Главная Обзор Помощь
Вход
RONCC
/
Dell-Omnia-Clusters-HPC-AI
Следить 1
В избранное 0
Ответвить 0
Файлы Обсуждения 0 Запросы на слияние 0 Вики
Дерево: 861a5df7ad
Ветки Метки
Dell-Omnia-C...
/
roles
/
login_node
/
files
/
temp_sssd.conf

temp_sssd.conf 2.1 KB
История Исходник

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768 
  1. #
    2. 

  2. # sssd.conf
    3. 

  3. # Generated by 389 Directory Server - dsidm
    4. 

  4. #
    5. 

  5. # For more details see man sssd.conf and man sssd-ldap
    6. 

  6. # Be sure to review the content of this file to ensure it is secure and correct
    7. 

  7. # in your environment.
    8. 

  8. 

  9. [domain/ldap]
    10. 

  10. # Uncomment this for more verbose logging.
    11. 

  11. # debug_level=3
    12. 

  12. 

  13. # Cache hashes of user authentication for offline auth.
    14. 

  14. cache_credentials = True
    15. 

  15. id_provider = ldap
    16. 

  16. auth_provider = ldap
    17. 

  17. access_provider = ldap
    18. 

  18. chpass_provider = ldap
    19. 

  19. ldap_schema = rfc2307
    20. 

  20. ldap_search_base = dc=omnia,dc=test
    21. 

  21. ldap_uri = ldapi://%2fvar%2frun%2fslapd-ldap1.socket
    22. 

  22. # If you have DNS SRV records, you can use the following instead. This derives
    23. 

  23. # from your ldap_search_base.
    24. 

  24. # ldap_uri = _srv_
    25. 

  25. 

  26. ldap_tls_reqcert = demand
    27. 

  27. # To use cacert dir, place *.crt files in this path then run:
    28. 

  28. # /usr/bin/openssl rehash /etc/openldap/certs
    29. 

  29. # or (for older versions of openssl)
    30. 

  30. # /usr/bin/c_rehash /etc/openldap/certs
    31. 

  31. ldap_tls_cacertdir = /etc/openldap/certs
    32. 

  32. 

  33. # Path to the cacert
    34. 

  34. # ldap_tls_cacert = /etc/openldap/certs/ca.crt
    35. 

  35. 

  36. # Only users who match this filter can login and authorise to this machine. Note
    37. 

  37. # that users who do NOT match, will still have their uid/gid resolve, but they
    38. 

  38. # can't login.
    39. 

  39. ldap_access_filter = (memberOf=cn=server_admins,ou=groups,dc=omnia,dc=test)
    40. 

  40. 

  41. enumerate = false
    42. 

  42. access_provider = ldap
    43. 

  43. ldap_user_member_of = memberof
    44. 

  44. ldap_user_gecos = cn
    45. 

  45. ldap_user_uuid = nsUniqueId
    46. 

  46. ldap_group_uuid = nsUniqueId
    47. 

  47. # This is really important as it allows SSSD to respect nsAccountLock
    48. 

  48. ldap_account_expire_policy = rhds
    49. 

  49. ldap_access_order = filter, expire
    50. 

  50. # Setup for ssh keys
    51. 

  51. # Inside /etc/ssh/sshd_config add the lines:
    52. 

  52. #   AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys
    53. 

  53. #   AuthorizedKeysCommandUser nobody
    54. 

  54. # You can test with the command: sss_ssh_authorizedkeys <username>
    55. 

  55. ldap_user_ssh_public_key = nsSshPublicKey
    56. 

  56. 

  57. # This prevents an issue where the Directory is recursively walked on group
    58. 

  58. # and user look ups. It makes the client faster and more responsive in almost
    59. 

  59. # every scenario.
    60. 

  60. ignore_group_members = False
    61. 

  61. 

  62. [sssd]
    63. 

  63. services = nss, pam, ssh, sudo
    64. 

  64. config_file_version = 2
    65. 

  65. 

  66. domains = ldap
    67. 

  67. [nss]
    68. 

  68. homedir_substring = /home
    69.