sssd/0002-Replace-the-example-sssd.conf-file-with-the-one-used.patch
2009-04-14 21:53:40 +00:00

141 lines
4.2 KiB
Diff

From 2f9fb5b8dcf09a3285386b8bade78bcd6867cb24 Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgallagh@redhat.com>
Date: Tue, 14 Apr 2009 09:30:43 -0400
Subject: [PATCH] Replace the example sssd.conf file with the one used in Fedora
Also remove the [services/infopipe] section, since we're not
shipping InfoPipe yet, and that would be confusing.
---
server/examples/sssd.conf | 103 +++++++++++++++++++++++++++++++--------------
1 files changed, 71 insertions(+), 32 deletions(-)
diff --git a/server/examples/sssd.conf b/server/examples/sssd.conf
index c5fd7e6..b9a421e 100644
--- a/server/examples/sssd.conf
+++ b/server/examples/sssd.conf
@@ -1,50 +1,89 @@
[services]
description = Local Service Configuration
-activeServices = nss, dp, pam, info
+activeServices = nss, dp, pam
[services/nss]
description = NSS Responder Configuration
-timeout = 10
-filterGroups = root, foo@TEST
-filterUsers = root, bar@TEST
+# the following prevents sssd for searching for the root user/group in
+# all domains (you can add here a comma separated list of system accounts are
+# always going to be /etc/passwd users, or that you want to filter out)
+filterGroups = root
+filterUsers = root
[services/dp]
description = Data Provider Configuration
-timeout = 10
[services/pam]
description = PAM Responder Configuration
-timeout = 10
-
-[services/info]
-description = InfoPipe Configuration
-timeout = 10
[services/monitor]
description = Service Monitor Configuration
-sbusTimeout = 10
+#if a backend is particularly slow you can raise this timeout here
+sbusTimeout = 30
[domains]
description = Domains served by SSSD
-domains = LOCAL
-
-[domains/LOCAL]
-description = Reserved domain for local configurations
-enumerate = 3
-minId = 500
-maxId = 999
-legacy = TRUE
-libName = files
-libPath = /lib64/libnss_files.so.2
-magicPrivateGroups = FALSE
-provider = proxy
-auth-module = proxy
-pam-target = sssdproxylocal
-
-[domains/EXAMPLE.COM]
-description = Example LDAP domain
-basedn = dc=example,dc=com
-command = /usr/libexec/sssd/sssd_be --provider ldap --domain EXAMPLE.COM
-provider = ldap
-userSearchBase = ou=user,dc=example,dc=com
+; domains = LOCAL,LDAP
+
+# SSSD will not start if you don't configure any domain.
+# Add new domains condifgurations as [domains/<NAME>] sections.
+# Then add the list of domains (in the order you want them to be
+# queried in the 'domains" attribute above and uncomment it
+
+# Example LOCAL domain that proxies to /etc/passwd and /etc/group files
+# This configuration is meant mostly as a migration path to be able to store
+# additional information about users while still keeping /etc/passwd
+# authoritative.
+
+; [domains/LOCAL]
+; description = LOCAL migration domain
+; enumerate = 3
+; minId = 500
+; magicPrivateGroups = FALSE
+; legacy = TRUE
+;
+; provider = proxy
+; libName = files
+; libPath = libnss_files.so.2
+
+# optionally a file named sssdproxylocal can be place in pam.d configured to
+# check pam_unix only and pam_sss can be used in the normal pam stack
+; auth-module = proxy
+; pam-target = sssdproxylocal
+
+# Example LOCAL domain that stores all users natively in the SSSD internal
+# directory. These local users and groups are not visibile in /etc/passwd, it
+# now contains only root and system accounts.
+
+; [domains/LOCAL]
+; description = LOCAL Users domain
+; enumerate = 3
+; minId = 500
+; maxId = 999
+; legacy = FALSE
+; magicPrivateGroups = TRUE
+
+# Example LDAP domain that uses the proxy backend and the standard nss_ldap
+# and pam_ldap modules (Useful until we have good working native ldap backends).
+# For this to work the /etc/ldap.conf file needs to be correctly configured just
+# like you would do when using nss_ldap in nsswitch.conf, but instead of setting
+# passwd: files ldap, set passwd: files, sss instead there.
+# Also consider using the following setting in /etc/ldap.conf to avoid needless
+# delays if the ldap server is offline:
+# timelimit 10
+# bind_timelimit 5
+# nss_reconnect_maxsleeptime 2
+# nss_reconnect_sleeptime 1
+; [domains/LDAP]
+; description = Proxy request to our LDAP server
+; enumerate = 0
+; minId = 1000
+; legacy = TRUE
+;
+; provider = proxy
+; libName = ldap
+; libPath = libnss_ldap.so.2
+;
+#if a backend is particularly slow you can raise this timeout here
+; timeout = 60
--
1.6.0.6