diff --git a/0002-Replace-the-example-sssd.conf-file-with-the-one-used.patch b/0002-Replace-the-example-sssd.conf-file-with-the-one-used.patch new file mode 100644 index 0000000..08f9549 --- /dev/null +++ b/0002-Replace-the-example-sssd.conf-file-with-the-one-used.patch @@ -0,0 +1,140 @@ +From 2f9fb5b8dcf09a3285386b8bade78bcd6867cb24 Mon Sep 17 00:00:00 2001 +From: Stephen Gallagher +Date: Tue, 14 Apr 2009 09:30:43 -0400 +Subject: [PATCH] Replace the example sssd.conf file with the one used in Fedora + +Also remove the [services/infopipe] section, since we're not +shipping InfoPipe yet, and that would be confusing. +--- + server/examples/sssd.conf | 103 +++++++++++++++++++++++++++++++-------------- + 1 files changed, 71 insertions(+), 32 deletions(-) + +diff --git a/server/examples/sssd.conf b/server/examples/sssd.conf +index c5fd7e6..b9a421e 100644 +--- a/server/examples/sssd.conf ++++ b/server/examples/sssd.conf +@@ -1,50 +1,89 @@ + [services] + description = Local Service Configuration +-activeServices = nss, dp, pam, info ++activeServices = nss, dp, pam + + [services/nss] + description = NSS Responder Configuration +-timeout = 10 +-filterGroups = root, foo@TEST +-filterUsers = root, bar@TEST ++# the following prevents sssd for searching for the root user/group in ++# all domains (you can add here a comma separated list of system accounts are ++# always going to be /etc/passwd users, or that you want to filter out) ++filterGroups = root ++filterUsers = root + + [services/dp] + description = Data Provider Configuration +-timeout = 10 + + [services/pam] + description = PAM Responder Configuration +-timeout = 10 +- +-[services/info] +-description = InfoPipe Configuration +-timeout = 10 + + [services/monitor] + description = Service Monitor Configuration +-sbusTimeout = 10 ++#if a backend is particularly slow you can raise this timeout here ++sbusTimeout = 30 + + [domains] + description = Domains served by SSSD +-domains = LOCAL +- +-[domains/LOCAL] +-description = Reserved domain for local configurations +-enumerate = 3 +-minId = 500 +-maxId = 999 +-legacy = TRUE +-libName = files +-libPath = /lib64/libnss_files.so.2 +-magicPrivateGroups = FALSE +-provider = proxy +-auth-module = proxy +-pam-target = sssdproxylocal +- +-[domains/EXAMPLE.COM] +-description = Example LDAP domain +-basedn = dc=example,dc=com +-command = /usr/libexec/sssd/sssd_be --provider ldap --domain EXAMPLE.COM +-provider = ldap +-userSearchBase = ou=user,dc=example,dc=com ++; domains = LOCAL,LDAP ++ ++# SSSD will not start if you don't configure any domain. ++# Add new domains condifgurations as [domains/] sections. ++# Then add the list of domains (in the order you want them to be ++# queried in the 'domains" attribute above and uncomment it ++ ++# Example LOCAL domain that proxies to /etc/passwd and /etc/group files ++# This configuration is meant mostly as a migration path to be able to store ++# additional information about users while still keeping /etc/passwd ++# authoritative. ++ ++; [domains/LOCAL] ++; description = LOCAL migration domain ++; enumerate = 3 ++; minId = 500 ++; magicPrivateGroups = FALSE ++; legacy = TRUE ++; ++; provider = proxy ++; libName = files ++; libPath = libnss_files.so.2 ++ ++# optionally a file named sssdproxylocal can be place in pam.d configured to ++# check pam_unix only and pam_sss can be used in the normal pam stack ++; auth-module = proxy ++; pam-target = sssdproxylocal ++ ++# Example LOCAL domain that stores all users natively in the SSSD internal ++# directory. These local users and groups are not visibile in /etc/passwd, it ++# now contains only root and system accounts. ++ ++; [domains/LOCAL] ++; description = LOCAL Users domain ++; enumerate = 3 ++; minId = 500 ++; maxId = 999 ++; legacy = FALSE ++; magicPrivateGroups = TRUE ++ ++# Example LDAP domain that uses the proxy backend and the standard nss_ldap ++# and pam_ldap modules (Useful until we have good working native ldap backends). ++# For this to work the /etc/ldap.conf file needs to be correctly configured just ++# like you would do when using nss_ldap in nsswitch.conf, but instead of setting ++# passwd: files ldap, set passwd: files, sss instead there. ++# Also consider using the following setting in /etc/ldap.conf to avoid needless ++# delays if the ldap server is offline: ++# timelimit 10 ++# bind_timelimit 5 ++# nss_reconnect_maxsleeptime 2 ++# nss_reconnect_sleeptime 1 + ++; [domains/LDAP] ++; description = Proxy request to our LDAP server ++; enumerate = 0 ++; minId = 1000 ++; legacy = TRUE ++; ++; provider = proxy ++; libName = ldap ++; libPath = libnss_ldap.so.2 ++; ++#if a backend is particularly slow you can raise this timeout here ++; timeout = 60 +-- +1.6.0.6 + diff --git a/sssd.spec b/sssd.spec index c2bb474..3787d45 100644 --- a/sssd.spec +++ b/sssd.spec @@ -14,6 +14,7 @@ BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) ### Patches ### Patch101: 0001-Add-reconnection-code-between-the-NSS-responder-and.patch +Patch102: 0002-Replace-the-example-sssd.conf-file-with-the-one-used.patch Patch103: 0003-Make-reconnection-to-the-Data-Provider-a-global-sett.patch Patch104: 0004-Add-common-function-to-retrieve-comma-sep.-lists.patch Patch105: 0005-Fixing-memory-issues-in-ini-and-collection.patch @@ -56,6 +57,7 @@ services for projects like FreeIPA. %setup -q %patch101 -p1 -b .reconnect +%patch102 -p1 -b .examples %patch103 -p1 -b .global_reconnect_option %patch104 -p1 -b .fix_filters %patch105 -p1 -b .fix_mem_issues