summaryrefslogtreecommitdiff
path: root/src/examples
diff options
context:
space:
mode:
Diffstat (limited to 'src/examples')
-rw-r--r--src/examples/sssd.conf81
-rw-r--r--src/examples/sssdproxytest5
-rw-r--r--src/examples/sudo6
3 files changed, 92 insertions, 0 deletions
diff --git a/src/examples/sssd.conf b/src/examples/sssd.conf
new file mode 100644
index 00000000..82c6d6b0
--- /dev/null
+++ b/src/examples/sssd.conf
@@ -0,0 +1,81 @@
+[sssd]
+config_file_version = 2
+# Number of times services should attempt to reconnect in the
+# event of a crash or restart before they give up
+reconnection_retries = 3
+# if a backend is particularly slow you can raise this timeout here
+sbus_timeout = 30
+services = nss, pam
+; domains = LOCAL,LDAP
+# SSSD will not start if you don't configure any domain.
+# Add new domains condifgurations as [domain/<NAME>] sections.
+# Then add the list of domains (in the order you want them to be
+# queried in the 'domains" attribute above and uncomment it
+
+
+[nss]
+# the following prevents sssd for searching for the root user/group in
+# all domains (you can add here a comma separated list of system accounts are
+# always going to be /etc/passwd users, or that you want to filter out)
+filter_groups = root
+filter_users = root
+reconnection_retries = 3
+
+# The EntryCacheTimeout indicates the number of seconds to retain before
+# an entry in cache is considered stale and must block to refresh.
+# The EntryCacheNoWaitRefreshTimeout indicates the number of seconds to
+# wait before updating the cache out-of-band. (NSS requests will still
+# be returned from cache until the full EntryCacheTimeout). Setting this
+# value to 0 turns this feature off (default)
+; entry_cache_timeout = 600
+; entry_cache_nowait_timeout = 300
+
+[pam]
+reconnection_retries = 3
+
+# Example LOCAL domain that stores all users natively in the SSSD internal
+# directory. These local users and groups are not visibile in /etc/passwd, it
+# now contains only root and system accounts.
+; [domain/LOCAL]
+; description = LOCAL Users domain
+; id_provider = local
+; enumerate = true
+; min_id = 500
+; max_id = 999
+
+# Example native LDAP domain
+; [domain/LDAP]
+; id_provider = ldap
+; auth_provider = ldap
+; ldap_uri = ldap://ldap.mydomain.org
+; ldap_user_search_base = dc=mydomain,dc=org
+; ldap_tls_reqcert = demand
+; cache_credentials = true
+; enumerate = true
+
+# Example LDAP domain where the LDAP server is an Active Directory server.
+
+; [domain/AD]
+; description = LDAP domain with AD server
+; enumerate = false
+; min_id = 1000
+;
+; id_provider = ldap
+; auth_provider = ldap
+; ldap_uri = ldap://your.ad.server.com
+; ldap_schema = rfc2307bis
+; ldap_user_search_base = cn=users,dc=example,dc=com
+; ldap_group_search_base = cn=users,dc=example,dc=com
+; ldap_default_bind_dn = cn=Administrator,cn=Users,dc=example,dc=com
+; ldap_default_authtok_type = password
+; ldap_default_authtok = YOUR_PASSWORD
+; ldap_user_object_class = person
+; ldap_user_name = msSFU30Name
+; ldap_user_uid_number = msSFU30UidNumber
+; ldap_user_gid_number = msSFU30GidNumber
+; ldap_user_home_directory = msSFU30HomeDirectory
+; ldap_user_shell = msSFU30LoginShell
+; ldap_user_principal = userPrincipalName
+; ldap_group_object_class = group
+; ldap_group_name = msSFU30Name
+; ldap_group_gid_number = msSFU30GidNumber
diff --git a/src/examples/sssdproxytest b/src/examples/sssdproxytest
new file mode 100644
index 00000000..14217969
--- /dev/null
+++ b/src/examples/sssdproxytest
@@ -0,0 +1,5 @@
+#%PAM-1.0
+auth irequired pam_ldap.so
+
+account required pam_ldap.so
+
diff --git a/src/examples/sudo b/src/examples/sudo
new file mode 100644
index 00000000..4af91ba6
--- /dev/null
+++ b/src/examples/sudo
@@ -0,0 +1,6 @@
+#%PAM-1.0
+auth required pam_sss.so
+account required pam_sss.so
+password required pam_sss.so
+session optional pam_keyinit.so revoke
+session required pam_limits.so