diff options
Diffstat (limited to 'server/examples')
| -rw-r--r-- | server/examples/config.ldif | 50 | ||||
| -rw-r--r-- | server/examples/sssdproxylocal | 9 | ||||
| -rw-r--r-- | server/examples/sssdproxytest | 9 | ||||
| -rw-r--r-- | server/examples/sudo | 6 |
4 files changed, 53 insertions, 21 deletions
diff --git a/server/examples/config.ldif b/server/examples/config.ldif index b848e431..6101f085 100644 --- a/server/examples/config.ldif +++ b/server/examples/config.ldif @@ -15,31 +15,28 @@ activeServices: info dn: cn=nss,cn=services,cn=config cn: nss description: NSS Responder Configuration -unixSocket: /var/lib/sss/pipes/nss -command: /usr/libexec/sssd/sssd_nss +filterGroups: root +filterGroups: foo@TEST +filterUsers: root +filterUsers: bar@TEST dn: cn=dp,cn=services,cn=config cn: dp description: Data Provider Configuration -command: /usr/libexec/sssd/sssd_dp dn: cn=monitor,cn=services,cn=config cn: monitor description: Monitor Configuration sbusTimeout: 10 -sbusAddress: unix:path=/var/lib/sss/pipes/private/dbus servicePingTime: 10 dn: cn=pam,cn=services,cn=config cn: pam -command: /usr/libexec/sssd/sssd_pam description: PAM Responder Configuration -unixSocket: /var/lib/sss/pipes/pam dn: cn=info,cn=services,cn=config cn: info description: InfoPipe Configuration -command: ./sbin/sssd_info dn: cn=domains,cn=config cn: domains @@ -48,32 +45,43 @@ description: Domains served by SSSD dn: cn=LOCAL,cn=domains,cn=config cn: LOCAL description: Reserved domain for local configurations -legacy: FALSE enumerate: 3 - -dn: cn=EXAMPLE.COM,cn=domains,cn=config -cn: EXAMPLE.COM -description: Example domain served by IPA -provider: ipa -server: ipaserver1.example.com -server: ipabackupserver.example.com -legacy: FALSE -enumerate: 0 +minId: 500 +maxId: 999 +legacy: TRUE +libName: files +libPath: /lib64/libnss_files.so.2 +magicPrivateGroups: FALSE +provider: proxy +auth-module: proxy +pam-target: sssdproxylocal dn: cn=TEST,cn=domains,cn=config cn: TEST description: TEST Ldap domain -provider: proxy -command: ./sbin/sssd_be -d 2 --provider proxy --domain TEST libName: ldap libPath: /usr/lib64/libnss_ldap.so.2 legacy: TRUE -enumerate: 0 +enumerate: 3 +useFullyQualifiedNames: TRUE +minId: 1000 +provider: proxy +auth-module: proxy +pam-target: sssdproxytest dn: cn=LDAPTEST,cn=domains,cn=config cn: LDAPTEST basedn: cn=LDAPTEST,sn=sysdb -command: ./sbin/sssd_be --provider ldap --domain LDAPTEST +command: /usr/libexec/sssd/sssd_be --provider ldap --domain LDAPTEST description: TEST PAM Ldap domain provider: ldap userSearchBase: ou=user,dc=my-domain,dc=com + +dn: cn=EXAMPLE.COM,cn=domains,cn=config +cn: EXAMPLE.COM +description: Example domain served by IPA +provider: ipa +server: ipaserver1.example.com +server: ipabackupserver.example.com +legacy: FALSE +enumerate: 0 diff --git a/server/examples/sssdproxylocal b/server/examples/sssdproxylocal new file mode 100644 index 00000000..1bc47f89 --- /dev/null +++ b/server/examples/sssdproxylocal @@ -0,0 +1,9 @@ +#%PAM-1.0 +auth sufficient pam_unix.so +auth requisite pam_succeed_if.so uid >= 500 quiet +auth required pam_deny.so + +account required pam_unix.so +account sufficient pam_succeed_if.so uid < 500 quiet +account required pam_permit.so + diff --git a/server/examples/sssdproxytest b/server/examples/sssdproxytest new file mode 100644 index 00000000..9c5cb4ad --- /dev/null +++ b/server/examples/sssdproxytest @@ -0,0 +1,9 @@ +#%PAM-1.0 +auth sufficient pam_ldap.so debug +auth requisite pam_succeed_if.so uid >= 1000 quiet +auth required pam_deny.so + +account required pam_ldap.so debug +account sufficient pam_succeed_if.so uid < 1000 quiet +account required pam_permit.so + diff --git a/server/examples/sudo b/server/examples/sudo new file mode 100644 index 00000000..4af91ba6 --- /dev/null +++ b/server/examples/sudo @@ -0,0 +1,6 @@ +#%PAM-1.0 +auth required pam_sss.so +account required pam_sss.so +password required pam_sss.so +session optional pam_keyinit.so revoke +session required pam_limits.so |