[SSSD] [PATCH] Convert the example config to v2 format, upgrade config on update only

Jakub Hrozek Fri, 25 Sep 2009 08:06:26 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Convert the example config to v2 format, upgrade config on update only


Also, instead of having an LDAP proxy domain as an example, show a
native LDAP config.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkq82LYACgkQHsardTLnvCXphACgt+YznBMDLlBMi6qvO5OMzJ/M
JHQAn2hyhh1fkii+XgdfZ+cyQL1B48rz
=Yzim
-----END PGP SIGNATURE-----

>From a9110328426162aeeae1f2cdc5cbec69d2f640a6 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhro...@redhat.com>
Date: Fri, 25 Sep 2009 16:17:52 +0200
Subject: [PATCH] Convert the example config to v2 format, upgrade config on update only

---
 contrib/sssd.spec.in      |    6 ++-
 server/examples/sssd.conf |  132 +++++++++++++++++++--------------------------
 2 files changed, 60 insertions(+), 78 deletions(-)

diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in
index 771f190..5dc45d2 100644
--- a/contrib/sssd.spec.in
+++ b/contrib/sssd.spec.in
@@ -154,8 +154,10 @@ rm -rf $RPM_BUILD_ROOT
 %post
 /sbin/ldconfig
 /sbin/chkconfig --add %{servicename}
-# a one-time upgrade from confdb v1 to v2
-python %{_libexecdir}/%{servicename}/upgrade_config.py
+if [ $1 -ge 2 ] ; then
+# a one-time upgrade from confdb v1 to v2, only if upgrading
+    python %{_libexecdir}/%{servicename}/upgrade_config.py
+fi
 
 %preun
 if [ $1 = 0 ]; then
diff --git a/server/examples/sssd.conf b/server/examples/sssd.conf
index 894dc75..ed7d9ac 100644
--- a/server/examples/sssd.conf
+++ b/server/examples/sssd.conf
@@ -1,17 +1,25 @@
-[services]
-description = Local Service Configuration
-activeServices = nss, dp, pam
+[sssd]
+config_file_version = 2
 # Number of times services should attempt to reconnect in the
-# event of a Data Provider crash or restart before they give up
+# event of a crash or restart before they give up
 reconnection_retries = 3
+# if a backend is particularly slow you can raise this timeout here
+sbus_timeout = 30
+services = nss, dp, pam
+; domains = LOCAL,LDAP
+# SSSD will not start if you don't configure any domain.
+# Add new domains condifgurations as [domain/<NAME>] sections.
+# Then add the list of domains (in the order you want them to be
+# queried in the 'domains" attribute above and uncomment it
+
 
-[services/nss]
-description = NSS Responder Configuration
+[nss]
 # the following prevents sssd for searching for the root user/group in
 # all domains (you can add here a comma separated list of system accounts are
 # always going to be /etc/passwd users, or that you want to filter out)
-filterGroups = root
-filterUsers = root
+filter_groups = root
+filter_users = root
+reconnection_retries = 3
 
 # The EntryCacheTimeout indicates the number of seconds to retain before
 # an entry in cache is considered stale and must block to refresh.
@@ -19,86 +27,58 @@ filterUsers = root
 # wait before updating the cache out-of-band. (NSS requests will still
 # be returned from cache until the full EntryCacheTimeout). Setting this
 # value to 0 turns this feature off (default)
-; EntryCacheTimeout = 600
-; EntryCacheNoWaitRefreshTimeout = 300
-
-[services/dp]
-description = Data Provider Configuration
-
-[services/pam]
-description = PAM Responder Configuration
+; entry_cache_timeout = 600
+; entry_cache_nowait_timeout = 300
 
-[services/monitor]
-description = Service Monitor Configuration
-#if a backend is particularly slow you can raise this timeout here
-sbusTimeout = 30
-
-[domains]
-description = Domains served by SSSD
-; domains = LOCAL,LDAP
+[pam]
+reconnection_retries = 3
 
