#7 import cas/ldap/tomcat roles from de-ansible/vmlab

ansible/playbooks/cas-ldap.yml

@@ -0,0 +1,14 @@
+# THIS ANSIBLE PLAYBOOK FOR DEPLOYING AND INSTALLATION CAS AND LDAP
+# current - Mike Conway
+- hosts: cas
+  sudo: yes
+  sudo_user: root
+  roles:
+   - role: java7
+   - role: ldap
+  # - role: apache # install httpd
+   - role: tomcat # install tomcat and configure ajp
+     environment:
+       http_proxy: "{{ proxy_env.https_proxy }}"
+       https_proxy: "{{ proxy_env.https_proxy }}"
+   - role: cas

ansible/playbooks/cas.yml

@@ -0,0 +1,8 @@
+# THIS ANSIBLE PLAYBOOK FOR DEPLOYING AND INSTALLATION CAS AND LDAP
+# current - Mike Conway
+- hosts: cas
+  sudo: yes
+  sudo_user: root
+  roles:
+#   - role: apache # install httpd
+   - role: cas

ansible/roles/cas/README.md

@@ -0,0 +1 @@
+## DE test cas install based on https://github.com/AtlasOfLivingAustralia/ala-install cas components

ansible/roles/cas/files/cas_ssl_cert_file.crt

@@ -0,0 +1,32 @@
+-----BEGIN CERTIFICATE-----
+MIIFljCCBH6gAwIBAgIQd5gcD+kDrCvsoWJZ1MQ8/TANBgkqhkiG9w0BAQsFADB2
+MQswCQYDVQQGEwJVUzELMAkGA1UECBMCTUkxEjAQBgNVBAcTCUFubiBBcmJvcjES
+MBAGA1UEChMJSW50ZXJuZXQyMREwDwYDVQQLEwhJbkNvbW1vbjEfMB0GA1UEAxMW
+SW5Db21tb24gUlNBIFNlcnZlciBDQTAeFw0xNjAyMDQwMDAwMDBaFw0xOTAyMDMy
+MzU5NTlaMIHNMQswCQYDVQQGEwJVUzEOMAwGA1UEERMFMjc1MTQxCzAJBgNVBAgT
+Ak5DMRQwEgYDVQQHEwtDaGFwZWwgSElsbDEfMB0GA1UECRMWMTUzQSBDb3VudHJ5
+IENsdWIgUm9hZDE0MDIGA1UEChMrVW5pdmVyc2l0eSBvZiBOb3J0aCBDYXJvbGlu
+YSBhdCBDaGFwZWwgSGlsbDEXMBUGA1UECxMOT2R1bSBJbnN0aXR1dGUxGzAZBgNV
+BAMTEmRlLWlkLmlyc3MudW5jLmVkdTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBANpOMw7y14GmKNMYazzKcAwutbLKzQRB26CsHwsOYM05jbA3e3pyiaAA
+bsDQVX9cV52XaWSIlQgVbiHKyUXXtIalYIUmBtk3b7QMjmDUcvoD6FgdYEgTSNP4
+QgNSO51geqjS/LHLe+XsUcYBqEsgc+7utg0oxyIE0oAq+t8kllzzZvVh08RlWZOc
+bvokWVaAZovybxp3zo2wLpxcLk7Hmr9B3oT9TUP1qkgBTfUfFhV09tydgxL0XdiE
+CesDI1nzPUr0yA1RF895WmWgaTDifvrlZPvtfxA7YEYZT4AfUCU1RJVhrW5gwaV4
+8m+aiEZqV1X6ttSMh7Bo3jGGgJgrVD8CAwEAAaOCAcYwggHCMB8GA1UdIwQYMBaA
+FB4Fo3ePbJbiW4dLprSGrHEADOc4MB0GA1UdDgQWBBTJf24iL3HeOXGWSAfzNTRK
+3TsaKjAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggr
+BgEFBQcDAQYIKwYBBQUHAwIwZwYDVR0gBGAwXjBSBgwrBgEEAa4jAQQDAQEwQjBA
+BggrBgEFBQcCARY0aHR0cHM6Ly93d3cuaW5jb21tb24ub3JnL2NlcnQvcmVwb3Np
+dG9yeS9jcHNfc3NsLnBkZjAIBgZngQwBAgIwRAYDVR0fBD0wOzA5oDegNYYzaHR0
+cDovL2NybC5pbmNvbW1vbi1yc2Eub3JnL0luQ29tbW9uUlNBU2VydmVyQ0EuY3Js
+MHUGCCsGAQUFBwEBBGkwZzA+BggrBgEFBQcwAoYyaHR0cDovL2NydC51c2VydHJ1
+c3QuY29tL0luQ29tbW9uUlNBU2VydmVyQ0FfMi5jcnQwJQYIKwYBBQUHMAGGGWh0
+dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wHQYDVR0RBBYwFIISZGUtaWQuaXJzcy51
+bmMuZWR1MA0GCSqGSIb3DQEBCwUAA4IBAQCFzdYiGbuDYswr7imzGkxR7fepklHp
+ZeCpagpHoAztDKW2HWQ4MyNjTe+RGfXvS0bYaMlSFfpF7D26Ldsr+vu8OiBISzfO
+6Usf0joV37Z6MSJAG+TW++epLvCQ//nTouERc6tAE8SaaTx014dj73TRTq6VRq8K
+pESxd95n0ORFsC5IziKxzNHZ7DndYesePdsb3TPqacblXQIhTFoqK8gTe4NP+7A1
+vcX1H3VN6b8ob6SSgbeMri5b1PjlDjGYHBZa3JnxnDIObGsZC9VD/hSN+QfqIv0P
+SGes5hd8dtkSVGHiBeFsxZUJ9BOWtUliqFcsGpUg8QuLOJcxMqi6zj3j
+-----END CERTIFICATE-----

