.hooks.GroupTypeHooks
-#hooks.groupType.class=edu.yourSchool.it.YourSchoolGroupTypeHooks
-
-#implement a groupTypeTuple hook by extending edu.internet2.middleware.grouper.hooks.GroupTypeTupleHooks
-#hooks.groupTypeTuple.class=edu.yourSchool.it.YourSchoolGroupTypeTupleHooks
-
-#implement a loader hook by extending edu.internet2.middleware.grouper.hooks.LoaderHooks
-#hooks.loader.class=edu.yourSchool.it.YourSchoolLoaderHooks
-
-#implement an external subject hook by extending edu.internet2.middleware.grouper.hooks.ExternalSubjectHooks
-#hooks.externalSubject.class=edu.yourSchool.it.YourSchoolExternalSubjectHooks
-
-###################################
-## Rules
-###################################
-
-# Rules users who are in the following group can use the actAs field to act as someone else
-# You can put multiple groups separated by commas.  e.g. a:b:c, e:f:g
-# You can put a single entry as the group the calling user has to be in, and the grouper the actAs has to be in
-# separated by 4 colons
-# e.g. if the configured values is:       a:b:c, e:f:d :::: r:e:w, x:e:w
-# then if the calling user is in a:b:c or x:e:w, then the actAs can be anyone
-# if not, then if the calling user is in e:f:d, then the actAs must be in r:e:w.  If multiple rules, then 
-# if one passes, then it is a success, if they all fail, then fail.
-rules.act.as.group = 
-
-# any actAs subject in this group has access to more objects when the EL fires on 
-# the IF or THEN EL clause
-rules.accessToApiInEl.group = 
-
-# cache the decision to allow a user to actAs another, so it doesnt have to be calculated each time
-# defaults to 30 minutes
-rules.act.as.cache.minutes = 30
-
-# uuids (comma separated) of the attribute assign record which is the rule type to the owner object
-# e.g. SELECT gaagv.attribute_assign_id FROM grouper_attr_asn_group_v gaagv WHERE gaagv.attribute_def_name_name LIKE '%:rule' AND gaagv.group_name = 'stem:a'
-# make sure log info level is set for RuleEngine
-# log4j.logger.edu.internet2.middleware.grouper.rules.RuleEngine = INFO
-rules.attributeAssignTypeIdsToLog = abc1234abc123, def456def345
-
-# if this is true, then log a lot of info about why rules do or do not fire... only turn on temporarily
-# since it takes a lot of resources...  note you need log DEBUG set for the rules engine in log4j.properties too e.g.
-# log4j.logger.edu.internet2.middleware.grouper.rules = DEBUG
-rules.logWhyRulesDontFire = false
-
-# put in fully qualified classes to add to the EL context.  Note that they need a default constructor
-# comma separated.  The alias will be the simple class name without a first cap.
-# e.g. if the class is test.Test the alias is "test"
-rules.customElClasses = 
-
-# If the CHECK, IF, and THEN are all exactly what is needed for managing inherited stem privileges
-# Then allow an actAs GrouperSystem in source g:isa
-rules.allowActAsGrouperSystemForInheritedStemPrivileges = 
-
-# If not blank, then keep email templates in this folder instead of classpath
-# If in classpath, it is classpath: grouperRulesEmailTemplates/someTemplate.txt
-rules.emailTemplatesFolder = 
-
-
-###################################
-## Group attribute validation via regex
-## You can attach a regex to an attribute name (including built ins)
-## If none are registered, the built in hook will not be enabled
-## The built ins are description, displayName, extension, displayExtension, name
-## Configure a group.attribute.validator.attributeName.X for attribute name
-## group.attribute.validator.regex.X for the regex
-## group.attribute.validator.vetoMessage.X for the veto message (can contain the variable $attributeValue$ which will substitute)
-## the X must be a sequential integer which groups the config entries together.
