[ Wolfgang Schweer, 2020-12-16 ]
> After reading man 5 sssd.conf, some other cleanup should be done:
> - remove obsolete / wrong settings
> - drop default settings
>
> About to test the changes...
Revised sssd-generate-config script tested both inside Debian Edu
network and outside. Works like it should.
This is the diff:
diff --git a/share/debian-edu-config/tools/sssd-generate-config b/share/debian-edu-config/tools/sssd-generate-config
index 031c77a1..1af98791 100755
--- a/share/debian-edu-config/tools/sssd-generate-config
+++ b/share/debian-edu-config/tools/sssd-generate-config
@@ -109,20 +109,11 @@ cat <<EOF
# SSSD configuration generated using $0
[sssd]
config_file_version = 2
-reconnection_retries = 3
-sbus_timeout = 30
-services = nss, pam, autofs
domains = $domain
[nss]
-filter_groups = root
-filter_users = root
-reconnection_retries = 3
[pam]
-reconnection_retries = 3
-
-[autofs]
EOF
if [ "$kerberosserver" ] ; then
auth="krb5"
@@ -137,7 +128,7 @@ if ldap_is_active_directory $ldapuri ; then
[domain/$domain]
ldap_id_mapping = True
-ldap_schema = ad
+id_provider = ad
EOF
else
cat <<EOF
@@ -150,7 +141,6 @@ cache_credentials = true
id_provider = ldap
auth_provider = $auth
chpass_provider = $chpass
-
ldap_uri = $ldapuri
ldap_search_base = $ldapbase
ldap_tls_reqcert = demand
@@ -162,8 +152,6 @@ EOF
krb5_server = $kerberosserver
krb5_realm = $kerberosrealm
-krb5_changepw_principle = kadmin/changepw
-krb5_auth_timeout = 15
EOF
fi
fi
Please test.
Wolfgang
Attachment:
signature.asc
Description: PGP signature