How to use conditional operation in augeas puppet - jboss7.x

I can insert/edit any attributes or any text in XML file.
Is it possible to insert/edit any attributes or any text in XML File.
For eg:
I would like to change the value of a property, If it is named as "modcluster.proxylist".
<server-group name="ServiceGroupOne" profile="full-ha">
<system-properties>
<property name="jboss.default.multicast.address" value="232.0.2.20" boot-time="true"/>
<property name="modcluster.proxylist" value="192.168.79.77:7777" boot-time="true"/>
<property name="modcluster.lbgroup" value="SearchGroupOne" boot-time="true"/>
</system-properties>
</server-group>
<server-group name="ServiceGroupTwo" profile="full-ha">
<system-properties>
<property name="jboss.default.multicast.address" value="232.0.2.20" boot-time="true"/>
<property name="modcluster.lbgroup" value="SearchGroupTwo" boot-time="true"/>
<property name="modcluster.proxylist" value="192.168.79.77:7777" boot-time="true"/>
</system-properties>
</server-group>
<server-group name="ServiceGroupThree" profile="full-ha">
<system-properties>
<property name="modcluster.lbgroup" value="CommonSearchGroup" boot-time="true"/>
<property name="modcluster.proxylist" value="192.168.79.77:7777" boot-time="true"/>
<property name="jboss.default.multicast.address" value="232.0.2.20" boot-time="true"/>
</system-properties>
</server-group>

The augeas puppet type has an onlyif attribute which lets you decide whether it will be ran or not. That's pretty much the only conditional option there is for now.
If your need gets quite complex, I'd recommend you write a Ruby augeasprovider instead.

Related

WSO2 APIM 4.0.0 - Groups are not assigned to Users

I'm trying to configure API Manager 4.0.0 against OpenLDAP.
The users and groups are correctly fetched from the ldap and I can see them on carbon UI.
When I navigate to "View Users" of one group, I can see the users that are fetched using the attribute "uniqueMember" of the ldap.
But when I navigate to "View Roles" of one user, only "Internal/everyone" is displayed. The groups of the user are not assigned to him.
Is it normal to see the relationship in one way only ?
My OpenLDAP has no "memberOf" attribute schema. Maybe it is required ?
I am using a fresh install from wso4am-4.0.0.zip all-in-one without modification.
Here is the configuration of the userstore:
<?xml version="1.0" encoding="UTF-8"?><UserStoreManager class="org.wso2.carbon.user.core.ldap.UniqueIDReadWriteLDAPUserStoreManager">
<Property name="ConnectionURL">ldap://xxx:389</Property>
<Property name="ConnectionName">cn=admin,dc=mycompany-dev,dc=fr</Property>
<Property encrypted="true" name="ConnectionPassword">xxx</Property>
<Property name="UserSearchBase">ou=Users,ou=wso2,dc=mycompany-dev,dc=fr</Property>
<Property name="UserEntryObjectClass">person</Property>
<Property name="UserNameAttribute">uid</Property>
<Property name="UserNameSearchFilter">(&(objectClass=person)(uid=?))</Property>
<Property name="UserNameListFilter">(objectClass=person)</Property>
<Property name="UserIDAttribute">scimId</Property>
<Property name="UserIdSearchFilter">(&(objectClass=person)(uid=?))</Property>
<Property name="UserDNPattern"/>
<Property name="DisplayNameAttribute"/>
<Property name="Disabled">false</Property>
<Property name="ReadGroups">true</Property>
<Property name="WriteGroups">true</Property>
<Property name="GroupSearchBase">ou=Groups,ou=wso2,dc=mycompany-dev,dc=fr</Property>
<Property name="GroupEntryObjectClass">groupOfUniqueNames</Property>
<Property name="GroupNameAttribute">cn</Property>
<Property name="GroupNameSearchFilter">(&(objectClass=groupOfUniqueNames)(cn=?))</Property>
<Property name="GroupNameListFilter">(objectClass=groupOfUniqueNames)</Property>
<Property name="RoleDNPattern"/>
<Property name="MembershipAttribute">uniqueMember</Property>
<Property name="MemberOfAttribute"/>
<Property name="BackLinksEnabled">true</Property>
<Property name="UserNameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
<Property name="UserNameJavaScriptRegEx">^[\S]{3,30}$</Property>
<Property name="UsernameJavaRegExViolationErrorMsg">Username pattern policy violated.</Property>
<Property name="PasswordJavaRegEx">^[\S]{5,30}$</Property>
<Property name="PasswordJavaScriptRegEx">^[\S]{5,30}$</Property>
<Property name="PasswordJavaRegExViolationErrorMsg">Password pattern policy violated.</Property>
<Property name="RoleNameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
<Property name="RoleNameJavaScriptRegEx">^[\S]{3,30}$</Property>
<Property name="LDAPInitialContextFactory">com.sun.jndi.ldap.LdapCtxFactory</Property>
<Property name="DateAndTimePattern">Date And Time Pattern</Property>
<Property name="CaseInsensitiveUsername">true</Property>
<Property name="BulkImportSupported">true</Property>
<Property name="EmptyRolesAllowed">true</Property>
<Property name="PasswordHashMethod">PLAIN_TEXT</Property>
<Property name="MultiAttributeSeparator">,</Property>
<Property name="MaxUserNameListLength">100</Property>
<Property name="MaxRoleNameListLength">100</Property>
<Property name="kdcEnabled">false</Property>
<Property name="defaultRealmName">WSO2.ORG</Property>
<Property name="UserRolesCacheEnabled">false</Property>
<Property name="ConnectionPoolingEnabled">false</Property>
<Property name="LDAPConnectionTimeout">5000</Property>
<Property name="ReadTimeout">5000</Property>
<Property name="RetryAttempts">0</Property>
<Property name="CountRetrieverClass"/>
<Property name="java.naming.ldap.attributes.binary"/>
<Property name="ClaimOperationsSupported">true</Property>
<Property name="MembershipAttributeRange">0</Property>
<Property name="UserCacheExpiryMilliseconds"/>
<Property name="UserDNCacheEnabled">true</Property>
<Property name="StartTLSEnabled">false</Property>
<Property name="ConnectionRetryDelay">120000</Property>
<Property name="ImmutableAttributes"/>
<Property name="TimestampAttributes"/>
<Property name="DomainName">CompanyUsers</Property>
<Property name="Description"/>
</UserStoreManager>
FYI I found the answer after activating logs :
DEBUG
{org.wso2.carbon.user.core.ldap.UniqueIDReadOnlyLDAPUserStoreManager} - No UserID found for the property: uid, value: user1, in domain: COMPANYUSERS
My user was incorrectly fetched because of scimId not exists in my Ldap
<Property name="UserIDAttribute">scimId</Property>
I changed to uid and it is working now.
<Property name="UserIDAttribute">uid</Property>