-## do not repeat two config entries
-###################################
-
-#Attach a regex validator by attribute name
-#group.attribute.validator.attributeName.0=extension
-#group.attribute.validator.regex.0=^[a-zA-Z0-9]+$
-#group.attribute.validator.vetoMessage.0=Group ID '$attributeValue$' is invalid since it must contain only alpha-numerics
-#
-#group.attribute.validator.attributeName.1=displayExtension
-#group.attribute.validator.regex.1=^[a-zA-Z0-9 ]+$
-#group.attribute.validator.vetoMessage.1=Group name '$attributeValue$' is invalid since it must contain only alpha-numerics or spaces
-
-#####################################
-## Audit settings
-#####################################
-
-# if set to true, then exceptions will be thrown if any actions are not audited... exceptions
-# should not be thrown since everything should be audited, so this is a switch to make it absorb
-# errors if there is a problem (will be logged instead if second param is true)
-audit.requireAuditsForAllActions = false
-audit.logAuditsForMissingActions = false
-
-#####################################
-## Change log settings
-#####################################
-
-# if we should insert records into grouper_change_log_temp when events happen
-# defaults to true.  Note, it is not currently supported to set this to false...
-changeLog.enabled = true
-
-
-#####################################
-## Settings to track last membership changes for groups and stems.
-#####################################
-
-# If true, when an immediate membership changes for a group (either a privilege or a list member), 
-# then an update will be made to the lastImmediateMembershipChange property for the group.
-groups.updateLastImmediateMembershipTime = false
-
-# If true, when an immediate, composite, or effective membership changes for a group (either a privilege or a list member), 
-# then an update will be made to the lastMembershipChange property for the group.
-groups.updateLastMembershipTime = false
-
-# If true, when an immediate or effective membership changes for a stem (this would be a naming privilege), 
-# then an update will be made to the lastMembershipChange property for the stem.
-stems.updateLastMembershipTime = false
-
-
-#####################################
-## Database structure data definition language (DDL) settings
-#####################################
-
-# Grouper DOES NOT WORK WITHOUT NESTED TRANSACTIONS!  This config parameter doesnt exist
-#ddlutils.use.nestedTransactions = true
-
-# ddlutils db name will be set by default, you can override it here, it must be one of:
-# axion, cloudscape, db2, db2v8, derby, firebird, hsqldb, interbase, maxdb, mckoi, 
-# mssql, mysql, mysql5, oracle, oracle10, oracle9, postgresql, sapdb, sybase, sybasease15, 
-#
-#ddlutils.dbname.override = oracle10
-
-# if you want to not create the subject tables (grouper examples for unit testing), 
-# then set this to true
-ddlutils.exclude.subject.tables = false
-
-# set the path where ddl scripts are generated (they will be uniquely named in this directory).
-# if blank, the directory used will be the current directory
-ddlutils.directory.for.scripts = ddlScripts
-
-# during schema export, should it install grouper data also or not.  e.g. insert the root stem, default true
-ddlutils.schemaexport.installGrouperData = true
-
-# when grouper starts, should it shut down if not right version?
-ddlutils.failIfNotRightVersion = true
-
-# after you have converted id's, and are happy with the conversion of removing the uuid col, 
-# this will remove the backup uuid cols when running the gsh command: gsh -registry -deep 
-ddlutils.dropBackupUuidCols = false
-
-# after you have converted field id foreign keys, and are happy with the conversion of removing the attribute name, 
-# membership list name, and type cols, 
-# this will remove the backup field name/type cols when running the gsh command: gsh -registry -deep  
-ddlutils.dropBackupFieldNameTypeCols = false
-
-# before the group name etc was moved to the grouper_groups table, the attributes table
-# was backed up.  If it should not be backed up, or if the upgrade is done and works, then it can
-# be removed, set to true, run: gsh -registry -deep 
-ddlutils.dropAttributeBackupTableFromGroupUpgrade = false
-
-# Since grouper_memberships no longer has effective memberships, that table doesn't need via_id,
-# depth and parent_membership.  If they were converted, this will drop the backup of those cols with: gsh -registry -deep 
-ddlutils.dropMembershipBackupColsFromOwnerViaUpgrade = false
-
-# After legacy attributes are converted, the backed up tables can be dropped with: gsh -registry -deep
-ddlutils.dropLegacyAttributes = false
-
