Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 589605 Details for
Bug 826275
sssd uses cacert from ldap.conf instead of sssd.conf
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
sssd.conf
sssd.conf (text/plain), 2.17 KB, created by
Andrew McNabb
on 2012-06-05 18:22:47 UTC
(
hide
)
Description:
sssd.conf
Filename:
MIME Type:
Creator:
Andrew McNabb
Created:
2012-06-05 18:22:47 UTC
Size:
2.17 KB
patch
obsolete
>[sssd] >debug_level = 0x00F0 >config_file_version = 2 > ># Number of times services should attempt to reconnect in the ># event of a crash or restart before they give up >reconnection_retries = 3 > ># If a back end is particularly slow you can raise this timeout here >sbus_timeout = 30 >services = nss, pam > ># SSSD will not start if you do not configure any domains. ># Add new domain configurations as [domain/<NAME>] sections, and ># then add the list of domains (in the order you want them to be ># queried) to the "domains" attribute below and uncomment it. >; domains = LOCAL,LDAP >domains = LDAP > >[nss] >debug_level = 0x00F0 ># The following prevents SSSD from searching for the root user/group in ># all domains (you can add here a comma-separated list of system accounts that ># are always going to be /etc/passwd users, or that you want to filter out). >filter_groups = root >filter_users = root >reconnection_retries = 3 > ># The entry_cache_timeout indicates the number of seconds to retain an ># entry in cache before it is considered stale and must block to refresh. ># The entry_cache_nowait_timeout indicates the number of seconds to ># wait before updating the cache out-of-band. (NSS requests will still ># be returned from cache until the full entry_cache_timeout). Setting this ># value to 0 turns this feature off (default). >; entry_cache_timeout = 600 >; entry_cache_nowait_timeout = 300 >entry_cache_nowait_percentage=50 > >[pam] >debug_level = 0x00F0 >reconnection_retries = 3 > ># Example domain configurations ># Note that enabling enumeration in the following configurations will have a ># moderate performance impact while enumerations are actually running, and ># may increase the time necessary to detect network disconnection. ># Consequently, the default value for enumeration is FALSE. ># Refer to the sssd.conf man page for full details. > >[domain/LDAP] >;debug_level = 0x00F0 >debug_level = 0xFFFF >id_provider = ldap >min_id = 5000 >auth_provider = ldap >ldap_uri = ldap://192.168.36.6 >ldap_user_search_base = ou=people,dc=aml,dc=cs,dc=byu,dc=edu >ldap_group_search_base = ou=group,dc=aml,dc=cs,dc=byu,dc=edu >ldap_tls_reqcert = demand >cache_credentials = true >enumerate = true >ldap_tls_cacert = /admin/etc/openldap/cacerts/cacert.pem
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=589605">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 826275
: 589605