diff options
author | Simon Rettberg | 2015-02-09 19:01:00 +0100 |
---|---|---|
committer | Simon Rettberg | 2015-02-09 19:01:00 +0100 |
commit | 91ac8aa9242371457d5d161584d8062adda0e7cb (patch) | |
tree | d0958691a2c10b592e1e83e97581d82411aed266 /data | |
parent | sshd config (diff) | |
download | tmlite-bwlp-91ac8aa9242371457d5d161584d8062adda0e7cb.tar.gz tmlite-bwlp-91ac8aa9242371457d5d161584d8062adda0e7cb.tar.xz tmlite-bwlp-91ac8aa9242371457d5d161584d8062adda0e7cb.zip |
[CreateAdConfig] Adapt to sssd (instead of nslcd)
Diffstat (limited to 'data')
-rw-r--r-- | data/ad/ldap.conf.template | 9 | ||||
-rw-r--r-- | data/ad/nsswitch.conf | 4 | ||||
-rw-r--r-- | data/ad/sssd.conf.template | 19 |
3 files changed, 30 insertions, 2 deletions
diff --git a/data/ad/ldap.conf.template b/data/ad/ldap.conf.template new file mode 100644 index 0000000..c607405 --- /dev/null +++ b/data/ad/ldap.conf.template @@ -0,0 +1,9 @@ +URI %URI% +BASE %SEARCHBASE% +BIND_TIMELIMIT 10 +TIMELIMIT 30 +TLS_REQCERT demand +TLS_CACERT %CACERT% +nss_base_passwd %SEARCHBASE% +nss_base_group %SEARCHBASE% +nss_initgroups_ignoreusers avahi,avahi-autoipd,backup,bin,colord,daemon,dnsmasq,games,gnats,hplip,irc,kernoops,libuuid,lightdm,list,lp,mail,man,messagebus,news,proxy,pulse,root,rtkit,saned,speech-dispatcher,sshd,sync,sys,syslog,usbmux,uucp,whoopsie,www-data diff --git a/data/ad/nsswitch.conf b/data/ad/nsswitch.conf index 1909d49..75ea9f8 100644 --- a/data/ad/nsswitch.conf +++ b/data/ad/nsswitch.conf @@ -1,5 +1,5 @@ -passwd: compat ldap -group: compat ldap +passwd: compat sss +group: compat sss shadow: compat hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 diff --git a/data/ad/sssd.conf.template b/data/ad/sssd.conf.template new file mode 100644 index 0000000..90b25ed --- /dev/null +++ b/data/ad/sssd.conf.template @@ -0,0 +1,19 @@ +[sssd] +config_file_version = 2 +services = nss, pam +domains = LDAP +[nss] +filter_users = root,ldap,named,avahi,haldaemon,dbus,radiusd,news,nscd,demo +[pam] +[domain/LDAP] +id_provider = ldap +auth_provider = ldap +ldap_tls_reqcert = demand +ldap_tls_cacert = %CACERT% +ldap_schema = rfc2307 +ldap_uri = %URI% +ldap_group_search_base = %SEARCHBASE% +ldap_user_search_base = %SEARCHBASE% +ldap_search_base = %SEARCHBASE% +cache_credentials = true + |