From 8a07521b413a3b5879f824e1872c5770c92ee5c0 Mon Sep 17 00:00:00 2001 From: Stephen Gallagher Date: Wed, 3 Aug 2011 09:42:28 -0400 Subject: Rename sssd.conf to sssd-example.conf This file should not be installed by default. It leads to user confusion. We will instead install it as documentation. Fix incorrect example of entry_cache_nowait_percentage --- Makefile.am | 2 +- contrib/sssd.spec.in | 7 ++-- src/examples/sssd-example.conf | 95 ++++++++++++++++++++++++++++++++++++++++++ src/examples/sssd.conf | 95 ------------------------------------------ 4 files changed, 99 insertions(+), 100 deletions(-) create mode 100644 src/examples/sssd-example.conf delete mode 100644 src/examples/sssd.conf diff --git a/Makefile.am b/Makefile.am index 1df6d985f..c0267d298 100644 --- a/Makefile.am +++ b/Makefile.am @@ -441,7 +441,7 @@ endif dist_noinst_DATA += \ - src/examples/sssd.conf \ + src/examples/sssd-example.conf \ src/examples/sssdproxytest \ src/examples/sudo \ src/examples/logrotate \ diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in index 1b271fbb1..8bf156970 100644 --- a/contrib/sssd.spec.in +++ b/contrib/sssd.spec.in @@ -185,9 +185,8 @@ make install DESTDIR=$RPM_BUILD_ROOT # Prepare language files /usr/lib/rpm/find-lang.sh $RPM_BUILD_ROOT sssd -# Copy default sssd.conf file +# Copy SSSDConfig API files mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/sssd -install -m600 src/examples/sssd.conf $RPM_BUILD_ROOT%{_sysconfdir}/sssd/sssd.conf install -m444 src/config/etc/sssd.api.conf $RPM_BUILD_ROOT%{_sysconfdir}/sssd/sssd.api.conf install -m444 src/config/etc/sssd.api.d/* $RPM_BUILD_ROOT%{_sysconfdir}/sssd/sssd.api.d/ @@ -241,6 +240,7 @@ rm -rf $RPM_BUILD_ROOT %files -f sssd.lang %defattr(-,root,root,-) %doc COPYING +%doc src/examples/sssd-example.conf %{_initrddir}/%{name} %{_sbindir}/sssd %{_libexecdir}/%{servicename}/ @@ -253,12 +253,11 @@ rm -rf $RPM_BUILD_ROOT %attr(700,root,root) %dir %{pipepath}/private %attr(750,root,root) %dir %{_var}/log/%{name} %attr(711,root,root) %dir %{_sysconfdir}/sssd -%config(noreplace) %{_sysconfdir}/sssd/sssd.conf %config(noreplace) %{_sysconfdir}/logrotate.d/sssd %config(noreplace) %{_sysconfdir}/rwtab.d/sssd %config %{_sysconfdir}/sssd/sssd.api.conf %attr(755,root,root) %dir %{_sysconfdir}/sssd/sssd.api.d -%config %{_sysconfdir}/sssd/sssd.api.d/ +%config %{_sysconfdir}/sssd/sssd.api.d/* %{_mandir}/man5/sssd.conf.5* %{_mandir}/man5/sssd-ipa.5* %{_mandir}/man5/sssd-krb5.5* diff --git a/src/examples/sssd-example.conf b/src/examples/sssd-example.conf new file mode 100644 index 000000000..e0b256378 --- /dev/null +++ b/src/examples/sssd-example.conf @@ -0,0 +1,95 @@ +[sssd] +config_file_version = 2 + +# Number of times services should attempt to reconnect in the +# event of a crash or restart before they give up +reconnection_retries = 3 + +# If a back end is particularly slow you can raise this timeout here +sbus_timeout = 30 +services = nss, pam + +# SSSD will not start if you do not configure any domains. +# Add new domain configurations as [domain/] sections, and +# then add the list of domains (in the order you want them to be +# queried) to the "domains" attribute below and uncomment it. +; domains = LOCAL,LDAP + +[nss] +# The following prevents SSSD from searching for the root user/group in +# all domains (you can add here a comma-separated list of system accounts that +# are always going to be /etc/passwd users, or that you want to filter out). +filter_groups = root +filter_users = root +reconnection_retries = 3 + +# The entry_cache_nowait_percentage indicates the percentage of the +# entry_cache_timeout to wait before updating the cache out-of-band. +# (NSS requests will still be returned from cache until the full +# entry_cache_timeout). Setting this value to 0 turns this feature +# off (default). +; entry_cache_nowait_percentage = 50 + +[pam] +reconnection_retries = 3 + +# Example domain configurations +# Note that enabling enumeration in the following configurations will have a +# moderate performance impact while enumerations are actually running, and +# may increase the time necessary to detect network disconnection. +# Consequently, the default value for enumeration is FALSE. +# Refer to the sssd.conf man page for full details. + +# Example LOCAL domain that stores all users natively in the SSSD internal +# directory. These local users and groups are not visible in /etc/passwd; it +# now contains only root and system accounts. +; [domain/LOCAL] +; description = LOCAL Users domain +; id_provider = local +; enumerate = true +; min_id = 500 +; max_id = 999 + +# Example native LDAP domain +# ldap_schema can be set to "rfc2307", which uses the "memberuid" attribute +# for group membership, or to "rfc2307bis", which uses the "member" attribute +# to denote group membership. Changes to this setting affect only how we +# determine the groups a user belongs to and will have no negative effect on +# data