4 files changed, 53 insertions, 21 deletions

diff --git a/server/examples/config.ldif b/server/examples/config.ldif
index b848e4314..6101f0851 100644
--- a/server/examples/config.ldif
+++ b/server/examples/config.ldif
@@ -15,31 +15,28 @@ activeServices: info
 dn: cn=nss,cn=services,cn=config
 cn: nss
 description: NSS Responder Configuration
-unixSocket: /var/lib/sss/pipes/nss
-command: /usr/libexec/sssd/sssd_nss
+filterGroups: root
+filterGroups: foo@TEST
+filterUsers: root
+filterUsers: bar@TEST
 
 dn: cn=dp,cn=services,cn=config
 cn: dp
 description: Data Provider Configuration
-command: /usr/libexec/sssd/sssd_dp
 
 dn: cn=monitor,cn=services,cn=config
 cn: monitor
 description: Monitor Configuration
 sbusTimeout: 10
-sbusAddress: unix:path=/var/lib/sss/pipes/private/dbus
 servicePingTime: 10
 
 dn: cn=pam,cn=services,cn=config
 cn: pam
-command: /usr/libexec/sssd/sssd_pam
 description: PAM Responder Configuration
-unixSocket: /var/lib/sss/pipes/pam
 
 dn: cn=info,cn=services,cn=config
 cn: info
 description: InfoPipe Configuration
-command: ./sbin/sssd_info
 
 dn: cn=domains,cn=config
 cn: domains
@@ -48,32 +45,43 @@ description: Domains served by SSSD
 dn: cn=LOCAL,cn=domains,cn=config
 cn: LOCAL
 description: Reserved domain for local configurations
-legacy: FALSE
 enumerate: 3
-
-dn: cn=EXAMPLE.COM,cn=domains,cn=config
-cn: EXAMPLE.COM
-description: Example domain served by IPA
-provider: ipa
-server: ipaserver1.example.com
-server: ipabackupserver.example.com
-legacy: FALSE
-enumerate: 0
+minId: 500
+maxId: 999
+legacy: TRUE
+libName: files
+libPath: /lib64/libnss_files.so.2
+magicPrivateGroups: FALSE
+provider: proxy
+auth-module: proxy
+pam-target: sssdproxylocal
 
 dn: cn=TEST,cn=domains,cn=config
 cn: TEST
 description: TEST Ldap domain
-provider: proxy
-command: ./sbin/sssd_be -d 2 --provider proxy --domain TEST
 libName: ldap
 libPath: /usr/lib64/libnss_ldap.so.2
 legacy: TRUE
-enumerate: 0
+enumerate: 3
+useFullyQualifiedNames: TRUE
+minId: 1000
+provider: proxy
+auth-module: proxy
+pam-target: sssdproxytest
 
 dn: cn=LDAPTEST,cn=domains,cn=config
 cn: LDAPTEST
 basedn: cn=LDAPTEST,sn=sysdb
-command: ./sbin/sssd_be --provider ldap --domain LDAPTEST
+command: /usr/libexec/sssd/sssd_be --provider ldap --domain LDAPTEST
 description: TEST PAM Ldap domain
 provider: ldap
 userSearchBase: ou=user,dc=my-domain,dc=com
+
+dn: cn=EXAMPLE.COM,cn=domains,cn=config
+cn: EXAMPLE.COM
+description: Example domain served by IPA
+provider: ipa
+server: ipaserver1.example.com
+server: ipabackupserver.example.com
+legacy: FALSE
+enumerate: 0
diff --git a/server/examples/sssdproxylocal b/server/examples/sssdproxylocal
new file mode 100644
index 000000000..1bc47f89c
--- /dev/null
+++ b/server/examples/sssdproxylocal
@@ -0,0 +1,9 @@
+#%PAM-1.0
+auth        sufficient    pam_unix.so
+auth        requisite     pam_succeed_if.so uid >= 500 quiet
+auth        required      pam_deny.so
+
+account     required      pam_unix.so
+account     sufficient    pam_succeed_if.so uid < 500 quiet
+account     required      pam_permit.so
+
diff --git a/server/examples/sssdproxytest b/server/examples/sssdproxytest
new file mode 100644
index 000000000..9c5cb4ad6
--- /dev/null
+++ b/server/examples/sssdproxytest
@@ -0,0 +1,9 @@
+#%PAM-1.0
+auth        sufficient    pam_ldap.so debug
+auth        requisite     pam_succeed_if.so uid >= 1000 quiet
+auth        required      pam_deny.so
+
+account     required      pam_ldap.so debug
+account     sufficient    pam_succeed_if.so uid < 1000 quiet
+account     required      pam_permit.so
+
diff --git a/server/examples/sudo b/server/examples/sudo
new file mode 100644
index 000000000..4af91ba68
--- /dev/null
+++ b/server/examples/sudo
@@ -0,0 +1,6 @@
+#%PAM-1.0
+auth     required pam_sss.so
+account  required pam_sss.so
+password required pam_sss.so
+session    optional     pam_keyinit.so revoke
+session    required     pam_limits.so