Configuring the WSO2 IS to external LDAP

I've been following this documentation on how to connect to external LDAP server from WSO2 Identity Server.
Now I am stuck at running the product. Upon running the WSO2 IS, I got an error saying that the admin user is not exist in PRIMARY. If I am using the existing configuration, everything went well. So i thought, this might be because of the configuration that I make at the user-mgt.xml and tenant-mgt.xml
This is my external LDAP configuration:
LDAP User and Group
This is my user-mgt.xml file looks like
<UserManager>
<Realm>
<Configuration>
<AddAdmin>true</AddAdmin>
<AdminRole>admin</AdminRole>
<AdminUser>
<UserName>admin</UserName>
<Password>*****</Password>
</AdminUser>
<EveryOneRoleName>everyone</EveryOneRoleName> <!-- By default users in this role sees the registry root -->
<Property name="isCascadeDeleteEnabled">true</Property>
<Property name="initializeNewClaimManager">true</Property>
<Property name="dataSource">jdbc/WSO2CarbonDB</Property>
</Configuration>
<UserStoreManager class="org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager">
<Property name="TenantManager">org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager</Property>
<Property name="ConnectionURL">ldap://10.251.45.200:389</Property>
<Property name="ConnectionName">cn=ldap,dc=ei,dc=local</Property>
<Property name="ConnectionPassword">P#ssw0rd</Property>
<Property name="AnonymousBind">false</Property>
<Property name="UserSearchBase">ou=People,dc=ei,dc=local</Property>
<Property name="UserEntryObjectClass">identityPerson</Property>
<Property name="UserNameAttribute">uid</Property>
<Property name="UserNameSearchFilter">(&(objectClass=person)(uid=?))</Property>
<Property name="UserNameListFilter">(objectClass=person)</Property>
<Property name="DisplayNameAttribute"/>
<Property name="ReadGroups">true</Property>
<Property name="WriteGroups">true</Property>
<Property name="GroupSearchBase">ou=Group,dc=ei,dc=local</Property>
<Property name="GroupEntryObjectClass">groupOfNames</Property>
<Property name="GroupNameAttribute">cn</Property>
<Property name="GroupNameSearchFilter">(&(objectClass=groupOfNames)(cn=?))</Property>
<Property name="GroupNameListFilter">(objectClass=groupOfNames)</Property>
<Property name="MembershipAttribute">member</Property>
<Property name="SCIMEnabled">true</Property>
<Property name="IsBulkImportSupported">false</Property>
<Property name="EmptyRolesAllowed">false</Property>
</UserStoreManager>
</Realm>
Please help me here, I so stuck at this process. Any advice would be great !

Can Ignite persistent one cache to multiple store?

