summaryrefslogtreecommitdiffstats
path: root/src/examples/sssd-example.conf
diff options
context:
space:
mode:
Diffstat (limited to 'src/examples/sssd-example.conf')
-rw-r--r--src/examples/sssd-example.conf9
1 files changed, 6 insertions, 3 deletions
diff --git a/src/examples/sssd-example.conf b/src/examples/sssd-example.conf
index b18c40491..59df41673 100644
--- a/src/examples/sssd-example.conf
+++ b/src/examples/sssd-example.conf
@@ -26,6 +26,8 @@ services = nss, pam
# Consequently, the default value for enumeration is FALSE.
# Refer to the sssd.conf man page for full details.
; enumerate = false
+# Allow offline logins by locally storing password hashes (default: false).
+; cache_credentials = true
# An example Active Directory domain. Please note that this configuration
# works for AD 2003R2 and AD 2008, because they use pretty much RFC2307bis
@@ -39,13 +41,14 @@ services = nss, pam
;
; ldap_uri = ldap://your.ad.example.com
; ldap_search_base = dc=example,dc=com
+; ldap_schema = rfc2307bis
; ldap_sasl_mech = GSSAPI
-; ldap_sasl_authid = hostname$@EXAMPLE.COM
; ldap_user_object_class = user
; ldap_group_object_class = group
; ldap_user_home_directory = unixHomeDirectory
-; ldap_schema = rfc2307bis
-; ldap_force_upper_case_realm = True
+; ldap_user_principal = userPrincipalName
+; ldap_account_expire_policy = ad
+; ldap_force_upper_case_realm = true
;
; krb5_server = your.ad.example.com
; krb5_realm = EXAMPLE.COM