Blame | Last modification | View Log | RSS feed
[sssd]config_file_version = 2services = nss, pam# SSSD will not start if you do not configure any domains.# Add new domain configurations as [domain/<NAME>] sections, and# then add the list of domains (in the order you want them to be# queried) to the "domains" attribute below and uncomment it.; domains = LDAP[nss][pam]# Example LDAP domain; [domain/LDAP]; id_provider = ldap; auth_provider = ldap# ldap_schema can be set to "rfc2307", which stores group member names in the# "memberuid" attribute, or to "rfc2307bis", which stores group member DNs in# the "member" attribute. If you do not know this value, ask your LDAP# administrator.; ldap_schema = rfc2307; ldap_uri = ldap://ldap.mydomain.org; ldap_search_base = dc=mydomain,dc=org# Note that enabling enumeration will have a moderate performance impact.# Consequently, the default value for enumeration is FALSE.# Refer to the sssd.conf man page for full details.; enumerate = false# Allow offline logins by locally storing password hashes (default: false).; cache_credentials = true# An example Active Directory domain. Please note that this configuration# works for AD 2003R2 and AD 2008, because they use pretty much RFC2307bis# compliant attribute names. To support UNIX clients with AD 2003 or older,# you must install Microsoft Services For Unix and map LDAP attributes onto# msSFU30* attribute names.; [domain/AD]; id_provider = ldap; auth_provider = krb5; chpass_provider = krb5;; ldap_uri = ldap://your.ad.example.com; ldap_search_base = dc=example,dc=com; ldap_schema = rfc2307bis; ldap_sasl_mech = GSSAPI; ldap_user_object_class = user; ldap_group_object_class = group; ldap_user_home_directory = unixHomeDirectory; ldap_user_principal = userPrincipalName; ldap_account_expire_policy = ad; ldap_force_upper_case_realm = true;; krb5_server = your.ad.example.com; krb5_realm = EXAMPLE.COM