From 276bbb1dfb4436da291010aa1f04a61b7e03b73a Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Mon, 13 Apr 2009 15:49:54 +0000 Subject: [PATCH] - Version 0.3.0 - Provides file based configuration and lots of improvements --- .cvsignore | 2 +- sources | 2 +- sssd.conf.default | 93 +++++++++++++++++++++++++++++++++++++++++++++++ sssd.spec | 25 +++++++++++-- 4 files changed, 116 insertions(+), 6 deletions(-) create mode 100644 sssd.conf.default diff --git a/.cvsignore b/.cvsignore index 463bd23..976213f 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1 @@ -sssd-0.2.1.tar.gz +sssd-0.3.0.tar.gz diff --git a/sources b/sources index 0c11c83..23cb171 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -61c77ffd7aa0295862d534ceb6688284 sssd-0.2.1.tar.gz +b6b93c71f8907af5c66ca561d24b052c sssd-0.3.0.tar.gz diff --git a/sssd.conf.default b/sssd.conf.default new file mode 100644 index 0000000..4c993da --- /dev/null +++ b/sssd.conf.default @@ -0,0 +1,93 @@ +[services] +description = Local Service Configuration +activeServices = nss, dp, pam + +[services/nss] +description = NSS Responder Configuration +timeout = 150 +# the following prevents sssd for searching for the root user/group in +# all domains (you can add here a comma separated list of system accounts are +# always going to be /etc/passwd users, or that you want to filter out) +filterGroups = root +filterUsers = root + +[services/dp] +description = Data Provider Configuration +timeout = 150 + +[services/pam] +description = PAM Responder Configuration +timeout = 150 + +[services/info] +description = InfoPipe Configuration +timeout = 150 + +[services/monitor] +description = Service Monitor Configuration +sbusTimeout = 150 +servicePingTime = 300 + +[domains] +description = Domains served by SSSD +; domains = LOCAL,LDAP + +# SSSD will not start if you don't configure any domain. +# Add new domains condifgurations as [domains/] sections. +# Then add the list of domains (in the order you want them to be +# queried in the 'domains" attribute above and uncomment it + +# Example LOCAL domain that proxies to /etc/passwd and /etc/group files +# This configuration is meant mostly as a migration path to be able to store +# additional information about users while still keeping /etc/passwd +# authoritative. + +; [domains/LOCAL] +; description = LOCAL migration domain +; enumerate = 3 +; minId = 500 +; magicPrivateGroups = FALSE +; legacy = TRUE +; +; provider = proxy +; libName = files +; libPath = libnss_files.so.2 + +# optionally a file named sssdproxylocal can be place in pam.d configured to +# check pam_unix only and pam_sss can be used in the normal pam stack +; auth-module = proxy +; pam-target = sssdproxylocal + +# Example LOCAL domain that stores all users natively in the SSSD internal +# directory. These local users and groups are not visibile in /etc/passwd, it +# now contains only root and system accounts. + +; [domains/LOCAL] +; description = LOCAL Users domain +; enumerate = 3 +; minId = 500 +; maxId = 999 +; legacy = FALSE +; magicPrivateGroups = TRUE + +# Example LDAP domain that uses the proxy backend and the standard nss_ldap +# and pam_ldap modules (Useful until we have good working native ldap backends). +# For this to work the /etc/ldap.conf file needs to be correctly configured just +# like you would do when using nss_ldap in nsswitch.conf, but instead of setting +# passwd: files ldap, set passwd: files, sss instead there. +# Also consider using the following setting in /etc/ldap.conf to avoid needless +# delays if the ldap server is offline: +# timelimit 10 +# bind_timelimit 5 +# nss_reconnect_maxsleeptime 2 +# nss_reconnect_sleeptime 1 + +; [domains/LDAP] +; description = Proxy request to our LDAP server +; enumerate = 0 +; minId = 1000 +; legacy = TRUE +; +; provider = proxy +; libName = ldap +; libPath = libnss_ldap.so.2 diff --git a/sssd.spec b/sssd.spec index 7399171..ff84e63 100644 --- a/sssd.spec +++ b/sssd.spec @@ -1,12 +1,15 @@ Name: sssd -Version: 0.2.1 +Version: 0.3.0 Release: 1%{?dist} Group: Applications/System Summary: System Security Services Daemon + # The entire source code is GPLv3+ except replace/ which is LGPLv3+ License: GPLv3+ and LGPLv3+ URL: http://fedorahosted.org/sssd Source: https://fedorahosted.org/sssd/attachment/wiki/WikiStart/sssd-%{version}.tar.gz + +Source1: sssd.conf.default BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) ### Patches ### @@ -47,6 +50,15 @@ services for projects like FreeIPA. %build +# common +pushd common +autoreconf -i -f +%configure --disable-shared \ + --enable-static + +make %{?_smp_mflags} +popd + # sssd pushd server ./autogen.sh @@ -54,7 +66,7 @@ pushd server --sysconfdir=%{_sysconfdir} \ --without-tests \ --without-policykit \ - --with-infopipe \ + --without-infopipe \ --with-init-dir=%{_initrddir} \ make %{?_smp_mflags} @@ -78,6 +90,8 @@ pushd sss_client make install DESTDIR=$RPM_BUILD_ROOT popd +install -m700 %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/sssd/sssd.conf + %clean rm -rf $RPM_BUILD_ROOT @@ -99,8 +113,7 @@ rm -rf $RPM_BUILD_ROOT %attr(700,root,root) %dir /var/lib/sss/db %dir /var/lib/sss/pipes %attr(700,root,root) %dir /var/lib/sss/pipes/private -%config(noreplace) %{_sysconfdir}/dbus-1/system.d/org.freeipa.sssd.infopipe.conf -%{_datadir}/%{name}/introspect/infopipe/org.freeipa.sssd.infopipe.Introspect.xml +%config(noreplace) %{_sysconfdir}/sssd/sssd.conf /%{_lib}/libnss_sss.so /%{_lib}/libnss_sss.so.2 /%{_lib}/security/pam_sss.so @@ -122,6 +135,10 @@ if [ $1 -ge 1 ] ; then fi %changelog +* Mon Apr 13 2009 Simo Sorce - 0.3.0-1 +- Version 0.3.0 +- Provides file based configuration and lots of improvements + * Tue Mar 10 2009 Simo Sorce - 0.2.1-1 - Version 0.2.1