sssd/sssd.conf.default

[services]
description = Local Service Configuration
activeServices = nss, dp, pam

[services/nss]
description = NSS Responder Configuration
timeout = 150
# the following prevents sssd for searching for the root user/group in
# all domains (you can add here a comma separated list of system accounts are
# always going to be /etc/passwd users, or that you want to filter out)
filterGroups = root
filterUsers = root

[services/dp]
description = Data Provider Configuration
timeout = 150

[services/pam]
description = PAM Responder Configuration
timeout = 150

[services/info]
description = InfoPipe Configuration
timeout = 150

[services/monitor]
description = Service Monitor Configuration
sbusTimeout = 150
servicePingTime = 300

[domains]
description = Domains served by SSSD
; domains = LOCAL,LDAP

# SSSD will not start if you don't configure any domain.
# Add new domains condifgurations as [domains/<NAME>] sections.
# Then add the list of domains (in the order you want them to be
# queried in the 'domains" attribute above and uncomment it

# Example LOCAL domain that proxies to /etc/passwd and /etc/group files
# This configuration is meant mostly as a migration path to be able to store
# additional information about users while still keeping /etc/passwd
# authoritative.

; [domains/LOCAL]
; description = LOCAL migration domain
; enumerate = 3
; minId = 500
; magicPrivateGroups = FALSE
; legacy = TRUE
;
; provider = proxy
; libName = files
; libPath = libnss_files.so.2

# optionally a file named sssdproxylocal can be place in pam.d configured to
# check pam_unix only and pam_sss can be used in the normal pam stack
; auth-module = proxy
; pam-target = sssdproxylocal

# Example LOCAL domain that stores all users natively in the SSSD internal
# directory. These local users and groups are not visibile in /etc/passwd, it
# now contains only root and system accounts.

; [domains/LOCAL]
; description = LOCAL Users domain
; enumerate = 3
; minId = 500
; maxId = 999
; legacy = FALSE
; magicPrivateGroups = TRUE

# Example LDAP domain that uses the proxy backend and the standard nss_ldap
# and pam_ldap modules (Useful until we have good working native ldap backends).
# For this to work the /etc/ldap.conf file needs to be correctly configured just
# like you would do when using nss_ldap in nsswitch.conf, but instead of setting
# passwd: files ldap, set passwd: files, sss instead there.
# Also consider using the following setting in /etc/ldap.conf to avoid needless
# delays if the ldap server is offline:
# timelimit 10
# bind_timelimit 5
# nss_reconnect_maxsleeptime 2
# nss_reconnect_sleeptime 1

; [domains/LDAP]
; description = Proxy request to our LDAP server
; enumerate = 0
; minId = 1000
; legacy = TRUE
;
; provider = proxy
; libName = ldap
; libPath = libnss_ldap.so.2
- Version 0.3.0 - Provides file based configuration and lots of improvements 2009-04-13 15:49:54 +00:00			`[services]`
			`description = Local Service Configuration`
			`activeServices = nss, dp, pam`

			`[services/nss]`
			`description = NSS Responder Configuration`
			`timeout = 150`
			`# the following prevents sssd for searching for the root user/group in`
			`# all domains (you can add here a comma separated list of system accounts are`
			`# always going to be /etc/passwd users, or that you want to filter out)`
			`filterGroups = root`
			`filterUsers = root`

			`[services/dp]`
			`description = Data Provider Configuration`
			`timeout = 150`

			`[services/pam]`
			`description = PAM Responder Configuration`
			`timeout = 150`

			`[services/info]`
			`description = InfoPipe Configuration`
			`timeout = 150`

			`[services/monitor]`
			`description = Service Monitor Configuration`
			`sbusTimeout = 150`
			`servicePingTime = 300`

			`[domains]`
			`description = Domains served by SSSD`
			`; domains = LOCAL,LDAP`

			`# SSSD will not start if you don't configure any domain.`
			`# Add new domains condifgurations as [domains/<NAME>] sections.`
			`# Then add the list of domains (in the order you want them to be`
			`# queried in the 'domains" attribute above and uncomment it`

			`# Example LOCAL domain that proxies to /etc/passwd and /etc/group files`
			`# This configuration is meant mostly as a migration path to be able to store`
			`# additional information about users while still keeping /etc/passwd`
			`# authoritative.`

			`; [domains/LOCAL]`
			`; description = LOCAL migration domain`
			`; enumerate = 3`
			`; minId = 500`
			`; magicPrivateGroups = FALSE`
			`; legacy = TRUE`
			`;`
			`; provider = proxy`
			`; libName = files`
			`; libPath = libnss_files.so.2`

			`# optionally a file named sssdproxylocal can be place in pam.d configured to`
			`# check pam_unix only and pam_sss can be used in the normal pam stack`
			`; auth-module = proxy`
			`; pam-target = sssdproxylocal`

			`# Example LOCAL domain that stores all users natively in the SSSD internal`
			`# directory. These local users and groups are not visibile in /etc/passwd, it`
			`# now contains only root and system accounts.`

			`; [domains/LOCAL]`
			`; description = LOCAL Users domain`
			`; enumerate = 3`
			`; minId = 500`
			`; maxId = 999`
			`; legacy = FALSE`
			`; magicPrivateGroups = TRUE`

			`# Example LDAP domain that uses the proxy backend and the standard nss_ldap`
			`# and pam_ldap modules (Useful until we have good working native ldap backends).`
			`# For this to work the /etc/ldap.conf file needs to be correctly configured just`
			`# like you would do when using nss_ldap in nsswitch.conf, but instead of setting`
			`# passwd: files ldap, set passwd: files, sss instead there.`
			`# Also consider using the following setting in /etc/ldap.conf to avoid needless`
			`# delays if the ldap server is offline:`
			`# timelimit 10`
			`# bind_timelimit 5`
			`# nss_reconnect_maxsleeptime 2`
			`# nss_reconnect_sleeptime 1`

			`; [domains/LDAP]`
			`; description = Proxy request to our LDAP server`
			`; enumerate = 0`
			`; minId = 1000`
			`; legacy = TRUE`
			`;`
			`; provider = proxy`
			`; libName = ldap`
			`; libPath = libnss_ldap.so.2`