summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorDavid O'Brien <daobrien@daobrien.csb>2010-05-19 17:17:51 +1000
committerStephen Gallagher <sgallagh@redhat.com>2010-05-21 07:21:27 -0400
commit19ce0003e32cde587e2e2115f431e86e0c9adf76 (patch)
tree3f5c1c1fa169b526c8493e25bb163eed019fb9cc /src
parent55daaea86e0ba049d31f74fcdf6bfedc6e0a1e7b (diff)
downloadsssd-19ce0003e32cde587e2e2115f431e86e0c9adf76.tar.gz
sssd-19ce0003e32cde587e2e2115f431e86e0c9adf76.tar.bz2
sssd-19ce0003e32cde587e2e2115f431e86e0c9adf76.zip
Copy-edit and format review sssd.conf
Updated EntryCache*Timeout to the correct values. Fixed one missed EntryCacheTimeout Added notes about perf hit of using enumeration.
Diffstat (limited to 'src')
-rw-r--r--src/examples/sssd.conf45
1 files changed, 27 insertions, 18 deletions
diff --git a/src/examples/sssd.conf b/src/examples/sssd.conf
index e93cf51b..f7b847d3 100644
--- a/src/examples/sssd.conf
+++ b/src/examples/sssd.conf
@@ -1,40 +1,49 @@
[sssd]
config_file_version = 2
+
# Number of times services should attempt to reconnect in the
# event of a crash or restart before they give up
reconnection_retries = 3
-# if a backend is particularly slow you can raise this timeout here
+
+# If a back end is particularly slow you can raise this timeout here
sbus_timeout = 30
services = nss, pam
-; domains = LOCAL,LDAP
-# SSSD will not start if you don't configure any domain.
-# Add new domains condifgurations as [domain/<NAME>] sections.
-# Then add the list of domains (in the order you want them to be
-# queried in the 'domains" attribute above and uncomment it
+# SSSD will not start if you do not configure any domains.
+# Add new domain configurations as [domain/<NAME>] sections, and
+# then add the list of domains (in the order you want them to be
+# queried) to the "domains" attribute below and uncomment it.
+; domains = LOCAL,LDAP
[nss]
-# the following prevents sssd for searching for the root user/group in
-# all domains (you can add here a comma separated list of system accounts are
-# always going to be /etc/passwd users, or that you want to filter out)
+# The following prevents SSSD from searching for the root user/group in
+# all domains (you can add here a comma-separated list of system accounts that
+# are always going to be /etc/passwd users, or that you want to filter out).
filter_groups = root
filter_users = root
reconnection_retries = 3
-# The EntryCacheTimeout indicates the number of seconds to retain before
-# an entry in cache is considered stale and must block to refresh.
-# The EntryCacheNoWaitRefreshTimeout indicates the number of seconds to
+# The entry_cache_timeout indicates the number of seconds to retain an
+# entry in cache before it is considered stale and must block to refresh.
+# The entry_cache_nowait_timeout indicates the number of seconds to
# wait before updating the cache out-of-band. (NSS requests will still
-# be returned from cache until the full EntryCacheTimeout). Setting this
-# value to 0 turns this feature off (default)
+# be returned from cache until the full entry_cache_timeout). Setting this
+# value to 0 turns this feature off (default).
; entry_cache_timeout = 600
; entry_cache_nowait_timeout = 300
[pam]
reconnection_retries = 3
+# Example domain configurations
+# Note that enabling enumeration in the following configurations will have a
+# moderate performance impact while enumerations are actually running, and
+# may increase the time necessary to detect network disconnection.
+# Consequently, the default value for enumeration is FALSE.
+# Refer to the sssd.conf man page for full details.
+
# Example LOCAL domain that stores all users natively in the SSSD internal
-# directory. These local users and groups are not visibile in /etc/passwd, it
+# directory. These local users and groups are not visible in /etc/passwd; it
# now contains only root and system accounts.
; [domain/LOCAL]
; description = LOCAL Users domain
@@ -44,9 +53,9 @@ reconnection_retries = 3
; max_id = 999
# Example native LDAP domain
-# ldap_schema can be set to 'rfc2307', which uses the 'memberuid' attribute
-# for group membership, or to 'rfc2307bis', which uses the 'member' attribute
-# to denote group membership. Changes to this setting affects only how we
+# ldap_schema can be set to "rfc2307", which uses the "memberuid" attribute
+# for group membership, or to "rfc2307bis", which uses the "member" attribute
+# to denote group membership. Changes to this setting affect only how we
# determine the groups a user belongs to and will have no negative effect on
# data about the user itself. If you do not know this value, ask an
# administrator.