-# this is the schema ddlutils uses to query metadata with jdbc.  usually this can be omitted,
-# and it defaults to your database loginid, however, in postgres, it can be different, so enter here
-# in sql server, it might need to be: dbo
-#ddlutils.schema = public
-
-#if you are running a DB that supports them, but you dont want them, disable comments here (defaults to false)
-ddlutils.disableComments = false
-
-#set to true and we wont subsitute varchar 4000 for text in mysql (wont work in innodb utf-8 databases
-ddlutils.dontSubstituteVarchar4000forTextMysql = false
-
-#####################################
-## mail settings (optional, e.g. for daily report form loader)
-#####################################
-
-#smtp server is a domain name or dns name.  set to "testing" if you want to log instead of send (e.g. for testing)
-#mail.smtp.server = whatever.school.edu
-
-#leave blank if unauthenticated
-#mail.smtp.user = 
-
-#leave blank if unauthenticated
-#mail.smtp.pass = 
-
-#leave blank or false for no ssl, true for ssl
-#mail.smtp.ssl = 
-
-#leave blank for default (probably 25), if ssl is true, default is 465, else specify
-#mail.smtp.port = 
-
-#this is the default email address where mail from grouper will come from
-#mail.from.address = noreply@school.edu
-
-#this is the subject prefix of emails, which will help differentiate prod vs test vs dev etc
-#mail.subject.prefix = TEST:
-
-#when running junit tests, this is the address that will be used
-#mail.test.address = a@b.c
-
-#####################################
-## misc settings which probably dont need to be changed
-#####################################
-
-dao.factory = edu.internet2.middleware.grouper.internal.dao.hib3.Hib3DAOFactory
-
-# if tables that are hibernated should have optimistic locking or not (assumes the data layer supports this, hibernate does)
-dao.optimisticLocking = true
-
-# set the API as readonly (e.g. during upgrades).  Any updates will throw an exception
-grouper.api.readonly = false
-
-# When searching for memberships using the getMemberships WS (or underlying API call), limit the number of memberships
-# which can be returned, else throws exception.  -1 means dont check.
-ws.getMemberships.maxResultSize = 30000
-
-# When searching for attribute assignments using the getAttributeAssignments WS (or underlying API call), limit the number of assignments
-# which can be returned, else throws exception.  -1 means dont check.
-ws.findAttrAssignments.maxResultSize = 30000
-
-# When searching attribute def names, this is max size
-findAllAttributeDefNames.maxResultSize = 30000
-
-# create the type and attribuute for membership lite ui config by group
-membershipUpdateLiteTypeAutoCreate = false
-
-grouper.tableIndex.group.minIndex = 10000
-grouper.tableIndex.stem.minIndex = 10000
-grouper.tableIndex.attributeDef.minIndex = 10000
-grouper.tableIndex.attributeDefName.minIndex = 10000
-
-# verify that table indexes are set and the pointers are ok, incurs a bit of overhead to grouper startup
-grouper.tableIndex.verifyOnStartup = true
-
-# in different circumstances, retrieve a different number of IDs at once.
-# if it is a system where the JVM is starting and stopping (e.g. GSH), then
-# dont reserve that many at once 
-grouper.tableIndex.reserveIdsGsh = 1
-grouper.tableIndex.reserveIdsDefault = 10
-grouper.tableIndex.reserveIdsLoader = 10
-grouper.tableIndex.reserveIdsWs = 10
-grouper.tableIndex.reserveIdsUi = 10
-
-# group who can assign id index cols (also, wheel or root is allowed)
-grouper.tableIndex.groupWhoCanAssignIdIndex = etc:canAssignIdIndex
-
-# number of bytes in DB that a non ascii char takes
-grouper.nonAsciiCharDbBytesLength = 3
-
-# cache size for jexl expressions
-jexl.cacheSize = 1024
-
-# when reading writing files from util classes, this is encoding (was ISO-8859-1)
-grouper.default.fileEncoding = UTF-8
-
-
-#####################################
-## testing settings
-#####################################
-
-# if the ldappc tests should be included when running all tests (default false)
-junit.test.ldappc = false
-
-# if the loader tests should be included when running all tests (default true)
-junit.test.loader = true
-
-# if the ddl tests should be included when running all tests (default true)
-junit.test.ddl = true
-
-# if the gsh tests should be included when running all tests (default false)
-junit.test.gsh = false
-
-# if the stress tests should be included when running all tests (default false)
-junit.test.stress = false
-
-# if the external subject tests should be included when running all tests, note you need the jabber attribute in the view (default false)
-junit.test.externalSubjects = false
-
-# if the group sync should be tested... note you need the demo server available to test this, or change some settings...
