Copy-edit and format review sssd.conf

Updated EntryCache*Timeout to the correct values.
Fixed one missed EntryCacheTimeout
Added notes about perf hit of using enumeration.

1 files changed, 27 insertions, 18 deletions

diff --git a/src/examples/sssd.conf b/src/examples/sssd.conf
index e93cf51b..f7b847d3 100644
--- a/src/examples/sssd.conf
+++ b/src/examples/sssd.conf
@@ -1,40 +1,49 @@
 [sssd]
 config_file_version = 2
+
 # Number of times services should attempt to reconnect in the
 # event of a crash or restart before they give up
 reconnection_retries = 3
-# if a backend is particularly slow you can raise this timeout here
+
+# If a back end is particularly slow you can raise this timeout here
 sbus_timeout = 30
 services = nss, pam
-; domains = LOCAL,LDAP
-# SSSD will not start if you don't configure any domain.
-# Add new domains condifgurations as [domain/<NAME>] sections.
-# Then add the list of domains (in the order you want them to be
-# queried in the 'domains" attribute above and uncomment it
 
+# SSSD will not start if you do not configure any domains.
+# Add new domain configurations as [domain/<NAME>] sections, and
+# then add the list of domains (in the order you want them to be
+# queried) to the "domains" attribute below and uncomment it.
+; domains = LOCAL,LDAP
 
 [nss]
-# the following prevents sssd for searching for the root user/group in
-# all domains (you can add here a comma separated list of system accounts are
-# always going to be /etc/passwd users, or that you want to filter out)
+# The following prevents SSSD from searching for the root user/group in
+# all domains (you can add here a comma-separated list of system accounts that
+# are always going to be /etc/passwd users, or that you want to filter out).
 filter_groups = root
 filter_users = root
 reconnection_retries = 3
 
-# The EntryCacheTimeout indicates the number of seconds to retain before
-# an entry in cache is considered stale and must block to refresh.
-# The EntryCacheNoWaitRefreshTimeout indicates the number of seconds to
+# The entry_cache_timeout indicates the number of seconds to retain an
+# entry in cache before it is considered stale and must block to refresh.
+# The entry_cache_nowait_timeout indicates the number of seconds to
 # wait before updating the cache out-of-band. (NSS requests will still
-# be returned from cache until the full EntryCacheTimeout). Setting this
-# value to 0 turns this feature off (default)
+# be returned from cache until the full entry_cache_timeout). Setting this
+# value to 0 turns this feature off (default).
 ; entry_cache_timeout = 600
 ; entry_cache_nowait_timeout = 300
 
 [pam]
 reconnection_retries = 3
 
+# Example domain configurations
+# Note that enabling enumeration in the following configurations will have a
+# moderate performance impact while enumerations are actually running, and
+# may increase the time necessary to detect network disconnection.
+# Consequently, the default value for enumeration is FALSE.
+# Refer to the sssd.conf man page for full details.
+
 # Example LOCAL domain that stores all users natively in the SSSD internal
-# directory. These local users and groups are not visibile in /etc/passwd, it
+# directory. These local users and groups are not visible in /etc/passwd; it
 # now contains only root and system accounts.
 ; [domain/LOCAL]
 ; description = LOCAL Users domain
@@ -44,9 +53,9 @@ reconnection_retries = 3
 ; max_id = 999
 
 # Example native LDAP domain
-# ldap_schema can be set to 'rfc2307', which uses the 'memberuid' attribute
-# for group membership, or to 'rfc2307bis', which uses the 'member' attribute
-# to denote group membership. Changes to this setting affects only how we
+# ldap_schema can be set to "rfc2307", which uses the "memberuid" attribute
+# for group membership, or to "rfc2307bis", which uses the "member" attribute
+# to denote group membership. Changes to this setting affect only how we
 # determine the groups a user belongs to and will have no negative effect on
 # data about the user itself. If you do not know this value, ask an
 # administrator.