tstellar / rpms / sssd

Forked from rpms/sssd 3 years ago
Clone
276bbb1
[services]
276bbb1
description = Local Service Configuration
276bbb1
activeServices = nss, dp, pam
276bbb1
276bbb1
[services/nss]
276bbb1
description = NSS Responder Configuration
276bbb1
# the following prevents sssd for searching for the root user/group in
276bbb1
# all domains (you can add here a comma separated list of system accounts are
276bbb1
# always going to be /etc/passwd users, or that you want to filter out)
276bbb1
filterGroups = root
276bbb1
filterUsers = root
276bbb1
276bbb1
[services/dp]
276bbb1
description = Data Provider Configuration
276bbb1
276bbb1
[services/pam]
276bbb1
description = PAM Responder Configuration
276bbb1
276bbb1
[services/monitor]
276bbb1
description = Service Monitor Configuration
9797cfd
#if a backend is particularly slow you can raise this timeout here
9797cfd
sbusTimeout = 30
276bbb1
276bbb1
[domains]
276bbb1
description = Domains served by SSSD
276bbb1
; domains = LOCAL,LDAP
276bbb1
276bbb1
# SSSD will not start if you don't configure any domain.
276bbb1
# Add new domains condifgurations as [domains/<NAME>] sections.
276bbb1
# Then add the list of domains (in the order you want them to be
276bbb1
# queried in the 'domains" attribute above and uncomment it
276bbb1
276bbb1
# Example LOCAL domain that proxies to /etc/passwd and /etc/group files
276bbb1
# This configuration is meant mostly as a migration path to be able to store
276bbb1
# additional information about users while still keeping /etc/passwd
276bbb1
# authoritative.
276bbb1
276bbb1
; [domains/LOCAL]
276bbb1
; description = LOCAL migration domain
276bbb1
; enumerate = 3
276bbb1
; minId = 500
276bbb1
; magicPrivateGroups = FALSE
276bbb1
; legacy = TRUE
276bbb1
;
276bbb1
; provider = proxy
276bbb1
; libName = files
276bbb1
; libPath = libnss_files.so.2
276bbb1
276bbb1
# optionally a file named sssdproxylocal can be place in pam.d configured to
276bbb1
# check pam_unix only and pam_sss can be used in the normal pam stack
276bbb1
; auth-module = proxy
276bbb1
; pam-target = sssdproxylocal
276bbb1
276bbb1
# Example LOCAL domain that stores all users natively in the SSSD internal
276bbb1
# directory. These local users and groups are not visibile in /etc/passwd, it
276bbb1
# now contains only root and system accounts.
276bbb1
276bbb1
; [domains/LOCAL]
276bbb1
; description = LOCAL Users domain
276bbb1
; enumerate = 3
276bbb1
; minId = 500
276bbb1
; maxId = 999
276bbb1
; legacy = FALSE
276bbb1
; magicPrivateGroups = TRUE
c801bd2
; provider = local
276bbb1
276bbb1
# Example LDAP domain that uses the proxy backend and the standard nss_ldap
276bbb1
# and pam_ldap modules (Useful until we have good working native ldap backends).
276bbb1
# For this to work the /etc/ldap.conf file needs to be correctly configured just
276bbb1
# like you would do when using nss_ldap in nsswitch.conf, but instead of setting
276bbb1
# passwd: files ldap, set passwd: files, sss instead there.
276bbb1
# Also consider using the following setting in /etc/ldap.conf to avoid needless
276bbb1
# delays if the ldap server is offline:
276bbb1
# timelimit 10
276bbb1
# bind_timelimit 5
276bbb1
# nss_reconnect_maxsleeptime 2
276bbb1
# nss_reconnect_sleeptime 1
276bbb1
276bbb1
; [domains/LDAP]
276bbb1
; description = Proxy request to our LDAP server
276bbb1
; enumerate = 0
276bbb1
; minId = 1000
276bbb1
; legacy = TRUE
276bbb1
;
276bbb1
; provider = proxy
276bbb1
; libName = ldap
276bbb1
; libPath = libnss_ldap.so.2
9797cfd
;
9797cfd
#if a backend is particularly slow you can raise this timeout here
9797cfd
; timeout = 60