I hope to use ignite to sync up records to multiple mysql db. For example, when some records goes into cacheA, the records can be persistent to db1 and db2 both.
Can it be possible?
What I did is:
write a PersonStore class and build it as a jar and place it in libs\
first sample1.xml configure as
Blockquote
<bean class="org.springframework.jdbc.datasource.DriverManagerDataSource" id="dataSource">
<property name="driverClassName" value="com.mysql.jdbc.Driver"></property>
<property name="url" value="jdbc:mysql://111.xxx.xxx:3306/test"></property>
<property name="username" value="root"></property>
<property name="password" value="xxxx"></property>
</bean>
<bean id="ignite.cfg" class="org.apache.ignite.configuration.IgniteConfiguration">
<property name="peerClassLoadingEnabled" value="true"/>
<property name="cacheConfiguration">
<list>
<bean class="org.apache.ignite.configuration.CacheConfiguration">
<property name="name" value="personCache"></property>
<!-- Enable readThrough-->
<property name="readThrough" value="true"></property>
<property name="writeThrough" value="true"></property>
<!-- Set cacheStoreFactory-->
<property name="cacheStoreFactory">
<bean class="javax.cache.configuration.FactoryBuilder" factory-method="factoryOf">
<constructor-arg value="com.jguo.ignitepersistentstoredemo.PersonStore"></constructor-arg>
</bean>
</property>
<property name="queryEntities">
<list>
<bean class="org.apache.ignite.cache.QueryEntity">
<property name="keyType" value="java.lang.Long"></property>
<property name="valueType" value="com.jguo.ignitepersistentstoredemo.model.Person"></property>
<property name="fields">
<map>
<entry key="id" value="java.lang.Long"></entry>
<entry key="name" value="java.lang.String"></entry>
<entry key="orgId" value="java.lang.Long"></entry>
<entry key="salary" value="java.lang.Integer"></entry>
</map>
</property>
</bean>
</list>
</property>
</bean>
</list>
</property>
</bean>
Start one Ignite node bin/ignite.sh config/sample1.xml
Create another xml file sample2.xml and only modify the datasource part
Blockquote
<bean class="org.springframework.jdbc.datasource.DriverManagerDataSource" id="dataSource">
<property name="driverClassName" value="com.mysql.jdbc.Driver"></property>
<property name="url" value="jdbc:mysql://222.xxx.xxx:3306/test"></property>
<property name="username" value="root"></property>
<property name="password" value="xxxx"></property>
</bean>
Start second Ignite node bin/ignite.sh config/sample2.xml
Start a client and put some record in cache personCache
But only one db got the data.
CacheConfiguration should be unified across all the nodes. That's why only one config is in effect.
If you need a CacheStore to operate against multiple DBs, you need to create a custom CacheStore which will have multiple data sources referring to different DBs and implement methods in an appropriate way.

