rpms/sssd/devel 0002-Replace-the-example-sssd.conf-file-with-the-one-used.patch, NONE, 1.1 sssd.spec, 1.9, 1.10

Tue Apr 14 21:54:11 UTC 2009

Author: simo

Update of /cvs/pkgs/rpms/sssd/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv8246

Modified Files:
	sssd.spec 
Added Files:
	0002-Replace-the-example-sssd.conf-file-with-the-one-used.patch 
Log Message:
add patch 0002 too


0002-Replace-the-example-sssd.conf-file-with-the-one-used.patch:

--- NEW FILE 0002-Replace-the-example-sssd.conf-file-with-the-one-used.patch ---
>From 2f9fb5b8dcf09a3285386b8bade78bcd6867cb24 Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgallagh at redhat.com>
Date: Tue, 14 Apr 2009 09:30:43 -0400
Subject: [PATCH] Replace the example sssd.conf file with the one used in Fedora

Also remove the [services/infopipe] section, since we're not
shipping InfoPipe yet, and that would be confusing.
---
 server/examples/sssd.conf |  103 +++++++++++++++++++++++++++++++--------------
 1 files changed, 71 insertions(+), 32 deletions(-)

diff --git a/server/examples/sssd.conf b/server/examples/sssd.conf
index c5fd7e6..b9a421e 100644
--- a/server/examples/sssd.conf
+++ b/server/examples/sssd.conf
@@ -1,50 +1,89 @@
 [services]
 description = Local Service Configuration
-activeServices = nss, dp, pam, info
+activeServices = nss, dp, pam
 
 [services/nss]
 description = NSS Responder Configuration
-timeout = 10
-filterGroups = root, foo at TEST
-filterUsers = root, bar at TEST
+# the following prevents sssd for searching for the root user/group in
+# all domains (you can add here a comma separated list of system accounts are
+# always going to be /etc/passwd users, or that you want to filter out)
+filterGroups = root
+filterUsers = root
 
 [services/dp]
 description = Data Provider Configuration
-timeout = 10
 
 [services/pam]
 description = PAM Responder Configuration
-timeout = 10
-
-[services/info]
-description = InfoPipe Configuration
-timeout = 10
 
 [services/monitor]
 description = Service Monitor Configuration
-sbusTimeout = 10
+#if a backend is particularly slow you can raise this timeout here
+sbusTimeout = 30
 
 [domains]
 description = Domains served by SSSD
-domains = LOCAL
-
-[domains/LOCAL]
-description = Reserved domain for local configurations
-enumerate = 3
-minId = 500
-maxId = 999
-legacy = TRUE
-libName = files
-libPath = /lib64/libnss_files.so.2
-magicPrivateGroups = FALSE
-provider = proxy
-auth-module = proxy
-pam-target = sssdproxylocal
-
-[domains/EXAMPLE.COM]
-description = Example LDAP domain
-basedn = dc=example,dc=com
-command = /usr/libexec/sssd/sssd_be --provider ldap --domain EXAMPLE.COM
-provider = ldap
-userSearchBase = ou=user,dc=example,dc=com
+; domains = LOCAL,LDAP
+
+# SSSD will not start if you don't configure any domain.
+# Add new domains condifgurations as [domains/<NAME>] sections.
+# Then add the list of domains (in the order you want them to be
+# queried in the 'domains" attribute above and uncomment it
+
+# Example LOCAL domain that proxies to /etc/passwd and /etc/group files
+# This configuration is meant mostly as a migration path to be able to store
+# additional information about users while still keeping /etc/passwd
+# authoritative.
+
+; [domains/LOCAL]
+; description = LOCAL migration domain
+; enumerate = 3
+; minId = 500
+; magicPrivateGroups = FALSE
+; legacy = TRUE
+;
+; provider = proxy
+; libName = files
+; libPath = libnss_files.so.2
+
+# optionally a file named sssdproxylocal can be place in pam.d configured to
+# check pam_unix only and pam_sss can be used in the normal pam stack
+; auth-module = proxy
+; pam-target = sssdproxylocal
+
+# Example LOCAL domain that stores all users natively in the SSSD internal
+# directory. These local users and groups are not visibile in /etc/passwd, it
+# now contains only root and system accounts.
+
+; [domains/LOCAL]
+; description = LOCAL Users domain
+; enumerate = 3
+; minId = 500
+; maxId = 999
+; legacy = FALSE
+; magicPrivateGroups = TRUE
+
+# Example LDAP domain that uses the proxy backend and the standard nss_ldap
+# and pam_ldap modules (Useful until we have good working native ldap backends).
+# For this to work the /etc/ldap.conf file needs to be correctly configured just
+# like you would do when using nss_ldap in nsswitch.conf, but instead of setting
+# passwd: files ldap, set passwd: files, sss instead there.
+# Also consider using the following setting in /etc/ldap.conf to avoid needless
+# delays if the ldap server is offline:
+# timelimit 10
+# bind_timelimit 5
+# nss_reconnect_maxsleeptime 2
+# nss_reconnect_sleeptime 1
 
+; [domains/LDAP]
+; description = Proxy request to our LDAP server
+; enumerate = 0
+; minId = 1000
+; legacy = TRUE
+;
+; provider = proxy
+; libName = ldap
+; libPath = libnss_ldap.so.2
+;
+#if a backend is particularly slow you can raise this timeout here
+; timeout = 60
-- 
1.6.0.6



Index: sssd.spec
===================================================================
RCS file: /cvs/pkgs/rpms/sssd/devel/sssd.spec,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- sssd.spec	14 Apr 2009 21:24:36 -0000	1.9
+++ sssd.spec	14 Apr 2009 21:53:40 -0000	1.10
@@ -14,6 +14,7 @@
 
 ### Patches ###
 Patch101: 0001-Add-reconnection-code-between-the-NSS-responder-and.patch
+Patch102: 0002-Replace-the-example-sssd.conf-file-with-the-one-used.patch
 Patch103: 0003-Make-reconnection-to-the-Data-Provider-a-global-sett.patch
 Patch104: 0004-Add-common-function-to-retrieve-comma-sep.-lists.patch
 Patch105: 0005-Fixing-memory-issues-in-ini-and-collection.patch
@@ -56,6 +57,7 @@
 %setup -q
 
 %patch101 -p1 -b .reconnect
+%patch102 -p1 -b .examples
 %patch103 -p1 -b .global_reconnect_option
 %patch104 -p1 -b .fix_filters
 %patch105 -p1 -b .fix_mem_issues