-junit.test.groupSync = false
-junit.test.groupSync.url = https://grouperdemo.internet2.edu/grouper-ws_v2_0_0/servicesRest
-junit.test.groupSync.user = remoteUser
-junit.test.groupSync.password = R:/pass/grouperDemoRemoteUser.pass
-#folder where the user can create/stem which the user can use to run tests
-junit.test.groupSync.folder = test2:whateverFolder
-#this is true unless testing to an older grouper which doesnt support this
-junit.test.groupSync.pushAddExternalSubjectIfNotExist = true
-junit.test.groupSync.createRemoteFolderIfNotExist = true
-junit.test.groupSync.remoteSourceId = grouperExternal
-junit.test.groupSync.remoteReadSubjectId = identifier
-junit.test.groupSync.remoteWriteSubjectId = identifier
-
-
-#####################################
-## attribute framework
-#####################################
-
-# root stem in grouper where built in attributes are put
-grouper.attribute.rootStem = etc:attribute
-
-# comma separated names of attribute defs will not be audited or change log or point in time
-grouper.attribute.namesOfAttributeDefsToIgnoreAuditsChangeLogPit.elConfig = ${edu.internet2.middleware.grouper.cfg.GrouperConfig.retrieveConfig().propertyValueStringRequired('grouper.attribute.rootStem')}:userData:grouperUserDataValueDef
-
-# if the attribute loader attributes, and other attributes should be autoconfigured (created, etc)
-grouper.attribute.loader.autoconfigure = true
-
-#####################################
-## centrally managed permissions
-#####################################
-
-# if the permissions limits should be readable and updatable by GrouperAll (set when created)...
-grouper.permissions.limits.builtin.createAs.public = true
-
-# if the permissions limits should be readable and updatable by GrouperAll (set when created)...
-grouper.permissions.limits.builtin.displayExtension.limitAmountLessThan = amount less than
-grouper.permissions.limits.builtin.displayExtension.limitAmountLessThanOrEqual = amount less than or equal to
-grouper.permissions.limits.builtin.displayExtension.limitExpression = Expression
-grouper.permissions.limits.builtin.displayExtension.limitIpOnNetworkRealm = ipAddress on network realm
-grouper.permissions.limits.builtin.displayExtension.limitIpOnNetworks = ipAddress on networks
-grouper.permissions.limits.builtin.displayExtension.limitLabelsContain = labels contains
-grouper.permissions.limits.builtin.displayExtension.limitWeekday9to5 = Weekday 9 to 5
-
-
-# el classes to add to the el context for a limitExpression.  Comma-separated fully qualified classnames
-grouper.permissions.limits.el.classes = 
-
-# permission limits linked to subclasses of edu.internet2.middleware.grouper.permissions.limits.PermissionLimitBase
-#grouper.permissions.limits.logic.someName.limitName = 
-#grouper.permissions.limits.logic.someName.logicClass = 
-
-# if you are doing ip address limits, you can put realms here
-# grouper.permissions.limits.realm.someName = 1.2.3.4/24, 2.3.4.5/16
-
-#####################################
-## External subjects
-#####################################
-
-#manages the description of a user automatically
-externalSubjects.desc.el = ${grouperUtil.appendPrefixIfStringNotBlank('[unverifiedInfo]', ' ', grouperUtil.appendIfNotBlankString(externalSubject.name, ' - ', externalSubject.institution))} [externalUserID] ${externalSubject.identifier}
-
-#search and sort strings added to member objects
-externalSubjects.searchAttribute0.el = ${subject.name},${subjectUtils.defaultIfBlank(subject.getAttributeValue("institution"), "")},${subjectUtils.defaultIfBlank(subject.getAttributeValue("identifier"), "")},${subject.id},${subjectUtils.defaultIfBlank(subject.getAttributeValue("email"), "")}
-externalSubjects.sortAttribute0.el = ${subject.name}
-externalSubjects.sortAttribute1.el = ${subjectUtils.defaultIfBlank(subject.getAttributeValue("identifier"), "")}
-externalSubjects.sortAttribute2.el = ${subjectUtils.defaultIfBlank(subject.getAttributeValue("institution"), "")}
-
-# false if the description should be managed via EL (config above)
-externalSubjects.desc.manual = false
-
-# quartz cron where subjects are recalculated if necessary (empty means dont run), e.g. everyday at 3am
-externalSubjects.calc.fields.cron = 0 0 3 * * ? 