wso2 is secondary user store authentication

I have a wso2 is 5.1.0 server runign on Debian. I have a simple servlet that is authenticating using Oauth2 and works perfectly with the users in the primary store.
I have created a secondary store pointing to an openldap server. I have some users and groups and are seen correctly from the IS. I see that when I try to see the User Profile i get the following error:
Error while loading user profile metadata
But when I try to authenticate using the users in the ldap server i get a Login Failed error. I have tried to use both username, DOMAIN/username and username#DOMAIN but none of the worked.
I am starting to think that it could be related to the Calim configuration as the users in the different stores have different values but I don't know how to solve it.
Any ideas on what I am doing wrong?
UPDATED:
This is how I have defined the secondary store.
<?xml version="1.0" encoding="UTF-8"?><UserStoreManager class="org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager">
<Property name="ConnectionURL">ldap://xxxx:389</Property>
<Property name="ConnectionName">cn=admin,dc=xx,dc=xx</Property>
<Property encrypted="true" name="ConnectionPassword">xxxx</Property>
<Property name="UserSearchBase">ou=users,dc=nextel,dc=es</Property>
<Property name="UserEntryObjectClass">inetOrgPerson</Property>
<Property name="UserNameAttribute">cn</Property>
<Property name="UserNameSearchFilter">(&(objectClass=person)cn=?))</Property>
<Property name="UserNameListFilter">(objectClass=person)</Property>
<Property name="UserDNPattern"/>
<Property name="DisplayNameAttribute"/>
<Property name="Disabled">false</Property>
<Property name="ReadGroups">true</Property>
<Property name="WriteGroups">true</Property>
<Property name="GroupSearchBase">ou=groups,dc=xx,dc=xx</Property>
<Property name="GroupEntryObjectClass">groupOfNames</Property>
<Property name="GroupNameAttribute">cn</Property>
<Property name="GroupNameSearchFilter">(&(objectClass=groupOfNames)(cn=?))</Property>
<Property name="GroupNameListFilter">(objectClass=groupOfNames)</Property>
<Property name="RoleDNPattern"/>
<Property name="MembershipAttribute">member</Property>
<Property name="MemberOfAttribute"/>
<Property name="BackLinksEnabled">false</Property>
<Property name="UserNameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
<Property name="UserNameJavaScriptRegEx">^[\S]{3,30}$</Property>
<Property name="UsernameJavaRegExViolationErrorMsg">Username pattern policy violated.</Property>
<Property name="PasswordJavaRegEx">^[\S]{5,30}$</Property>
<Property name="PasswordJavaScriptRegEx">^[\S]{5,30}$</Property>
<Property name="PasswordJavaRegExViolationErrorMsg">Password pattern policy violated.</Property>
<Property name="RoleNameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
<Property name="RoleNameJavaScriptRegEx">^[\S]{3,30}$</Property>
<Property name="SCIMEnabled">false</Property>
<Property name="BulkImportSupported">true</Property>
<Property name="EmptyRolesAllowed">true</Property>
<Property name="PasswordHashMethod">PLAIN_TEXT</Property>
<Property name="MultiAttributeSeparator">,</Property>
<Property name="MaxUserNameListLength">100</Property>
<Property name="MaxRoleNameListLength">100</Property>
<Property name="kdcEnabled">false</Property>
<Property name="defaultRealmName">WSO2.ORG</Property>
<Property name="UserRolesCacheEnabled">true</Property>
<Property name="ConnectionPoolingEnabled">false</Property>
<Property name="ReadTimeout">5000</Property>
<Property name="LDAPConnectionTimeout">5000</Property>
<Property name="RetryAttempts">0</Property>
<Property name="DomainName">incloudLDAP</Property>
<Property name="Description"/>
</UserStoreManager>
I can see the users in the list and even create a new one on the LDAP through WSO2 Is, but i cannot see the parameters.
UPDATED:
THe user structure in the LDAP is quite simple.
For the authentication issue, you need to verify "UserNameSearchFilter" attribute is correctly configured. It must mapped to the user name attribute in your ladp server.
<Property name="UserNameSearchFilter">(&(objectClass=user)(cn=?))</Property>
Also you can map attibutes from different user stores to a same wso2 claim. In the mapped attibute section use something like follows,
PRIMARY/attribute1;FOO/attribute2;BAR/attribute3
Also refer - https://docs.wso2.com/display/IS510/Adding+Claim+Mapping

Is it possible to generate artifacts for all the tables at once with MyBatis Generator?

I am using MyBatis Generator 1.3.1 from the command-line. I read in the documentation that I need to specify at least one table for object generation, but I was hoping maybe it is possible to use some wildcard and have mappers for all the tables generated at once? We don't want to use Hibernate, because MyBatis seems to handle custom types in the database better.
Thank you for your help!
You can use SQL wildcards, ie:
<table tableName="%">
<property name="useActualColumnNames" value="true"/>
</table>
You can reference: link
If you use MySQL, The crucial point is this:
<table schema="dbName" tableName="%"</table> and
<property name="nullCatalogMeansCurrent" value="true" />
reference:http://www.mybatis.org/generator/usage/intro.html
Settings like this:
<generatorConfiguration>
<properties resource="mybatis-generator/generator.properties"></properties>
<classPathEntry location="${driverLocation}"/>
<context id="default" targetRuntime="MyBatis3">
<property name="javaFileEncoding" value="UTF-8"/>
<commentGenerator type="org.zhang.generator.MyCommentGenerator">
<property name="suppressDate" value="true"/>
<property name="suppressAllComments" value="true"/>
</commentGenerator>
<jdbcConnection
driverClass="${driverClassName}"
connectionURL="${url}"
userId="${username}"
password="${password}">
<property name="nullCatalogMeansCurrent" value="true" />
</jdbcConnection>
<javaTypeResolver>
<property name="forceBigDecimals" value="true"/>
</javaTypeResolver>
<javaModelGenerator targetPackage="com.entity" targetProject="src/main/java">
<property name="enableSubPackages" value="true"/>
</javaModelGenerator>
<sqlMapGenerator targetPackage="daoMappers" targetProject="src/main/resources">
<property name="enableSubPackages" value="true"/>
</sqlMapGenerator>
<javaClientGenerator targetPackage="com.dao" targetProject="src/main/java" type="XMLMAPPER">
<property name="enableSubPackages" value="true"/>
</javaClientGenerator>
<table schema="dbName" tableName="%"
enableSelectByPrimaryKey="true"
enableCountByExample="false"
enableUpdateByExample="false"
enableDeleteByExample="false"
enableSelectByExample="false"
selectByExampleQueryId="false"
enableDeleteByPrimaryKey="false"
enableUpdateByPrimaryKey="false"
enableInsert="false">
<property name="useActualColumnNames" value="true"></property>
</table>
</generatorConfiguration>