see below sssd.conf file, which works for the installation here. [root@myws ~]# cat /etc/sssd/sssd.conf [sssd] config_file_version = 2 # Number of times services should attempt to reconnect in the # event of a crash or restart before they give up reconnection_retries = 3 # if a backend is particularly slow you can raise this timeout here sbus_timeout = 30 services = nss, pam # domains = LOCAL,LDAP # SSSD will not start if you don't configure any domain. # Add new domains condifgurations as [domain/<NAME>] sections. # Then add the list of domains (in the order you want them to be # queried in the 'domains" attribute above and uncomment it domains = LDAP [nss] # the following prevents sssd for searching for the root user/group in # all domains (you can add here a comma separated list of system accounts are # always going to be /etc/passwd users, or that you want to filter out) filter_groups = root filter_users = root reconnection_retries = 3 # The EntryCacheTimeout indicates the number of seconds to retain before # an entry in cache is considered stale and must block to refresh. # The EntryCacheNoWaitRefreshTimeout indicates the number of seconds to # wait before updating the cache out-of-band. (NSS requests will still # be returned from cache until the full EntryCacheTimeout). Setting this # value to 0 turns this feature off (default) # entry_cache_timeout = 600 # entry_cache_nowait_timeout = 300 [pam] reconnection_retries = 3 # Example LOCAL domain that stores all users natively in the SSSD internal # directory. These local users and groups are not visibile in /etc/passwd, it # now contains only root and system accounts. # [domain/LOCAL] # description = LOCAL Users domain # id_provider = local # enumerate = true # min_id = 500 # max_id = 999 # Example native LDAP domain [domain/LDAP] min_id = 50 ldap_tls_reqcert = never id_provider = ldap auth_provider = ldap ldap_uri = ldap://ldapadmin.mydomain.com/ ldap_search_base = ou=pam-ldap,dc=mydomain,dc=com ldap_user_search_base = ou=people,ou=pam-ldap,dc=mydomain,dc=com ldap_group_search_base = ou=group,ou=pam-ldap,dc=mydomain,dc=com ldap_default_bind_dn = cn=pam-ldap-checker,ou=pam-ldap,dc=mydomain,dc=com ldap_default_authtok = password-for-above-DN # ldap_tls_reqcert = demand #cache_credentials = true enumerate = true # Example LDAP domain where the LDAP server is an Active Directory server. # [domain/AD] # description = LDAP domain with AD server # enumerate = false # min_id = 1000 # # id_provider = ldap # auth_provider = ldap # ldap_uri = ldap://your.ad.server.com # ldap_schema = rfc2307bis # ldap_user_search_base = cn=users,dc=example,dc=com # ldap_group_search_base = cn=users,dc=example,dc=com # ldap_default_bind_dn = cn=Administrator,cn=Users,dc=example,dc=com # ldap_default_authtok_type = password # ldap_default_authtok = YOUR_PASSWORD # ldap_user_object_class = person # ldap_user_name = msSFU30Name # ldap_user_uid_number = msSFU30UidNumber # ldap_user_gid_number = msSFU30GidNumber # ldap_user_home_directory = msSFU30HomeDirectory # ldap_user_shell = msSFU30LoginShell # ldap_user_principal = userPrincipalName # ldap_group_object_class = group # ldap_group_name = msSFU30Name # ldap_group_gid_number = msSFU30GidNumber [domain/default] ldap_id_use_start_tls = True cache_credentials = True ldap_search_base = ou=pam-ldap,dc=mydomain,dc=com krb5_realm = EXAMPLE.COM chpass_provider = ldap id_provider = ldap auth_provider = ldap ldap_default_bind_dn = cn=pam-ldap-checker,ou=pam-ldap,dc=mydomain,dc=com debug_level = 0 min_id = 500 ldap_uri = ldap://ldap.mydomain.com <br /> krb5_kdcip = kerberos.example.com ldap_default_authtok = password-for-above-DN ldap_tls_cacertdir = /etc/openldap/cacerts [root@myws ~]# suomi On 2011-01-17 15:27, Luc MAIGNAN wrote: > Hi, > > I want to use openLDAP to authenticate users to log-in. > > In the previous versions of Fedora, I just use system-config-auth but it > doesn't seem to work in F14. > > Has someone a good and pretty HOWTO to explain how to do this ? > > BR > > Luc -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