-
-externalSubjects.name.required = true
-externalSubjects.email.required = false
-externalSubjects.email.enabled = true
-
-# these field names (uuid, institution, identifier, uuid, email, name) or attribute names 
-# will be toLowered, and appended with comma separators.  e.g. if you add attributes, add them here too
-externalSubjects.searchStringFields = name, institution, identifier, uuid, email
-
-externalSubjects.institution.required = false
-externalSubjects.institution.enabled = true
-
-# note, this must be only alphanumeric lower case or underscore
-# (valid db column name, subject attribute name)
-#externalSubjects.attributes.jabber.systemName = jabber
-#externalSubjects.attributes.jabber.required = false
-# comment on column in DB (no special characters allowed)
-#externalSubjects.attributes.jabber.comment = The jabber ID of the user
-
-# if wheel or root can edit external users
-externalSubjects.wheelOrRootCanEdit = true
-
-# group which is allowed to edit external users
-externalSubjects.groupAllowedForEdit = 
-
-# if the view on the external subjects should be created.  
-# turn this off if it doesnt compile, othrewise should be fine
-externalSubjects.createView = true
-
-#name of external subject source, defaults to grouperExternal
-externalSubject.sourceId = grouperExternal
-externalSubject.sourceName = External Users
-
-# grouper can auto create a jdbc2 source for the external subjects
-externalSubjects.autoCreateSource = true
-
-# put in fully qualified classes to add to the EL context.  Note that they need a default constructor
-# comma separated.  The alias will be the simple class name without a first cap.
-# e.g. if the class is test.Test the alias is "test"
-externalSubjects.customElClasses = 
-
-# change these to affect the storage where external subjects live (e.g. to store in ldap),
-# must implement each respective storable interface
-externalSubjects.storage.ExternalSubjectStorable.class = edu.internet2.middleware.grouper.externalSubjects.ExternalSubjectDbStorage
-externalSubjects.storage.ExternalSubjectAttributeStorable.class = edu.internet2.middleware.grouper.externalSubjects.ExternalSubjectAttributeDbStorage
-
-# you can use the variables $newline$, $inviteLink$.  Note, you need to change this default message...
-externalSubjectsInviteDefaultEmail = Hello,$newline$$newline$This is an invitation to register at our site to be able to access our applications.  This invitation expires in 7 days.  Click on the link below and sign in with your InCommon credentials.  If you do not have InCommon credentials you can register at a site like protectnetwork.org and use those credentials.$newline$$newline$$inviteLink$$newline$$newline$Regards.
-# default subject for email
-externalSubjectsInviteDefaultEmailSubject = Register to access applications
-
-# you can use the variables $newline$, $inviteeIdentifier$, $inviteeEmailAddress$.  Note, you need to change this default message...
-externalSubjectsNotifyInviterEmail = Hello,$newline$$newline$This is a notification that user $inviteeIdentifier$ from email address $inviteeEmailAddress$ has registered with the identity management service.  They can now use applications at this institution.$newline$$newline$Regards.
-externalSubjectsNotifyInviterSubject = $inviteeIdentifier$ has registered
-
-# numner of days after which this request will expire.  If -1, then will not expire
-externalSubjectsInviteExpireAfterDays = 7
-
-#put some group names comma separated for groups to auto add subjects to
-externalSubjects.autoaddGroups=
-#should be insert, or update, or insert,update
-externalSubjects.autoaddGroupActions=insert,update
-#if a number is here, expire the group assignment after a certain number of days
-externalSubjects.autoaddGroupExpireAfterDays=
-
-# add multiple group assignment actions by URL param: externalSubjectInviteName
-#externalSubjects.autoadd.testingLibrary.externalSubjectInviteName=library
-
-# comma separated groups to add for this type of invite
-#externalSubjects.autoadd.testingLibrary.groups=
-
-# should be insert, update, or insert,update
-#externalSubjects.autoadd.testingLibrary.actions=insert,update
-
-# should be insert, update, or insert,update
-#externalSubjects.autoadd.testingLibrary.expireAfterDays=
-
-#if registrations are only allowed if invited or existing...