ansible/roles/cas/files/cas_ssl_key_file.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDaTjMO8teBpijT
+GGs8ynAMLrWyys0EQdugrB8LDmDNOY2wN3t6comgAG7A0FV/XFedl2lkiJUIFW4h
+yslF17SGpWCFJgbZN2+0DI5g1HL6A+hYHWBIE0jT+EIDUjudYHqo0vyxy3vl7FHG
+AahLIHPu7rYNKMciBNKAKvrfJJZc82b1YdPEZVmTnG76JFlWgGaL8m8ad86NsC6c
+XC5Ox5q/Qd6E/U1D9apIAU31HxYVdPbcnYMS9F3YhAnrAyNZ8z1K9MgNURfPeVpl
+oGkw4n765WT77X8QO2BGGU+AH1AlNUSVYa1uYMGlePJvmohGaldV+rbUjIewaN4x
+hoCYK1Q/AgMBAAECggEAG6QPHvNsigPp42CSI25WZZR8eRjogIN+NYfVnmbBpvqE
+kC1WOxjJiDLF0zANw0SD63ZCZ/JLPGzKNwkgFvHK78l8wR8hettkD14PoP8FV9aq
+0o1VpYqbjAtBAH6nAbQ3k6yzRifHlkMnz3RiRLDlPPmIn33sSMhnhsbqYNqXF0mW
+eUEQ16bRJIXZWnriVJuNQ4HOcdm3A2qQehs//r/JrJTV10uSgnnQRTkKkJTtj36r
+7bi4TqVl+Fc64zCl50Tj0huX/2EDGpOaBHpqoOdQXgawowhN9lOo4jTY6S9ruAKn
+lppH7fVYTJwI8NyuMuVfoNlGXgauzfNdA5maHuv2kQKBgQDznbmHskjwwWLO5Utq
+dXsrNJdjzG0So8Jv3j1c/JQbpchPEdgxlJYrUSBUiui8nWwqhpJB8X4RQRF9KIgf
+XXOXInkdoOeQ6tMZB7/NVd6Hj4XbYKlDSwXDYwXx6fWYe2asMiUYsadtNsFOnmab
+Mc5gH+08M09vGtB1BA0GhA5CgwKBgQDlZxjWgc0o+vqxiGg9sAhxurlTYgdAiZBV
+Bu/MQvexzo2pe9zsW8HjEvlqJ8Z65erz0CGmtgx2P4wePTgos4r38ZYxtIKf5R8M
+fGgCfH2KiVPa/99xrZbhAn11N6A35ZWYaRoyYKA1lUVCTQy2fNYiVW5QI5Tu+llS
+cRSadKyKlQKBgQCv1/RYP1co+N3ia13RXTVnjVGNRrygTLYHW4o9eU9K2ZJJiJ7d
+wtvWLnvAqnet1Y+C7pnZoX+W4rnF9qCyyxipScfUnBUp5GY1VgObKlUy0mUTYaUr
+npZtXyemY3LT+pa0yok+VtV8Hp7PqcR0VzIY7lKmNn8qulcnb6IbRuyoEwKBgQDW
+lQyHwl0dQz9zB2yyn1IWyBoI5D5yYPtQfa+betzlRpf+fG1X7jC77oi9gr1HQn/3
+Vq3TmqCnj6PKuWspr2CDs0jR787sME9Nx6UnBjoMd46n4Qaq+DyU91ZRahoFj0zS
+hyXJD9dsp9dkQFxu6vEGprEMZ2wt6qHY2wvxuseWzQKBgDns8/6cioU6tAWk4ig2
+p2VqxDHk/2sorvqfQznd60K0Az4q7m/lnNXOS/0p8TZHTFmG9G62Di1T0wpZSrzh
+6/XcIm1GHrQMM38eGHo3UZOufXYoSb9z1mkuKrQvkxdNHxdKbMEwDDH34RMSqRs+
+xyO+XGC1uUv4ammd3A/6ZaO7
+-----END PRIVATE KEY-----

