diff options
Diffstat (limited to 'server/modules/auth-freiburg/etc/sssd/sssd.conf')
| -rw-r--r-- | server/modules/auth-freiburg/etc/sssd/sssd.conf | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/server/modules/auth-freiburg/etc/sssd/sssd.conf b/server/modules/auth-freiburg/etc/sssd/sssd.conf new file mode 100644 index 00000000..c5c63953 --- /dev/null +++ b/server/modules/auth-freiburg/etc/sssd/sssd.conf @@ -0,0 +1,60 @@ +[sssd] +config_file_version = 2 +services = nss, pam +#debug_level = 0xffff +# SSSD will not start if you do not configure any domains. +# Add new domain configurations as [domain/<NAME>] sections, and +# then add the list of domains (in the order you want them to be +# queried) to the "domains" attribute below and uncomment it. +domains = LDAP + +[nss] +filter_users = root,ldap,named,avahi,haldaemon,dbus,radiusd,news,nscd,demo + +[pam] + +# Example LDAP domain +[domain/LDAP] +id_provider = ldap +auth_provider = ldap +ldap_tls_reqcert = never +# ldap_schema can be set to "rfc2307", which stores group member names in the +# "memberuid" attribute, or to "rfc2307bis", which stores group member DNs in +# the "member" attribute. If you do not know this value, ask your LDAP +# administrator. +ldap_schema = rfc2307bis +ldap_uri = ldaps://ldap.ruf.uni-freiburg.de +ldap_backup_uri = ldaps://bv1.ruf.uni-freiburg.de,ldaps://bv2.ruf.uni-freiburg.de,ldaps://bv3.ruf.uni-freiburg.de +ldap_group_search_base = ou=group,dc=uni-freiburg,dc=de +ldap_user_search_base = ou=people,dc=uni-freiburg,dc=de +ldap_user_home_directory = rufClientHome +ldap_search_base = ou=people,dc=uni-freiburg,dc=de +# Note that enabling enumeration will have a moderate performance impact. +# Consequently, the default value for enumeration is FALSE. +# Refer to the sssd.conf man page for full details. +; enumerate = false +# Allow offline logins by locally storing password hashes (default: false). +cache_credentials = true + +# An example Active Directory domain. Please note that this configuration +# works for AD 2003R2 and AD 2008, because they use pretty much RFC2307bis +# compliant attribute names. To support UNIX clients with AD 2003 or older, +# you must install Microsoft Services For Unix and map LDAP attributes onto +# msSFU30* attribute names. +;[domain/AD] +;id_provider = ldap +;auth_provider = krb5 +;chpass_provider = krb5 + +;ldap_uri = ldaps://bv1.ruf.uni-freiburg.de ldaps://bv2.ruf.uni-freiburg.de ldaps://bv3.ruf.uni-freiburg.de +;ldap_search_base = ou=people,dc=uni-freiburg,dc=de +;ldap_schema = rfc2307bis +;ldap_sasl_mech = GSSAPI +;ldap_user_object_class = user +;ldap_group_object_class = group +;ldap_user_principal = userPrincipalName +;ldap_account_expire_policy = ad +;ldap_force_upper_case_realm = true +; +; krb5_server = your.ad.example.com +; krb5_realm = EXAMPLE.COM |