-externalSubjects.registerRequiresInvite=true
-
-#make sure the identifier when logging in is like an email address or eppn, e.g. username@school.edu
-externalSubjects.validateIndentiferLikeEmail=true
-
-#put regexes here, increment the 0 for multiple entries, e.g. restrict your own institution
-#note, the extensions must be sequential (dont skip), regex e.g. ^.*@myschool\\.edu$
-externalSubjects.regexForInvalidIdentifier.0=
-
-#####################################
-## org management
-#####################################
-
-# if the orgs table(s) should be included in the DDL (includes the hierarchical table
-orgs.includePocOrgsTablesInDdl = false
-
-# loader connection of the database where orgs are (grouper means the grouper db in grouper.hibernate.properties)
-orgs.databaseName = grouper
-
-#table name of the org table (can prefix by schema name if you like)
-orgs.orgTableName = grouperorgs_poc_orgs
-
-#column names of this table
-orgs.orgIdCol = id
-orgs.orgNameCol = org_name
-orgs.orgDisplayNameCol = org_display_name
-orgs.orgParentIdCol = parent_id
-
-#stem where the orgs are, e.g. poc:orgs
-orgs.parentStemName = poc:orgs
-
-#org config name
-orgs.configGroupName = poc:orgs:orgsConfig
-
-######################################
-## Grouper client connections
-## if this grouper needs to talk to another grouper, this is the client connection information
-######################################
-
-
-# id of the source, should match the part in the property name
-#grouperClient.someOtherSchool.id = someOtherSchool
-
-# url of web service, should include everything up to the first resource to access
-# e.g. https://groups.school.edu/grouperWs/servicesRest
-#grouperClient.someOtherSchool.properties.grouperClient.webService.url = https://some.other.school.edu/grouperWs/servicesRest
-
-# login ID
-#grouperClient.someOtherSchool.properties.grouperClient.webService.login = someRemoteLogin
-
-# password for shared secret authentication to web service
-# or you can put a filename with an encrypted password
-#grouperClient.someOtherSchool.properties.grouperClient.webService.password = *********
-
-# client version should match or be related to the server on the other end...
-#grouperClient.someOtherSchool.properties.grouperClient.webService.client.version = v2_0_000
-
-# this is the subject to act as local, if blank, act as GrouperSystem, specify with SubjectFinder packed string, e.g.
-# subjectIdOrIdentifier  or  sourceId::::subjectId  or  ::::subjectId  or  sourceId::::::subjectIdentifier  or  ::::::subjectIdentifier
-# sourceId::::::::subjectIdOrIdentifier  or  ::::::::subjectIdOrIdentifier
-#grouperClient.someOtherSchool.localActAsSubject = 
-
-# the id of this source, generally the same as the name in the property name.  This is mandatory
-#grouperClient.someOtherSchool.source.jdbc.id = jdbc
-
-# the part between "grouperClient.someOtherSchool.source." and ".id" links up the configs, 
-# in this case, "jdbc", make sure it has no special chars.  sourceId can be blank if you dont want to specify
-#grouperClient.someOtherSchool.source.jdbc.local.sourceId = jdbc
-
-# this is the identifier that goes between them, it is "id" or an attribute name.  subjects without this attribute will not be processed
-#grouperClient.someOtherSchool.source.jdbc.local.read.subjectId = identifier
-
-# this is the identifier to lookup to add a subject, should be "id" or "identifier" or "idOrIdentifier"
-#grouperClient.someOtherSchool.source.jdbc.local.write.subjectId = identifier
-
-# sourceId of the remote system, can be blank
-#grouperClient.someOtherSchool.source.jdbc.remote.sourceId = jdbc
-
-# this is the identifier that goes between them, it is "id" or an attribute name.  subjects without this attribute will not be processed
-#grouperClient.someOtherSchool.source.jdbc.remote.read.subjectId = 
-
-# this is the identifier to lookup to add a subject, should be "id" or "identifier" or "idOrIdentifier"
-#grouperClient.someOtherSchool.source.jdbc.remote.write.subjectId = 
-
-
-
-
-######################################
-## Sync to/from another grouper
-## Only sync one group to one other group, do not sync one group to
-## two report groupers.  If you need to do this, add the group to another group
-######################################
-
-# we need to know where our
-# connection name in grouper client connections above
-#syncAnotherGrouper.testGroup0.connectionName = someOtherSchool
-
-# incremental  or  push  or   pull  or  incremental_push.  Note, incremental push is cron'ed and incremental (to make sure no discrepancies arise)
-#syncAnotherGrouper.testGroup0.syncType = incremental_push
-
-# quartz cron  to schedule the pull or push (incremental is automatic as events happen) (e.g. 5am daily)
-#syncAnotherGrouper.testGroup0.cron =  0 0 5 * * ?
