summaryrefslogtreecommitdiffstats
path: root/roles/ands_kitauth/files/sssd
diff options
context:
space:
mode:
authorSuren A. Chilingaryan <csa@suren.me>2019-10-11 06:25:21 +0200
committerSuren A. Chilingaryan <csa@suren.me>2019-10-11 06:25:21 +0200
commitb23e9400c36acf9856606165489e8828c2cf8dd5 (patch)
tree581468996aa8202b9121c8031ee50bf60984a816 /roles/ands_kitauth/files/sssd
parentb17d3d74eb5a9e7640d94f98f6b27ce4891b3c26 (diff)
downloaditm-b23e9400c36acf9856606165489e8828c2cf8dd5.tar.gz
itm-b23e9400c36acf9856606165489e8828c2cf8dd5.tar.bz2
itm-b23e9400c36acf9856606165489e8828c2cf8dd5.tar.xz
itm-b23e9400c36acf9856606165489e8828c2cf8dd5.zip
ipa-client and fine tunning
Diffstat (limited to 'roles/ands_kitauth/files/sssd')
-rw-r--r--roles/ands_kitauth/files/sssd/kit.conf17
-rw-r--r--roles/ands_kitauth/files/sssd/sssd.conf15
2 files changed, 32 insertions, 0 deletions
diff --git a/roles/ands_kitauth/files/sssd/kit.conf b/roles/ands_kitauth/files/sssd/kit.conf
new file mode 100644
index 0000000..f4aee29
--- /dev/null
+++ b/roles/ands_kitauth/files/sssd/kit.conf
@@ -0,0 +1,17 @@
+[domain/kit.edu]
+ldap_tls_reqcert = allow
+ldap_id_use_start_tls = true
+cache_credentials = true
+auth_provider = ldap
+chpass_provider = ldap
+id_provider = ldap
+ldap_uri = ldap://bwidm.scc.kit.edu:389/
+ldap_search_base = ou=lsdf-dis,dc=bwlsdf,dc=de
+ldap_default_bind_dn = uid=fileservice-read,ou=admin,ou=lsdf-dis,dc=bwlsdf,dc=de
+ldap_default_authtok_type = password
+ldap_default_authtok = H7fjmJhvr58hjbv411fmjuhb
+ldap_tls_cacertdir = /etc/openldap/certs
+#ldap_user_home_directory = homeDirectory
+override_homedir = /home/%d/%u
+debug_level = 10
+debug_timestamps = true
diff --git a/roles/ands_kitauth/files/sssd/sssd.conf b/roles/ands_kitauth/files/sssd/sssd.conf
new file mode 100644
index 0000000..af34dba
--- /dev/null
+++ b/roles/ands_kitauth/files/sssd/sssd.conf
@@ -0,0 +1,15 @@
+[sssd]
+config_file_version = 2
+services = nss, pam
+domains = kit.edu
+
+[nss]
+filter_groups = root
+filter_users = root
+entry_cache_timeout = 300
+entry_cache_nowait_percentage = 75
+
+[pam]
+offline_credentials_expiration = 2
+offline_failed_login_attempts = 3
+offline_failed_login_delay = 5