rpms/sssd
5
0
Fork 0
Code Issues Pull Requests Releases Activity

add patch 0002 too

Browse Source
This commit is contained in:
Simo Sorce 2009-04-14 21:53:40 +00:00
parent d4c7182341
commit cb09420cd2
2 changed files with 142 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

140
0002-Replace-the-example-sssd.conf-file-with-the-one-used.patch Normal file
View File

@ -0,0 +1,140 @@
From 2f9fb5b8dcf09a3285386b8bade78bcd6867cb24 Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgallagh@redhat.com>
Date: Tue, 14 Apr 2009 09:30:43 -0400
Subject: [PATCH] Replace the example sssd.conf file with the one used in Fedora
Also remove the [services/infopipe] section, since we're not
shipping InfoPipe yet, and that would be confusing.
---
server/examples/sssd.conf | 103 +++++++++++++++++++++++++++++++--------------
1 files changed, 71 insertions(+), 32 deletions(-)
diff --git a/server/examples/sssd.conf b/server/examples/sssd.conf
index c5fd7e6..b9a421e 100644
--- a/server/examples/sssd.conf
+++ b/server/examples/sssd.conf
@@ -1,50 +1,89 @@
[services]
description = Local Service Configuration
-activeServices = nss, dp, pam, info
+activeServices = nss, dp, pam
[services/nss]
description = NSS Responder Configuration
-timeout = 10
-filterGroups = root, foo@TEST
-filterUsers = root, bar@TEST
+# the following prevents sssd for searching for the root user/group in
+# all domains (you can add here a comma separated list of system accounts are
+# always going to be /etc/passwd users, or that you want to filter out)
+filterGroups = root
+filterUsers = root
[services/dp]
description = Data Provider Configuration
-timeout = 10
[services/pam]
description = PAM Responder Configuration
-timeout = 10
-
-[services/info]
-description = InfoPipe Configuration
-timeout = 10
[services/monitor]
description = Service Monitor Configuration
-sbusTimeout = 10
+#if a backend is particularly slow you can raise this timeout here
+sbusTimeout = 30
[domains]
description = Domains served by SSSD
-domains = LOCAL
-
-[domains/LOCAL]
-description = Reserved domain for local configurations
-enumerate = 3
-minId = 500
-maxId = 999
-legacy = TRUE
-libName = files
-libPath = /lib64/libnss_files.so.2
-magicPrivateGroups = FALSE
-provider = proxy
-auth-module = proxy
-pam-target = sssdproxylocal
-
-[domains/EXAMPLE.COM]
-description = Example LDAP domain
-basedn = dc=example,dc=com
-command = /usr/libexec/sssd/sssd_be --provider ldap --domain EXAMPLE.COM
-provider = ldap
-userSearchBase = ou=user,dc=example,dc=com
+; domains = LOCAL,LDAP
+
+# SSSD will not start if you don't configure any domain.
+# Add new domains condifgurations as [domains/<NAME>] sections.
+# Then add the list of domains (in the order you want them to be
+# queried in the 'domains" attribute above and uncomment it
+
+# Example LOCAL domain that proxies to /etc/passwd and /etc/group files
+# This configuration is meant mostly as a migration path to be able to store
+# additional information about users while still keeping /etc/passwd
+# authoritative.
+
+; [domains/LOCAL]
+; description = LOCAL migration domain
+; enumerate = 3
+; minId = 500
+; magicPrivateGroups = FALSE
+; legacy = TRUE
+;
+; provider = proxy
+; libName = files
+; libPath = libnss_files.so.2
+
+# optionally a file named sssdproxylocal can be place in pam.d configured to
+# check pam_unix only and pam_sss can be used in the normal pam stack
+; auth-module = proxy
+; pam-target = sssdproxylocal
+
+# Example LOCAL domain that stores all users natively in the SSSD internal
+# directory. These local users and groups are not visibile in /etc/passwd, it
+# now contains only root and system accounts.
+
+; [domains/LOCAL]
+; description = LOCAL Users domain
+; enumerate = 3
+; minId = 500
+; maxId = 999
+; legacy = FALSE
+; magicPrivateGroups = TRUE
+
+# Example LDAP domain that uses the proxy backend and the standard nss_ldap
+# and pam_ldap modules (Useful until we have good working native ldap backends).
+# For this to work the /etc/ldap.conf file needs to be correctly configured just
+# like you would do when using nss_ldap in nsswitch.conf, but instead of setting
+# passwd: files ldap, set passwd: files, sss instead there.
+# Also consider using the following setting in /etc/ldap.conf to avoid needless
+# delays if the ldap server is offline:
+# timelimit 10
+# bind_timelimit 5
+# nss_reconnect_maxsleeptime 2
+# nss_reconnect_sleeptime 1
+; [domains/LDAP]
+; description = Proxy request to our LDAP server
+; enumerate = 0
+; minId = 1000
+; legacy = TRUE
+;
+; provider = proxy
+; libName = ldap
+; libPath = libnss_ldap.so.2
+;
+#if a backend is particularly slow you can raise this timeout here
+; timeout = 60
--
1.6.0.6

2
sssd.spec
View File

@ -14,6 +14,7 @@ BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
### Patches ### ### Patches ###
Patch101: 0001-Add-reconnection-code-between-the-NSS-responder-and.patch Patch101: 0001-Add-reconnection-code-between-the-NSS-responder-and.patch
Patch102: 0002-Replace-the-example-sssd.conf-file-with-the-one-used.patch
Patch103: 0003-Make-reconnection-to-the-Data-Provider-a-global-sett.patch Patch103: 0003-Make-reconnection-to-the-Data-Provider-a-global-sett.patch
Patch104: 0004-Add-common-function-to-retrieve-comma-sep.-lists.patch Patch104: 0004-Add-common-function-to-retrieve-comma-sep.-lists.patch
Patch105: 0005-Fixing-memory-issues-in-ini-and-collection.patch Patch105: 0005-Fixing-memory-issues-in-ini-and-collection.patch
@ -56,6 +57,7 @@ services for projects like FreeIPA.
%setup -q %setup -q
%patch101 -p1 -b .reconnect %patch101 -p1 -b .reconnect
%patch102 -p1 -b .examples
%patch103 -p1 -b .global_reconnect_option %patch103 -p1 -b .global_reconnect_option
%patch104 -p1 -b .fix_filters %patch104 -p1 -b .fix_filters
%patch105 -p1 -b .fix_mem_issues %patch105 -p1 -b .fix_mem_issues