-
-# local group which is being synced
-#syncAnotherGrouper.testGroup0.local.groupName = test:testGroup
-
-# remote group at another grouper which is being synced
-#syncAnotherGrouper.testGroup0.remote.groupName = test2:testGroup2
-
-# if subjects are external and should be created if not exist
-#syncAnotherGrouper.testGroup0.addExternalSubjectIfNotFound = true
-
-
-
-###################################
-## user data settings
-###################################
-
-# amount of time to cache groups in use
-grouperUserData.group.cache.seconds = 120
-
-
-######################################
-## Legacy attributes
-######################################
-legacyAttribute.baseStem=etc:legacy:attribute
-legacyAttribute.groupTypeDef.prefix=legacyGroupTypeDef_
-legacyAttribute.attributeDef.prefix=legacyAttributeDef_
-legacyAttribute.customListDef.prefix=legacyCustomListDef_
-legacyAttribute.groupType.prefix=legacyGroupType_
-legacyAttribute.attribute.prefix=legacyAttribute_
-legacyAttribute.customList.prefix=legacyCustomList_
-legacyAttributeMigration.useThreads = true
-legacyAttributeMigration.threadPoolSize = 20
-
-
-######################################
-## Point in time audit
-######################################
-pit.sync.useThreads = true
-pit.sync.threadPoolSize = 20
-
-
-######################################
-## Stem sets
-######################################
-stemSet.sync.useThreads = true
-stemSet.sync.threadPoolSize = 20
-
-
-######################################
-## Group sets
-######################################
-groupSet.sync.useThreads = true
-groupSet.sync.threadPoolSize = 20
-
-########################
-## LDAPProvisioningHook
-########################
-#LDAPProvisioningHook.exclude.regex.0=.*_excludes$
-#LDAPProvisioningHook.exclude.regex.1=.*_includes$
-#LDAPProvisioningHook.exclude.regex.2=.*_systemOfRecord$
-#LDAPProvisioningHook.exclude.regex.3=.*_systemOfRecordAndIncludes$
-
-#########################################
-## Unresolvable Subject Deletion Utility
-#########################################
-
-# Don't do anything if more than this number of unresolvable subjects are found
-usdu.failsafe.maxUnresolvableSubjects = 200
-
-
-################# DIAGNOSTICS ##################
-# In UI and WS
-
-#if ignore tests.  Note, in job names, invalid chars need to be replaced with underscore (e.g. colon)
-#anything in this regex: [^a-zA-Z0-9._-]
-ws.diagnostic.ignore.memoryTest = false
-ws.diagnostic.ignore.dbTest_grouper = false
-ws.diagnostic.ignore.source_jdbc = false
-ws.diagnostic.ignore.loader_CHANGE_LOG_changeLogTempToChangeLog = false
-
-#this is 52 hours... 48 for 2 days, and 4 more for the job to run.  So if the warehouse is down for updates,
-#then the daily job will not give an error
-ws.diagnostic.defaultMinutesSinceLastSuccess = 3120
-
-#change log can only for 30 minutes of failing before diagnostics fails
-ws.diagnostic.defaultMinutesChangeLog = 30
-
-#number of minute that can go by without a success before an error is thrown
-ws.diagnostic.minutesSinceLastSuccess.loader_SQL_GROUP_LIST__aStem_aGroup2 = 60
-
-#list groups which should check the size, in this case, "employee" or "students" in the key name is a variable
-#ws.diagnostic.checkGroupSize.employees.groupName = community:employees
-#ws.diagnostic.checkGroupSize.employees.minSize = 28000
-
-#ws.diagnostic.checkGroupSize.students.groupName = community:students
-#ws.diagnostic.checkGroupSize.students.minSize = 18000
-

http://git-wip-us.apache.org/repos/asf/airavata/blob/82e57526/modules/group-manager/src/main/resources/grouperUtf8.txt
----------------------------------------------------------------------
diff --git a/modules/group-manager/src/main/resources/grouperUtf8.txt b/modules/group-manager/src/main/resources/grouperUtf8.txt
deleted file mode 100755
index 526f696..0000000
--- a/modules/group-manager/src/main/resources/grouperUtf8.txt
+++ /dev/null
@@ -1 +0,0 @@
-\u0679\u067a\u067b\u067c\u0643\u0644\u0644
\ No newline at end of file