3 |
- |
1 |
[sssd]
|
|
|
2 |
config_file_version = 2
|
|
|
3 |
services = nss, pam
|
|
|
4 |
# SSSD will not start if you do not configure any domains.
|
|
|
5 |
# Add new domain configurations as [domain/<NAME>] sections, and
|
|
|
6 |
# then add the list of domains (in the order you want them to be
|
|
|
7 |
# queried) to the "domains" attribute below and uncomment it.
|
|
|
8 |
; domains = LDAP
|
|
|
9 |
|
|
|
10 |
[nss]
|
|
|
11 |
|
|
|
12 |
[pam]
|
|
|
13 |
|
|
|
14 |
# Example LDAP domain
|
|
|
15 |
; [domain/LDAP]
|
|
|
16 |
; id_provider = ldap
|
|
|
17 |
; auth_provider = ldap
|
|
|
18 |
# ldap_schema can be set to "rfc2307", which stores group member names in the
|
|
|
19 |
# "memberuid" attribute, or to "rfc2307bis", which stores group member DNs in
|
|
|
20 |
# the "member" attribute. If you do not know this value, ask your LDAP
|
|
|
21 |
# administrator.
|
|
|
22 |
; ldap_schema = rfc2307
|
|
|
23 |
; ldap_uri = ldap://ldap.mydomain.org
|
|
|
24 |
; ldap_search_base = dc=mydomain,dc=org
|
|
|
25 |
# Note that enabling enumeration will have a moderate performance impact.
|
|
|
26 |
# Consequently, the default value for enumeration is FALSE.
|
|
|
27 |
# Refer to the sssd.conf man page for full details.
|
|
|
28 |
; enumerate = false
|
|
|
29 |
# Allow offline logins by locally storing password hashes (default: false).
|
|
|
30 |
; cache_credentials = true
|
|
|
31 |
|
|
|
32 |
# An example Active Directory domain. Please note that this configuration
|
|
|
33 |
# works for AD 2003R2 and AD 2008, because they use pretty much RFC2307bis
|
|
|
34 |
# compliant attribute names. To support UNIX clients with AD 2003 or older,
|
|
|
35 |
# you must install Microsoft Services For Unix and map LDAP attributes onto
|
|
|
36 |
# msSFU30* attribute names.
|
|
|
37 |
; [domain/AD]
|
|
|
38 |
; id_provider = ldap
|
|
|
39 |
; auth_provider = krb5
|
|
|
40 |
; chpass_provider = krb5
|
|
|
41 |
;
|
|
|
42 |
; ldap_uri = ldap://your.ad.example.com
|
|
|
43 |
; ldap_search_base = dc=example,dc=com
|
|
|
44 |
; ldap_schema = rfc2307bis
|
|
|
45 |
; ldap_sasl_mech = GSSAPI
|
|
|
46 |
; ldap_user_object_class = user
|
|
|
47 |
; ldap_group_object_class = group
|
|
|
48 |
; ldap_user_home_directory = unixHomeDirectory
|
|
|
49 |
; ldap_user_principal = userPrincipalName
|
|
|
50 |
; ldap_account_expire_policy = ad
|
|
|
51 |
; ldap_force_upper_case_realm = true
|
|
|
52 |
;
|
|
|
53 |
; krb5_server = your.ad.example.com
|
|
|
54 |
; krb5_realm = EXAMPLE.COM
|