ansible/roles/cas/files/dhparams.pem

@@ -0,0 +1,8 @@
+-----BEGIN DH PARAMETERS-----
+MIIBCAKCAQEA8ctOvABWUQ7FyQZkvjfjMLhZOIVxD6gLmKXIT5xBfvy90+POTxQN
+IaLxIsyUimHqKNtQayqBB3eYyn85HdYwkHblzH9LrVNoBga+7lR6dAh9Xa3/F85T
+D4wWhbqGAE5l6YNoosGK8r8ik0symMzExVaTkMHfRYe6m+wwNl9aUk6EShF/O+Dh
+VSlyAWAfRpum64gncliIo5Q2BU2L/5pobYLApym+HIViaSzW8Iyd6lzf13Lxal2A
++WPgiU8+rPwMkjP/6n7wGaAwRf91CI1aK9CqH1Dn34E9u6CJe4H3WI5zHvF1pSAN
+rcmcEU0dzy+9SxRilglWu9BH5ZSfBo/4kwIBAg==
+-----END DH PARAMETERS-----

ansible/roles/cas/files/server.crt

@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID1TCCAr2gAwIBAgIJAK0VZ1CzcRxoMA0GCSqGSIb3DQEBCwUAMIGAMQswCQYD
+VQQGEwJVUzEXMBUGA1UECAwOTm9ydGggQ2Fyb2xpbmExFDASBgNVBAcMC0NoYXBl
+bCBIaWxsMQwwCgYDVQQKDANERkMxDDAKBgNVBAsMA0RGQzEmMCQGA1UEAwwdZGZj
+LXRlc3Qtdm1sYWIxLmVkYy5yZW5jaS5vcmcwHhcNMTYwMjE1MjExOTU4WhcNMTcw
+MjE0MjExOTU4WjCBgDELMAkGA1UEBhMCVVMxFzAVBgNVBAgMDk5vcnRoIENhcm9s
+aW5hMRQwEgYDVQQHDAtDaGFwZWwgSGlsbDEMMAoGA1UECgwDREZDMQwwCgYDVQQL
+DANERkMxJjAkBgNVBAMMHWRmYy10ZXN0LXZtbGFiMS5lZGMucmVuY2kub3JnMIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvwS4uYIR0Lc0vlczzO5Rdc7B
+6Bajl35LWTB2wnmL3rsiYrWWewVZEFBDk6uI9LkU/Mnf0+1XINxpwd9S4STwqCZc
+pAliDekl0Rf1sP5tPtVjHQ20cgpuvsMgMaqd+dMLbIZJNVBXPbhotmhro74DxjTR
+PbUllj0veXp6b85LpSl93ewFUWWyxd81M4lyKlzHaM7D7u4OyINZypgnqnIPJMiz
+peqoSNWsqkj+tK2z+mt8SE38at9/bjJQqg0vivNCM0XKRySqhyRdEaiR27Y2HnnA
+2B0+eB7tkeDO4YwxrvMODSLFeHCoDDyVPMacq3VoKJPIEYDcDGk9C8Cok/vD9wID
+AQABo1AwTjAdBgNVHQ4EFgQUvJjOlPWBdm1igD26wPgt5OC+L4IwHwYDVR0jBBgw
+FoAUvJjOlPWBdm1igD26wPgt5OC+L4IwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0B
+AQsFAAOCAQEAHfp3p/RlGaCI7dMSO3OIgZRY7lkcVdPgqAKOXkEpIAaUdfmEqRmC
+a7xFcwAFRIXjZvrkKnjKcMoZGs8rhtA0MMSmJPUyuBG80AR4OliinaB5F6Ilz4ly
+cAtHPpqeEMApoSBVIGaWJaXitDpgX1/A9c08LRENT59r6ZWyYBi1hY5s8X6r4Aj5
+T6kH7Ib+OwkNFEJehJUiWB39p3dWCjER8gXDQwbcc1C9hGWpNChg6Fdymr9mlaa1
+TE5KAk+I+XCDxmJ31lqQlZMgQbkAUiE9D9+ZxyZ5waNAG36by/JfC5qZUaYoguLB
+XLyLj7KtL/b+Y0Qy1L8iG+xUJyMAIWdOww==
+-----END CERTIFICATE-----

ansible/roles/cas/files/server.key

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAvwS4uYIR0Lc0vlczzO5Rdc7B6Bajl35LWTB2wnmL3rsiYrWW
+ewVZEFBDk6uI9LkU/Mnf0+1XINxpwd9S4STwqCZcpAliDekl0Rf1sP5tPtVjHQ20
+cgpuvsMgMaqd+dMLbIZJNVBXPbhotmhro74DxjTRPbUllj0veXp6b85LpSl93ewF
+UWWyxd81M4lyKlzHaM7D7u4OyINZypgnqnIPJMizpeqoSNWsqkj+tK2z+mt8SE38
+at9/bjJQqg0vivNCM0XKRySqhyRdEaiR27Y2HnnA2B0+eB7tkeDO4YwxrvMODSLF
+eHCoDDyVPMacq3VoKJPIEYDcDGk9C8Cok/vD9wIDAQABAoIBAEjhl02IWB3HWQNq
+qCP/pesKCSfxQ1ew4zTTbeyDjZ9czSDWYeTsRHAZ/76fCzE8UMqmh5UHkF/EWUGU
+YL3wZzXw9RXNUrE2DKy7tI1kdfAsYJWcPgXo/xofvu/URlQkds5gahxCXBb7flBi
+hPdDr5L3YgJmVEH/dFaoKYDxOCF6ie2Ph6+voOMPt8asw3xQc6jfQ6TZjeA5oCF0
+Av4pxTeuxAJnRxr87hgdmVnPuuyoUruHB5dCqKP0R9W5dM8FEDVAUZZAjsxyCBOp
+8tFxhEQyYRRVZN6jlwFUHmctMUADf2Vt3LbjORwBvrtQ9HBTj9x3j9xBM16BJIZG
+gGhROnECgYEA/YPrtWUhYAgmwGLxxBHPTnv4Yanad2i40dvDBpDV1hjUTqOpJWME
+fC1JG9iT+ACi+OQFHfW4ul9SgFiNXVkvlL0OBHU5CPxer0FzyrhlyyPvRqc0ONKB
+lpRA5JnimXTQFjH+bn7AbpqtuC/qy13XwV8740oMWolWolqgsE1na18CgYEAwOP+
+b6XrL4vTJffj9h59xII1vr+Cmq7s5Wo1aaT2IO6Cr03Mfx4ArrOHsBXnNnLId+LE
+SUml2CAIrPI40L73rx37Vvpju19VlAmJ1xBuklYXoqeFtjsVgZy2AEx6fEZ/EylQ
++crEuyVWhtX3SdzIiU+mlEesshV4W+Xz07fDhmkCgYBwIjXUGlNU4sYhOqKtkyMb
+GAKZUEPtpUh6qrXs5YtwE7N0xTc/7jhBpNY9luJ8Q+vSIymQQuveo+MeGg0NSTGe
+nLDij+cWbmqDInRRKpb7730ax0J2D8Z6EEFT3C06q0yPRLXBshbz1T8ZxTgZk/ym
+77TRqCMmuLC1R1jkIpioCQKBgE5j2eFx4pSeFJ+XkLNTTPVxnXn5xpAqiufpM+/N
+NKHJjJ7F1VfLz6cwGvK61A5Ss5nVNMQ8BARDcIMopWJgWbR3UM/WTnW1lsfk4Hng
+ma8rAcv+nN6kQGc+UtDoQ9cBp18YKWp6t1z/HZ0Kk8cWzQDQt/gG8O4mv5VJbMAc
+LIARAoGBAJipgmnhis2Jh3rPrR5qpzuB7LiGRVY1W3gTypR7t4f1rn7ZN3E1/6QS
+ZZRl+gsP0hO15sTtcDu3tjPNXzrUSCMpAPkvAdmY6mXP30zcgUYsEoI5jgJmMqD1
+QbeAXXVSnqjhTJPW2e6Zj3oll6xM52eEdStEHu1GLbZ8/o3ltJo5
+-----END RSA PRIVATE KEY-----

