diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2009-09-25 16:17:52 +0200 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2009-09-25 12:58:47 -0400 |
commit | 95b9c3ea7ee21585db7e07a276e881b6c2349c74 (patch) | |
tree | 29ff72ec4c887e5e381cfa532b7e775468d8c09e | |
parent | 05315b44feaa9819e62f18477f2c6d20914eb7ce (diff) | |
download | sssd-95b9c3ea7ee21585db7e07a276e881b6c2349c74.tar.gz sssd-95b9c3ea7ee21585db7e07a276e881b6c2349c74.tar.bz2 sssd-95b9c3ea7ee21585db7e07a276e881b6c2349c74.zip |
Convert the example config to v2 format, upgrade config on update only
-rw-r--r-- | contrib/sssd.spec.in | 6 | ||||
-rw-r--r-- | server/examples/sssd.conf | 132 |
2 files changed, 60 insertions, 78 deletions
diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in index 771f1900..5dc45d28 100644 --- a/contrib/sssd.spec.in +++ b/contrib/sssd.spec.in @@ -154,8 +154,10 @@ rm -rf $RPM_BUILD_ROOT %post /sbin/ldconfig /sbin/chkconfig --add %{servicename} -# a one-time upgrade from confdb v1 to v2 -python %{_libexecdir}/%{servicename}/upgrade_config.py +if [ $1 -ge 2 ] ; then +# a one-time upgrade from confdb v1 to v2, only if upgrading + python %{_libexecdir}/%{servicename}/upgrade_config.py +fi %preun if [ $1 = 0 ]; then diff --git a/server/examples/sssd.conf b/server/examples/sssd.conf index 894dc753..ad221333 100644 --- a/server/examples/sssd.conf +++ b/server/examples/sssd.conf @@ -1,17 +1,25 @@ -[services] -description = Local Service Configuration -activeServices = nss, dp, pam +[sssd] +config_file_version = 2 # Number of times services should attempt to reconnect in the -# event of a Data Provider crash or restart before they give up +# event of a crash or restart before they give up reconnection_retries = 3 +# if a backend is particularly slow you can raise this timeout here +sbus_timeout = 30 +services = nss, dp, pam +; domains = LOCAL,LDAP +# SSSD will not start if you don't configure any domain. +# Add new domains condifgurations as [domain/<NAME>] sections. +# Then add the list of domains (in the order you want them to be +# queried in the 'domains" attribute above and uncomment it + -[services/nss] -description = NSS Responder Configuration +[nss] # the following prevents sssd for searching for the root user/group in # all domains (you can add here a comma separated list of system accounts are # always going to be /etc/passwd users, or that you want to filter out) -filterGroups = root -filterUsers = root +filter_groups = root +filter_users = root +reconnection_retries = 3 # The EntryCacheTimeout indicates the number of seconds to retain before # an entry in cache is considered stale and must block to refresh. @@ -19,86 +27,58 @@ filterUsers = root # wait before updating the cache out-of-band. (NSS requests will still # be returned from cache until the full EntryCacheTimeout). Setting this # value to 0 turns this feature off (default) -; EntryCacheTimeout = 600 -; EntryCacheNoWaitRefreshTimeout = 300 +; entry_cache_timeout = 600 +; entry_cache_nowait_timeout = 300 -[services/dp] -description = Data Provider Configuration - -[services/pam] -description = PAM Responder Configuration - -[services/monitor] -description = Service Monitor Configuration -#if a backend is particularly slow you can raise this timeout here -sbusTimeout = 30 - -[domains] -description = Domains served by SSSD -; domains = LOCAL,LDAP +[pam] +reconnection_retries = 3 -# SSSD will not start if you don't configure any domain. -# Add new domains condifgurations as [domains/<NAME>] sections. -# Then add the list of domains (in the order you want them to be -# queried in the 'domains" attribute above and uncomment it +[dp] +reconnection_retries = 3 # Example LOCAL domain that stores all users natively in the SSSD internal # directory. These local users and groups are not visibile in /etc/passwd, it # now contains only root and system accounts. - -; [domains/LOCAL] +; [domain/LOCAL] ; description = LOCAL Users domain -; provider = local +; id_provider = local ; enumerate = true -; minId = 500 -; maxId = 999 +; min_id = 500 +; max_id = 999 -# Example LDAP domain that uses the proxy backend and the standard nss_ldap -# and pam_ldap modules (Useful until we have good working native ldap backends). -# For this to work the /etc/ldap.conf file needs to be correctly configured just -# like you would do when using nss_ldap in nsswitch.conf, but instead of setting -# passwd: files ldap, set passwd: files, sss instead there. -# Also consider using the following setting in /etc/ldap.conf to avoid needless -# delays if the ldap server is offline: -# timelimit 10 -# bind_timelimit 5 -# nss_reconnect_maxsleeptime 2 -# nss_reconnect_sleeptime 1 - -; [domains/LDAP] -; description = Proxy request to our LDAP server -; enumerate = false -; minId = 1000 -; -; provider = proxy -; libName = ldap -; -#if a backend is particularly slow you can raise this timeout here -; timeout = 60 +# Example native LDAP domain +; [domain/LDAP] +; id_provider = ldap +; auth_provider = ldap +; ldap_uri = ldap://ldap.mydomain.org +; ldap_user_search_base = dc=mydomain,dc=org +; ldap_tls_reqcert = demand +; cache_credentials = true +; enumerate = true # Example LDAP domain where the LDAP server is an Active Directory server. -; [domains/AD] +; [domain/AD] ; description = LDAP domain with AD server ; enumerate = false -; minId = 1000 +; min_id = 1000 ; -; provider = ldap -; auth-module = ldap -; ldapUri = ldap://your.ad.server.com -; ldapSchema = rfc2307bis -; userSearchBase = cn=users,dc=example,dc=com -; groupSearchBase = cn=users,dc=example,dc=com -; defaultBindDn = cn=Administrator,cn=Users,dc=example,dc=com -; defaultAuthtokType = password -; defaultAuthtok = YOUR_PASSWORD -; userObjectClass = person -; userName = msSFU30Name -; userUidNumber = msSFU30UidNumber -; userGidNumber = msSFU30GidNumber -; userHomeDirectory = msSFU30HomeDirectory -; userShell = msSFU30LoginShell -; userPrincipal = userPrincipalName -; groupObjectClass = group -; groupName = msSFU30Name -; groupGidNumber = msSFU30GidNumber +; id_provider = ldap +; auth_provider = ldap +; ldap_uri = ldap://your.ad.server.com +; ldap_schema = rfc2307bis +; ldap_user_search_base = cn=users,dc=example,dc=com +; ldap_group_search_base = cn=users,dc=example,dc=com +; ldap_default_bind_dn = cn=Administrator,cn=Users,dc=example,dc=com +; ldap_default_authtok_type = password +; ldap_default_authtok = YOUR_PASSWORD +; ldap_user_object_class = person +; ldap_user_name = msSFU30Name +; ldap_user_uid_number = msSFU30UidNumber +; ldap_user_gid_number = msSFU30GidNumber +; ldap_user_home_directory = msSFU30HomeDirectory +; ldap_user_shell = msSFU30LoginShell +; ldap_user_principal = userPrincipalName +; ldap_group_object_class = group +; ldap_group_name = msSFU30Name +; ldap_group_gid_number = msSFU30GidNumber |