Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [sssd]
- config_file_version = 2
- # Number of times services should attempt to reconnect in the
- # event of a crash or restart before they give up
- reconnection_retries = 3
- # If a back end is particularly slow you can raise this timeout here
- sbus_timeout = 30
- services = nss, pam
- # SSSD will not start if you do not configure any domains.
- # Add new domain configurations as [domain/<NAME>] sections, and
- # then add the list of domains (in the order you want them to be
- # queried) to the "domains" attribute below and uncomment it.
- domains = REALM
- [nss]
- # The following prevents SSSD from searching for the root user/group in
- # all domains (you can add here a comma-separated list of system accounts that
- # are always going to be /etc/passwd users, or that you want to filter out).
- filter_groups = root,sshd,zabbix,www-data,puppet,snmp,nobody,adm
- filter_users = root,sshd,zabbix,www-data,puppet,snmp,nogroup
- reconnection_retries = 3
- # The entry_cache_timeout indicates the number of seconds to retain an
- # entry in cache before it is considered stale and must block to refresh.
- # The entry_cache_nowait_timeout indicates the number of seconds to
- # wait before updating the cache out-of-band. (NSS requests will still
- # be returned from cache until the full entry_cache_timeout). Setting this
- # value to 0 turns this feature off (default).
- entry_cache_timeout = 43200
- entry_cache_nowait_timeout = 300
- [pam]
- reconnection_retries = 3
- [domain/REALM]
- description = LDAP domain with AD server
- enumerate = true
- min_id = 1000
- cache_credentials = true
- id_provider = ldap
- auth_provider = krb5
- chpass_provider = krb5
- krb5_realm = REALM
- krb5_kdcip = IP
- ldap_pwd_policy = none
- ldap_id_use_start_tls = false
- ldap_tls_reqcert = never
- ldap_uri = LDAPURI
- ldap_schema = rfc2307bis
- ldap_default_bind_dn = LDAPBINDDN
- ldap_default_authtok_type = password
- ldap_default_authtok = LDAPBINDPW
- ldap_user_search_base = LDAPSEARCHBASE
- ldap_user_object_class = user
- ldap_user_uid_number = uidNumber
- ldap_user_gid_number = GIDNumber
- ldap_user_home_directory = unixHomeDirectory
- ldap_user_shell = loginShell
- ldap_user_principal = userPrincipalName
- ldap_user_name = sAMAccountName
- ldap_user_gecos = displayName
- ldap_user_uuid = objectGUID
- ldap_access_filter = LDAPFILTER
- ldap_group_search_base = LDAPSEARCHBASEGROUP
- ldap_group_object_class = group
- ldap_group_name = Name
- ldap_group_gid_number = GidNumber
- ldap_force_upper_case_realm = True
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement