Introduction / User permission configuration / Configuration / Configuring the server component / service configuration file service.ini
Structure of the service configuration file service.ini
The service.ini file configures the permission service. The key task of the permission service is to provide group hierarchies to the respective input components. Different group hierarchies can be defined that can be identified using a unique name. This makes it possible to define a group hierarchy for each project or to use multiple group hierarchies in a project.
Group hierarchies can basically come from two different sources:
- From an explicitly specified XML file (created manually or through external automation). These XML files can be manually created in FirstSpirit ServerMonitoring (see Configuration - Services).
- Using a script: the group hierarchies can be created automatically using a connector script based on an existing user/group management system (e.g. LDAP or active directory).
In the second case, an XML file is generated for caching the results, but it is generated from a script. The script is called by the service at defined intervals and can modify the XML file, if necessary. A typical, applicable case for a script is the creation of a group file from an LDAP server.
The following global parameters are included in the INI file:
interval = period in seconds in which the INI file is checked for changes.
documents = comma-separated list of symbolic names of available group hierarchies.
NAME.path = path to group XML file.
NAME is a place holder for a value of documents
If the group hierarchy is to be generated using a script, a number of parameters are required:
NAME.path = path to group XML file
NAME.users = path to user XML file
NAME.script = path to the BeanShell script (e.g. for automatic generation of user and group files – users.xml and group.xml).
NAME.script.interval = interval in seconds in which the script is to be called.
(The above mentioned NAME. parameters are possible parameters for each documents entry.)
If a group hierarchy is to be created from an XML file only the parameter NAME.path is required.
Default configuration of the file service.ini:
## global params
# -------------
# check each x seconds for changes
interval=20
# symbolic names for documents
documents=GroupsFile
#
# document specific params
# ------------------------
GroupsFile.path=groups.xml
In addition, parameters can be specified for the LDAP connection:
NAME.ldap.URL = LDAP server URL,
NAME.ldap.userDN = login for LDAP lookup,
NAME.ldap.password = password for LDAP lookup,
NAME.ldap.version = 2 (LDAP protocol version), and
NAME.ldap.ssl = 0|1 specifies whether the LDAP connection is established using SSL.
An LDAP context (javax.naming.directory.*) that is available to the script is generated from the LDAP parameters entered here.
Here is an example of a service.ini with LDAP configuration:
# global params
# -------------
# check each x seconds for changes
interval=20
# symbolic names for documents
documents=GruppenFile, GruppenLdap
# document specific params
# ------------------------
GruppenFile.path=groups.xml
GruppenFile.users=users.xml
GruppenLdap.path=gruppen1.xml
GruppenLdap.script=gruppen1.bsh
GruppenLdap.ldap.URL=ldap://osiris:389/o=e-Spirit
# optional attributes
#GruppenLdap.script.interval=60
GruppenLdap.ldap.userDN=cn=extern1,cn=Recipients,ou=E-SPIRIT,o=e-Spirit
GruppenLdap.ldap.password=geheim
GruppenLdap.ldap.version=2
GruppenLdap.ldap.SSL=0