-# SSSD will not start if you don't configure any domain.
-# Add new domains condifgurations as [domains/<NAME>] sections.
-# Then add the list of domains (in the order you want them to be
-# queried in the 'domains" attribute above and uncomment it
+[dp]
+reconnection_retries = 3
 
 # Example LOCAL domain that stores all users natively in the SSSD internal
 # directory. These local users and groups are not visibile in /etc/passwd, it
 # now contains only root and system accounts.
-
-; [domains/LOCAL]
+; [domain/LOCAL]
 ; description = LOCAL Users domain
-; provider = local
+; id_provider = local
 ; enumerate = true
-; minId = 500
-; maxId = 999
-
-# Example LDAP domain that uses the proxy backend and the standard nss_ldap
-# and pam_ldap modules (Useful until we have good working native ldap backends).
-# For this to work the /etc/ldap.conf file needs to be correctly configured just
-# like you would do when using nss_ldap in nsswitch.conf, but instead of setting
-# passwd: files ldap, set passwd: files, sss instead there.
-# Also consider using the following setting in /etc/ldap.conf to avoid needless
-# delays if the ldap server is offline:
-# timelimit 10
-# bind_timelimit 5
-# nss_reconnect_maxsleeptime 2
-# nss_reconnect_sleeptime 1
+; min_id = 500
+; max_id = 999
 
-; [domains/LDAP]
-; description = Proxy request to our LDAP server
-; enumerate = false
-; minId = 1000
-;
-; provider = proxy
-; libName = ldap
-;
-#if a backend is particularly slow you can raise this timeout here
-; timeout = 60
+# Example native LDAP domain
+; [domain/LDAP]
+; id_provider = ldap
+; auth_provider = ldap
+; ldap_uri = ldap://ldap.mydomain.org
+; ldap_user_search_base = dc=mydomain,dc=org
+; ldap_tls_reqcert = demand
+; cache_credentials = true
+; enumerate = true
 
 # Example LDAP domain where the LDAP server is an Active Directory server.
 
 ; [domains/AD]
 ; description = LDAP domain with AD server
 ; enumerate = false
-; minId = 1000
-;
-; provider = ldap
-; auth-module = ldap
-; ldapUri = ldap://your.ad.server.com
-; ldapSchema = rfc2307bis
-; userSearchBase = cn=users,dc=example,dc=com
-; groupSearchBase = cn=users,dc=example,dc=com
-; defaultBindDn = cn=Administrator,cn=Users,dc=example,dc=com
-; defaultAuthtokType = password
-; defaultAuthtok = YOUR_PASSWORD
-; userObjectClass = person
-; userName = msSFU30Name
-; userUidNumber = msSFU30UidNumber
-; userGidNumber = msSFU30GidNumber
-; userHomeDirectory = msSFU30HomeDirectory
-; userShell = msSFU30LoginShell
-; userPrincipal = userPrincipalName
-; groupObjectClass = group
-; groupName = msSFU30Name
-; groupGidNumber = msSFU30GidNumber
+; min_id = 1000
+; 
+; id_provider = ldap
+; auth_provider = ldap
+; ldap_uri = ldap://your.ad.server.com
+; ldap_schema = rfc2307bis
+; ldap_user_search_base = cn=users,dc=example,dc=com
+; ldap_group_search_base = cn=users,dc=example,dc=com
+; ldap_default_bind_dn = cn=Administrator,cn=Users,dc=example,dc=com
+; ldap_default_authtok_type = password
+; ldap_default_authtok = YOUR_PASSWORD
+; ldap_user_object_class = person
+; ldap_user_name = msSFU30Name
+; ldap_user_uid_number = msSFU30UidNumber
+; ldap_user_gid_number = msSFU30GidNumber
+; ldap_user_home_directory = msSFU30HomeDirectory
+; ldap_user_shell = msSFU30LoginShell
+; ldap_user_principal = userPrincipalName
+; ldap_group_object_class = group
+; ldap_group_name = msSFU30Name
+; ldap_group_gid_number = msSFU30GidNumber
-- 
1.6.2.5

_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/sssd-devel

[SSSD] [PATCH] Convert the example config to v2 format, upgrade config on update only

Reply via email to