...
| Code Block |
|---|
<!-- Service Principal Subject Resolver -->
<source adapterClass="edu.internet2.middleware.subject.provider.JDBCSourceAdapter">
<id>servPrinc</id>
<name>Kerberos service principals</name>
<type>application</type>
<init-param>
<param-name>jdbcConnectionProvider</param-name>
<param-value>edu.internet2.middleware.grouper.subj.GrouperJdbcConnectionProvider</param-value>
</init-param>
<!-- on a findPage() this is the most results returned -->
<init-param>
<param-name>maxPageSize</param-name>
<param-value>100</param-value>
</init-param>
<init-param>
<param-name>SubjectID_AttributeType</param-name>
<param-value>loginid</param-value>
</init-param>
<init-param>
<param-name>Name_AttributeType</param-name>
<param-value>name</param-value>
</init-param>
<init-param>
<param-name>Description_AttributeType</param-name>
<param-value>description</param-value>
</init-param>
<!-- init-param>
<param-name>maxResults</param-name>
<param-value>1000</param-value>
</init-param -->
<init-param>
<param-name>sortAttribute0</param-name>
<param-value>loginid</param-value>
</init-param>
<init-param>
<param-name>searchAttribute0</param-name>
<param-value>loginid</param-value>
</init-param>
<!-- if you are going to use the inclause attribute
on the search to make the queries batchable when searching
by id or identifier -->
<init-param>
<param-name>useInClauseForIdAndIdentifier</param-name>
<param-value>true</param-value>
</init-param>
<!-- comma separate the identifiers for this row, this is for the findByIdentifiers if using an in clause -->
<init-param>
<param-name>identifierAttributes</param-name>
<param-value>loginid</param-value>
</init-param>
<search>
<searchType>searchSubject</searchType>
<param>
<param-name>numParameters</param-name>
<param-value>1</param-value>
</param>
<param>
<param-name>sql</param-name>
<param-value>
select
principal_name as name,
principal_name as loginid,
principal_name as description
from
service_principals
where
{inclause}
</param-value>
</param>
<param>
<param-name>inclause</param-name>
<param-value>
principal_name = ?
</param-value>
</param>
</search>
<search>
<searchType>searchSubjectByIdentifier</searchType>
<param>
<param-name>numParameters</param-name>
<param-value>1</param-value>
</param>
<param>
<param-name>sql</param-name>
<param-value>
select
principal_name as name,
principal_name as loginid,
principal_name as description
from
service_principals
where
{inclause}
</param-value>
</param>
<param>
<param-name>inclause</param-name>
<param-value>
principal_name = ?
</param-value>
</param>
</search>
<search>
<searchType>search</searchType>
<param>
<param-name>numParameters</param-name>
<param-value>1</param-value>
</param>
<param>
<param-name>sql</param-name>
<param-value>
select
principal_name as name,
principal_name as loginid,
principal_name as description
from
service_principals
where
(lower(principal_name) like lower(concat('%',concat(?,'%'))))
</param-value>
</param>
</search>
</source>
|
Here is a GSH script (oracle) to add a new one:
| Code Block |
|---|
edit kerb and reason...
[appadmin@fastprod-mgmt-01 bin]$ more createKerbTest.gsh
grouperSession = GrouperSession.startRootSession();
kerb = "test_kerb/school.edu";
reason = "test kerb";
sqlRun("insert into service_principals (principal_name, id, last_updated, reason) values ('" + kerb + "', hibernate_sequence.nextval, systimestamp, '" + reason + "')");
addMember("school:etc:ldapUsers", kerb);
addMember("school:etc:webServiceClientUsers", kerb);
[appadmin@fastprod-mgmt-01 bin]$ ./gsh createKerbTest.gsh
|
Heres a GSH script (postgres) to add a new one:
| Code Block |
|---|
grouperSession = GrouperSession.startRootSession(); kerb = "test_kerb2/school.edu"; reason = "test kerb2 for john smith in dept a"; sqlRun("insert into service_principals (principal_name, id, last_updated, reason) values ('" + kerb + "', (select max(id)+1 from service_principals), CURRENT_TIMESTAMP, '" + reason + "')"); addMember("school:etc:ldapUsers", kerb); addMember("school:etc:webServiceClientUsers", kerb); |