ansible/roles/cas/handlers/main.yml

@@ -0,0 +1,4 @@
+---
+- name: reload apache
+  service: name=httpd state=restarted
+

ansible/roles/cas/old/defaults/main.yml

@@ -0,0 +1,11 @@
+tomcat_user: tomcat
+cas_port: 8080
+ldap_port: 389
+ldap_use_starttls: false
+ldap_search_base_dn:  ou=Users,DC=dfc,DC=org
+ldap_manager_dn: cn=admin,DC=dfc,DC=org
+ldap_admin_password: password
+do_ssl_config: false
+cas_context_path: cas
+cas_git_url: https://github.com/github/cas-overlay.git
+cas_git_project_name: cas-overlay

ansible/roles/cas/tasks/main.yml

@@ -0,0 +1,95 @@
+
+#
+# Properties file configuration
+#
+- name: ensure data directory exists
+  file: path=/etc/cas state=directory owner={{tomcat_user}} group={{tomcat_user}}
+  tags:
+    - cas
+    - properties
+
+- name: copy all template configs
+  template: src=config/cas.properties dest=/etc/cas/cas.properties
+  tags:
+    - cas
+    - properties
+
+- name: add proxy for maven
+  template: src=maven/settings.xml dest=/root/.m2/settings.xml
+  sudo: yes
+  tags:
+    - cas
+    - properties
+
+- name: copy log4j.xml
+  template: src=log4j.xml.j2 dest=/etc/cas/log4j2.xml
+  tags:
+    - cas
+    - properties
+
+- name: set data ownership [all data is owned by tomcat]
+  file: path=/etc/cas owner={{tomcat_user}} group={{tomcat_user}} recurse=true
+  tags:
+    - cas
+    - properties
+
+- name: ensure ssl certificate directory exists (if required)
+  file: path={{ ssl_certificate_server_dir }} state=directory owner={{tomcat_user}} group={{tomcat_user}}
+  when: cas_do_ssl_config
+  tags:
+    - cas
+    - properties
+    - apache_vhost
+
+- name: copy SSL public key
+  copy: src={{ cas_ssl_cert_file }} dest={{ssl_certificate_server_dir}}/{{cas_ssl_cert_file}}
+  when: cas_do_ssl_config
+  tags:
+    - cas
+    - properties
+    - apache_vhost
+
+- name: copy SSL private key
+  copy: src={{ cas_ssl_key_file }} dest={{ssl_certificate_server_dir}}/{{cas_ssl_key_file}}
+  when: cas_do_ssl_config
+  tags:
+        - cas
+        - properties
+        - apache_vhost
+
+- name: set data ownership [all data is owned by tomcat]
+  file: path={{ssl_certificate_server_dir}} owner={{tomcat_user}} group={{tomcat_user}} recurse=true
+  when: cas_do_ssl_config
+  tags:
+    - cas
+    - properties
+
+#
+# WAR file deployment and virtual host configuration
+#
+
+
+- name: cas | download overlay
+  git: repo={{cas_git_url}}
+       dest=/home/{{ ansible_user }}/casbuild/{{cas_git_project_name}}
+
+- name: cas | build cas overlay
+  sudo: yes
+  shell:
+       cd /home/{{ansible_user}}/casbuild/{{cas_git_project_name}}; mvn clean; mvn package;
+       cp target/{{cas_git_project_name}}.war target/cas.war;
+       cp target/cas.war /usr/share/tomcat/webapps/cas.war
+
+ # KLUDGE
+- include: ../../apache_vhost/tasks/main.yml 
+     context_path='{{ cas_context_path }}' 
+     hostname="localhost"
+     ssl="{{cas_do_ssl_config}}"
+     vhost_required="no" # KLUDGE
+   #  ssl_cert_file='{{ssl_certificate_server_dir}}/{{ ssl_cert_file }}'  # KLUDGE
+    # ssl_key_file='{{ssl_certificate_server_dir}}/{{ ssl_key_file }}'
+    # ssl_chain_file='{{ssl_certificate_server_dir}}/{{ ssl_chain_file }}'
+  tags:
+    - cas
+    - deploy
+    - apache_vhost

