SSSD Manual pages
sssd-ipa
5
File Formats and Conventions
sssd-ipa
the configuration file for SSSD
DESCRIPTION
This manual page describes the configuration of the IPA Provider
for
sssd
8
.
For a detailed syntax reference, please refer to the FILE FORMAT
section of the
sssd.conf
5
manual page
The IPA provider is a backend useful to connect to an IPA server.
(see freeipa.org for information about IPa servers).
It requires that the machine has been joined to the IPA domain,
and configuration is almost entirely self discovered and obtained
directly from the server.
CONFIGURATION OPTIONS
sssd.conf
5
manual page, section DOMAIN SECTIONS
for details on the configuration of a SSSD domain.
ipa_domain (string)
Specifies the name of the IPA domain.
This is optional, if not provided the configuration
domain name is used.
ipa_server (string)
The name of the IPA server.
If autodiscovery is enabled this is optional.
ipa_hostname (string)
Optional. Maybe set on some machine where the
hostname(5) does not reflect the fully qualified
name used in the IPA domain to identify this host.
krb5_ccachedir (string)
Directory to store credential caches.
Default: /tmp
ipa_search_timeout (integer)
Specifies the timeout (in seconds) after which
a search against the ipa server is forcibly
terminated.
Default: 60
ipa_network_timeout (integer)
Specifies the timeout (in seconds) after which
the
poll
2
/
select
2
following a non-search operation against the ipa
server is forcibly terminated.
Default: 6
ipa_offline_timeout (integer)
Specifies the "black-out" time before any new
network operation is attempted after the ipa
provider has turned into offline operation mode.
Default: 60
EXAMPLE
The following example assumes that SSSD is correctly
configured and example.com is one of the domains in the
[sssd] section. This examples shows only
the ipa provider specific options.
[domain/example.com]
id_provider = ipa
ipa_server = ipaserver.example.com
ipa_hostname = myhost.example.com
SEE ALSO
sssd.conf5
,
sssd8