about the user itself. If you do not know this value, ask an +# administrator. +; [domain/LDAP] +; id_provider = ldap +; auth_provider = ldap +; ldap_schema = rfc2307 +; ldap_uri = ldap://ldap.mydomain.org +; ldap_search_base = dc=mydomain,dc=org +; ldap_tls_reqcert = demand +; cache_credentials = true +; enumerate = False +; entry_cache_timeout = 5400 + +# Example LDAP domain where the LDAP server is an Active Directory server. + +; [domain/AD] +; description = LDAP domain with AD server +; enumerate = false +; min_id = 1000 +; +; id_provider = ldap +; auth_provider = ldap +; ldap_uri = ldap://your.ad.server.com +; ldap_schema = rfc2307bis +; ldap_default_bind_dn = cn=Administrator,cn=Users,dc=example,dc=com +; ldap_default_authtok_type = password +; ldap_default_authtok = YOUR_PASSWORD +; ldap_user_object_class = person +; ldap_user_name = msSFU30Name +; ldap_user_uid_number = msSFU30UidNumber +; ldap_user_gid_number = msSFU30GidNumber +; ldap_user_home_directory = msSFU30HomeDirectory +; ldap_user_shell = msSFU30LoginShell +; ldap_user_principal = userPrincipalName +; ldap_group_object_class = group +; ldap_group_name = msSFU30Name +; ldap_group_gid_number = msSFU30GidNumber +; ldap_force_upper_case_realm = True diff --git a/src/examples/sssd.conf b/src/examples/sssd.conf deleted file mode 100644 index cc14bc557..000000000 --- a/src/examples/sssd.conf +++ /dev/null @@ -1,95 +0,0 @@ -[sssd] -config_file_version = 2 - -# Number of times services should attempt to reconnect in the -# event of a crash or restart before they give up -reconnection_retries = 3 - -# If a back end is particularly slow you can raise this timeout here -sbus_timeout = 30 -services = nss, pam - -# SSSD will not start if you do not configure any domains. -# Add new domain configurations as [domain/] sections, and -# then add the list of domains (in the order you want them to be -# queried) to the "domains" attribute below and uncomment it. -; domains = LOCAL,LDAP - -[nss] -# The following prevents SSSD from searching for the root user/group in -# all domains (you can add here a comma-separated list of system accounts that -# are always going to be /etc/passwd users, or that you want to filter out). -filter_groups = root -filter_users = root -reconnection_retries = 3 - -# The entry_cache_nowait_percentage indicates the percentage of the -# entry_cache_timeout to wait before updating the cache out-of-band. -# (NSS requests will still be returned from cache until the full -# entry_cache_timeout). Setting this value to 0 turns this feature -# off (default). -; entry_cache_nowait_percentage = 300 - -[pam] -reconnection_retries = 3 - -# Example domain configurations -# Note that enabling enumeration in the following configurations will have a -# moderate performance impact while enumerations are actually running, and -# may increase the time necessary to detect network disconnection. -# Consequently, the default value for enumeration is FALSE. -# Refer to the sssd.conf man page for full details. - -# Example LOCAL domain that stores all users natively in the SSSD internal -# directory. These local users and groups are not visible in /etc/passwd; it -# now contains only root and system accounts. -; [domain/LOCAL] -; description = LOCAL Users domain -; id_provider = local -; enumerate = true -; min_id = 500 -; max_id = 999 - -# Example native LDAP domain -# ldap_schema can be set to "rfc2307", which uses the "memberuid" attribute -# for group membership, or to "rfc2307bis", which uses the "member" attribute -# to denote group membership. Changes to this setting affect only how we -# determine the groups a user belongs to and will have no negative effect on -# data about the user itself. If you do not know this value, ask an -# administrator. -; [domain/LDAP] -; id_provider = ldap -; auth_provider = ldap -; ldap_schema = rfc2307 -; ldap_uri = ldap://ldap.mydomain.org -; ldap_search_base = dc=mydomain,dc=org -; ldap_tls_reqcert = demand -; cache_credentials = true -; enumerate = False -; entry_cache_timeout = 5400 - -# Example LDAP domain where the LDAP server is an Active Directory server. - -; [domain/AD] -; description = LDAP domain with AD server -; enumerate = false -; min_id = 1000 -; -; id_provider = ldap -; auth_provider = ldap -; ldap_uri = ldap://your.ad.server.com -; ldap_schema = rfc2307bis -; ldap_default_bind_dn = cn=Administrator,cn=Users,dc=example,dc=com -; ldap_default_authtok_type = password -; ldap_default_authtok = YOUR_PASSWORD -; ldap_user_object_class = person -; ldap_user_name = msSFU30Name -; ldap_user_uid_number = msSFU30UidNumber -; ldap_user_gid_number = msSFU30GidNumber -; ldap_user_home_directory = msSFU30HomeDirectory -; ldap_user_shell = msSFU30LoginShell -; ldap_user_principal = userPrincipalName -; ldap_group_object_class = group -; ldap_group_name = msSFU30Name -; ldap_group_gid_number = msSFU30GidNumber -; ldap_force_upper_case_realm = True -- cgit