File: nsscache.conf

package info (click to toggle)
nsscache 0.49-5
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 19,664 kB
  • sloc: python: 8,661; xml: 584; sh: 304; makefile: 19
file content (98 lines) | stat: -rw-r--r-- 2,457 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
 
# Example /etc/nsscache.conf - configuration for nsscache
#
# nsscache loads a config file from the environment variable NSSCACHE_CONFIG
#
# By default this is /etc/nsscache.conf
#
# Commented values are overrideable defaults, uncommented values
# require you to set them.

[DEFAULT]

# Default NSS data source module name
source = ldap

# Default NSS data cache module name; 'files' is compatible with the
# libnss-cache NSS module.
cache = files

# NSS maps to be cached
maps = passwd, group, shadow

# Directory to store our update/modify timestamps
timestamp_dir = /var/lib/nsscache

# Lockfile to use for update/repair operations
lockfile = /var/run/nsscache

# Defaults for specific modules; prefaced with "modulename_"

##
# ldap module defaults.
#

# Enable to connect to Active Directory.
# Leave disabled if connecting to openldap or slapd
ldap_ad = 1

# LDAP URI to query for NSS data
ldap_uri = ldaps://local.domain

# Default LDAP search scope
ldap_scope = sub

# Default LDAP BIND DN, empty string is an anonymous bind
ldap_bind_dn = administrator@local.domain

# Default LDAP password, empty DN and empty password is used for
# anonymous binds
ldap_bind_password = 4dm1n_s3cr36_v3ry_c0mpl3x

# Default setting for requiring tls certificates, one of:
# never, hard, demand, allow, try
ldap_tls_require_cert = 'never'

# Default directoy for trusted CAs
ldap_tls_cacertdir = '/etc/ssl/certs/'

# Default filename for trusted CAs
ldap_tls_cacertfile = '/etc/ssl/certs/ad.pem'

# Replace all users' shells with the specified one.
ldap_override_shell = '/bin/bash'

# Set directory for all users in passwd under /home.
ldap_home_dir = 1

# Debug logging
ldap_debug = 3

##
# files module defaults

# Directory to store the plain text files
files_dir = /etc

# Suffix used on the files module database files
files_cache_filename_suffix = cache

###
# Optional per-map sections, if present they will override the above
# defaults.  The examples below show you some common values to override
#

[passwd]
ldap_base = DC=local,DC=domain
ldap_filter = (&(objectCategory=User)(memberOf=CN=Admins,CN=Users,DC=local,DC=domain))

[group]
ldap_base = DC=local,DC=domain
ldap_filter = (|(&(objectCategory=Group)(CN=Admins))(&(objectCategory=User)(memberOf=CN=Admins,CN=Users,DC=local,DC=domain)))

[shadow]
ldap_base = DC=local,DC=domain
ldap_filter = (&(objectCategory=User)(memberOf=CN=Admins,CN=Users,DC=local,DC=domain))

[suffix]
prefix = ""
suffix = ""