[CreateAdConfig] Adapt to sssd (instead of nslcd)

3 files changed, 30 insertions, 2 deletions

diff --git a/data/ad/ldap.conf.template b/data/ad/ldap.conf.template
new file mode 100644
index 0000000..c607405
--- /dev/null
+++ b/data/ad/ldap.conf.template
@@ -0,0 +1,9 @@
+URI                  %URI%
+BASE                 %SEARCHBASE%
+BIND_TIMELIMIT       10
+TIMELIMIT            30
+TLS_REQCERT          demand
+TLS_CACERT           %CACERT%
+nss_base_passwd      %SEARCHBASE%
+nss_base_group       %SEARCHBASE%
+nss_initgroups_ignoreusers avahi,avahi-autoipd,backup,bin,colord,daemon,dnsmasq,games,gnats,hplip,irc,kernoops,libuuid,lightdm,list,lp,mail,man,messagebus,news,proxy,pulse,root,rtkit,saned,speech-dispatcher,sshd,sync,sys,syslog,usbmux,uucp,whoopsie,www-data
diff --git a/data/ad/nsswitch.conf b/data/ad/nsswitch.conf
index 1909d49..75ea9f8 100644
--- a/data/ad/nsswitch.conf
+++ b/data/ad/nsswitch.conf
@@ -1,5 +1,5 @@
-passwd:         compat ldap
-group:          compat ldap
+passwd:         compat sss
+group:          compat sss
 shadow:         compat
 
 hosts:          files mdns4_minimal [NOTFOUND=return] dns mdns4
diff --git a/data/ad/sssd.conf.template b/data/ad/sssd.conf.template
new file mode 100644
index 0000000..90b25ed
--- /dev/null
+++ b/data/ad/sssd.conf.template
@@ -0,0 +1,19 @@
+[sssd]
+config_file_version = 2
+services = nss, pam
+domains = LDAP
+[nss]
+filter_users = root,ldap,named,avahi,haldaemon,dbus,radiusd,news,nscd,demo
+[pam]
+[domain/LDAP]
+id_provider = ldap
+auth_provider = ldap
+ldap_tls_reqcert = demand
+ldap_tls_cacert = %CACERT%
+ldap_schema = rfc2307
+ldap_uri = %URI%
+ldap_group_search_base = %SEARCHBASE%
+ldap_user_search_base = %SEARCHBASE%
+ldap_search_base = %SEARCHBASE%
+cache_credentials = true
+