59 lines
1.5 KiB
Plaintext
59 lines
1.5 KiB
Plaintext
###
|
|
##
|
|
## Prototype System Security Services Daemon configuration for GNU/Linux based systems in the namespaces lysergic.dev / syscid.com /liberta.casa
|
|
##
|
|
## Unless otherwise stated, system/scripts/sh/deploy_directory_client.sh should be run instead of manually setting this file.
|
|
##
|
|
## georg@lysergic.dev
|
|
##
|
|
###
|
|
|
|
[sssd]
|
|
debug_level = 10
|
|
config_file_version = 2
|
|
services = nss, pam, ssh, sudo
|
|
domains = SYSCID
|
|
|
|
[nss]
|
|
homedir_substring = /home
|
|
debug_level = 10
|
|
|
|
[pam]
|
|
debug_level = 10
|
|
pam_verbosity = 3
|
|
pam_account_expired_message = Permission denied - Your SYSCID or LibertaCasa Account EXPIRED.
|
|
pam_account_locked_message = Permission denied - Your SYSCID or LibertaCasa Account is LOCKED.
|
|
|
|
[ssh]
|
|
debug_level = 10
|
|
|
|
[sudo]
|
|
debug_level = 10
|
|
|
|
[domain/SYSCID]
|
|
ignore_group_members = False
|
|
debug_level = 10
|
|
cache_credentials= False
|
|
id_provider = ldap
|
|
auth_provider = ldap
|
|
access_provider = ldap
|
|
chpass_provider = ldap
|
|
ldap_schema = rfc2307bis
|
|
ldap_search_base = dc=syscid,dc=com
|
|
ldap_uri = ldaps://ldap.syscid.com
|
|
ldap_access_filter = (memberOf=cn=syscid_shell_users,ou=syscid-groups,dc=syscid,dc=com)
|
|
access_provider = ldap
|
|
ldap_user_member_of = memberof
|
|
#ldap_group_member = memberUid
|
|
#ldap_group_member = member
|
|
ldap_user_gecos = cn
|
|
ldap_user_uuid = nsUniqueId
|
|
ldap_group_uuid = nsUniqueId
|
|
#ldap_pwd_policy = shadow
|
|
ldap_account_expire_policy = rhds
|
|
ldap_access_order = filter, expire, pwd_expire_policy_renew
|
|
ldap_user_ssh_public_key = sshPublicKey
|
|
sudo_provider = ldap
|
|
ldap_sudo_search_base = ou=SUDOers,ou=syscid-system,dc=syscid,dc=com
|
|
|