ansible/roles/cas/templates/config/cas.properties

@@ -0,0 +1,106 @@
+cas.host={{inventory_hostname}}
+
+cas.securityContext.serviceProperties.service=http://{{inventory_hostname}}:{{cas_port}}/cas/services/j_acegi_cas_security_check
+cas.securityContext.serviceProperties.adminRoles=ROLE_ADMIN
+cas.securityContext.casProcessingFilterEntryPoint.loginUrl=http:/{{inventory_hostname}}:{{cas_port}}/cas/login
+cas.securityContext.ticketValidator.casServerUrlPrefix=http://{{inventory_hostname}}:{{cas_port}}/cas
+cas.themeResolver.defaultThemeName=cas-theme-default
+cas.viewResolver.basename=default_views
+# Spring Security's EL-based access rules for the /status URI of CAS that exposes health check information
+cas.securityContext.status.access=hasIpAddress('127.0.0.1')
+
+# Spring Security's EL-based access rules for the /statistics URI of CAS that exposes stats about the CAS server
+cas.securityContext.statistics.access=hasIpAddress('127.0.0.1')
+
+tgc.encryption.key=1PbwSbnHeinpkZOSZjuSJ8yYpUrInm5aaV18J2Ar4rM
+
+# The signing secret key. By default, must be a octet string of size 512.
+tgc.signing.key=szxK-5_eJjs-aUj-64MpUZ-GPPzGLhYPLGl0wrYjYNVAGva2P0lLe6UGKGM7k8dWxsOVGutZWgvmY3l5oVPO3w
+
+
+host.name={{inventory_hostname}}
+
+## Log4J
+log4j.config.location=file:///etc/cas/log4j2.xml
+log4j.refresh.interval=60000
+
+#database.hibernate.dialect=org.hibernate.dialect.HSQLDialect
+
+##
+# Single Sign-On Session Timeouts
+# Defaults sourced from WEB-INF/spring-configuration/ticketExpirationPolices.xml
+#
+# Maximum session timeout - TGT will expire in maxTimeToLiveInSeconds regardless of usage
+tgt.maxTimeToLiveInSeconds=28800
+
+#
+# Idle session timeout -  TGT will expire sooner than maxTimeToLiveInSeconds if no further requests
+# for STs occur within timeToKillInSeconds
+tgt.timeToKillInSeconds=7200
+
+##
+# Service Ticket Timeout
+# Default sourced from WEB-INF/spring-configuration/ticketExpirationPolices.xml
+#
+# Service Ticket timeout - typically kept short as a control against replay attacks, default is 10s.  You'll want to
+# increase this timeout if you are manually testing service ticket creation/validation via tamperdata or similar tools
+
+# Set to 3 min here for easy testing/demonstrating new features.
+st.timeToKillInSeconds=10
+
+#========================================
+# LDAP Properties
+#========================================
+ldap.url=ldap://{{ldap_host}}
+
+# LDAP connection timeout in milliseconds
+ldap.connectTimeout=3000
+
+# Whether to use StartTLS (probably needed if not SSL connection)
+ldap.useStartTLS={{ldap_use_starttls}}
+ldap.trustedCert=
+
+#========================================
+# LDAP connection pool configuration
+#========================================
+ldap.pool.minSize=2
+ldap.pool.maxSize=3
+ldap.pool.validateOnCheckout=false
+ldap.pool.validatePeriodically=true
+
+# Amount of time in milliseconds to block on pool exhausted condition
+# before giving up.
+ldap.pool.blockWaitTime=3000
+
+# Frequency of connection validation in seconds
+# Only applies if validatePeriodically=true
+ldap.pool.validatePeriod=300
+
+# Attempt to prune connections every N seconds
+ldap.pool.prunePeriod=300
+
+# Maximum amount of time an idle connection is allowed to be in
+# pool before it is liable to be removed/destroyed
+ldap.pool.idleTime=600
+
+#========================================
+# Authentication
+#========================================
+
+# Base DN of users to be authenticated
+ldap.authn.baseDn={{ldap_search_base_dn}}
+
+# Manager DN for authenticated searches
+ldap.authn.managerDN={{ldap_manager_dn}}
+
+# Manager password for authenticated searches
+ldap.authn.managerPassword={{ldap_admin_password}}
+
+# Search filter used for configurations that require searching for DNs
+#ldap.searchFilter=(uid={user})
+ldap.authn.searchFilter=(uid={user})
+
+# Search filter used for configurations that require searching for DNs
+#ldap.authn.format=cn=%s,dc=com
+ldap.format=%s
+