141 lines
4.2 KiB
Diff
141 lines
4.2 KiB
Diff
From 2f9fb5b8dcf09a3285386b8bade78bcd6867cb24 Mon Sep 17 00:00:00 2001
|
|
From: Stephen Gallagher <sgallagh@redhat.com>
|
|
Date: Tue, 14 Apr 2009 09:30:43 -0400
|
|
Subject: [PATCH] Replace the example sssd.conf file with the one used in Fedora
|
|
|
|
Also remove the [services/infopipe] section, since we're not
|
|
shipping InfoPipe yet, and that would be confusing.
|
|
---
|
|
server/examples/sssd.conf | 103 +++++++++++++++++++++++++++++++--------------
|
|
1 files changed, 71 insertions(+), 32 deletions(-)
|
|
|
|
diff --git a/server/examples/sssd.conf b/server/examples/sssd.conf
|
|
index c5fd7e6..b9a421e 100644
|
|
--- a/server/examples/sssd.conf
|
|
+++ b/server/examples/sssd.conf
|
|
@@ -1,50 +1,89 @@
|
|
[services]
|
|
description = Local Service Configuration
|
|
-activeServices = nss, dp, pam, info
|
|
+activeServices = nss, dp, pam
|
|
|
|
[services/nss]
|
|
description = NSS Responder Configuration
|
|
-timeout = 10
|
|
-filterGroups = root, foo@TEST
|
|
-filterUsers = root, bar@TEST
|
|
+# the following prevents sssd for searching for the root user/group in
|
|
+# all domains (you can add here a comma separated list of system accounts are
|
|
+# always going to be /etc/passwd users, or that you want to filter out)
|
|
+filterGroups = root
|
|
+filterUsers = root
|
|
|
|
[services/dp]
|
|
description = Data Provider Configuration
|
|
-timeout = 10
|
|
|
|
[services/pam]
|
|
description = PAM Responder Configuration
|
|
-timeout = 10
|
|
-
|
|
-[services/info]
|
|
-description = InfoPipe Configuration
|
|
-timeout = 10
|
|
|
|
[services/monitor]
|
|
description = Service Monitor Configuration
|
|
-sbusTimeout = 10
|
|
+#if a backend is particularly slow you can raise this timeout here
|
|
+sbusTimeout = 30
|
|
|
|
[domains]
|
|
description = Domains served by SSSD
|
|
-domains = LOCAL
|
|
-
|
|
-[domains/LOCAL]
|
|
-description = Reserved domain for local configurations
|
|
-enumerate = 3
|
|
-minId = 500
|
|
-maxId = 999
|
|
-legacy = TRUE
|
|
-libName = files
|
|
-libPath = /lib64/libnss_files.so.2
|
|
-magicPrivateGroups = FALSE
|
|
-provider = proxy
|
|
-auth-module = proxy
|
|
-pam-target = sssdproxylocal
|
|
-
|
|
-[domains/EXAMPLE.COM]
|
|
-description = Example LDAP domain
|
|
-basedn = dc=example,dc=com
|
|
-command = /usr/libexec/sssd/sssd_be --provider ldap --domain EXAMPLE.COM
|
|
-provider = ldap
|
|
-userSearchBase = ou=user,dc=example,dc=com
|
|
+; domains = LOCAL,LDAP
|
|
+
|
|
+# SSSD will not start if you don't configure any domain.
|
|
+# Add new domains condifgurations as [domains/<NAME>] sections.
|
|
+# Then add the list of domains (in the order you want them to be
|
|
+# queried in the 'domains" attribute above and uncomment it
|
|
+
|
|
+# Example LOCAL domain that proxies to /etc/passwd and /etc/group files
|
|
+# This configuration is meant mostly as a migration path to be able to store
|
|
+# additional information about users while still keeping /etc/passwd
|
|
+# authoritative.
|
|
+
|
|
+; [domains/LOCAL]
|
|
+; description = LOCAL migration domain
|
|
+; enumerate = 3
|
|
+; minId = 500
|
|
+; magicPrivateGroups = FALSE
|
|
+; legacy = TRUE
|
|
+;
|
|
+; provider = proxy
|
|
+; libName = files
|
|
+; libPath = libnss_files.so.2
|
|
+
|
|
+# optionally a file named sssdproxylocal can be place in pam.d configured to
|
|
+# check pam_unix only and pam_sss can be used in the normal pam stack
|
|
+; auth-module = proxy
|
|
+; pam-target = sssdproxylocal
|
|
+
|
|
+# Example LOCAL domain that stores all users natively in the SSSD internal
|
|
+# directory. These local users and groups are not visibile in /etc/passwd, it
|
|
+# now contains only root and system accounts.
|
|
+
|
|
+; [domains/LOCAL]
|
|
+; description = LOCAL Users domain
|
|
+; enumerate = 3
|
|
+; minId = 500
|
|
+; maxId = 999
|
|
+; legacy = FALSE
|
|
+; magicPrivateGroups = TRUE
|
|
+
|
|
+# Example LDAP domain that uses the proxy backend and the standard nss_ldap
|
|
+# and pam_ldap modules (Useful until we have good working native ldap backends).
|
|
+# For this to work the /etc/ldap.conf file needs to be correctly configured just
|
|
+# like you would do when using nss_ldap in nsswitch.conf, but instead of setting
|
|
+# passwd: files ldap, set passwd: files, sss instead there.
|
|
+# Also consider using the following setting in /etc/ldap.conf to avoid needless
|
|
+# delays if the ldap server is offline:
|
|
+# timelimit 10
|
|
+# bind_timelimit 5
|
|
+# nss_reconnect_maxsleeptime 2
|
|
+# nss_reconnect_sleeptime 1
|
|
|
|
+; [domains/LDAP]
|
|
+; description = Proxy request to our LDAP server
|
|
+; enumerate = 0
|
|
+; minId = 1000
|
|
+; legacy = TRUE
|
|
+;
|
|
+; provider = proxy
|
|
+; libName = ldap
|
|
+; libPath = libnss_ldap.so.2
|
|
+;
|
|
+#if a backend is particularly slow you can raise this timeout here
|
|
+; timeout = 60
|
|
--
|
|
1.6.0.6
|
|
|