[Freeipa-users] Re: problem with the ipa_pwd_extop plugin when using sssd-ldap with FreeIPA / replace of the passwordExpirationTime attribute with the value “19700101000000Z”

Mon, 24 Feb 2020 08:28:01 -0800 

On 2/23/20 10:23 PM, Sumit Bose via FreeIPA-users wrote:

Hi,

can you send your sssd.conf?

bye,
Sumit


Sure thing. Attached.

Thanks,

CP


[sssd]
config_file_version = 2
services = nss, sudo, pam, ssh
domains = lab2.rexconsulting.net
user = sssd
debug_level = 9
 
[domain/lab2.rexconsulting.net]
debug_level = 9
cache_credentials = True
entry_cache_timeout = 90
refresh_expired_interval = 60
enumerate = false
id_provider = ldap
auth_provider = ldap
access_provider = ldap
chpass_provider = ldap
ldap_schema = IPA
ldap_purge_cache_timeout = 60
ldap_sudo_full_refresh_interval = 21600
ldap_sudo_smart_refresh_interval = 90
ldap_id_use_start_tls = true
ldap_tls_reqcert = demand
ldap_tls_cacert = /etc/ipa/ca.crt
ldap_tls_reqcert = demand
ldap_uri = ldap://ipa2.lab2.rexconsulting.net
ldap_backup_uri = ldap://ipa1.lab2.rexconsulting.net
ldap_chpass_uri = ldap://ipa2.lab2.rexconsulting.net
ldap_chpass_backup_uri = ldap://ipa1.lab2.rexconsulting.net
ldap_default_bind_dn = cn=Directory Manager
ldap_default_authtok = --------------------
ldap_search_base = dc=lab2,dc=rexconsulting,dc=net
ldap_user_search_base = cn=users,cn=accounts,dc=lab2,dc=rexconsulting,dc=net
ldap_group_search_base = cn=groups,cn=compat,dc=lab2,dc=rexconsulting,dc=net
ldap_sudo_search_base = ou=sudoers,dc=lab2,dc=rexconsulting,dc=net
ldap_user_ssh_public_key = ipaSshPubKey
#ldap_access_order = pwd_expire_policy_renew
ldap_access_order = pwd_expire_policy_renew, filter
#ldap_access_filter = (objectclass=ipasshuser)
ldap_access_filter = 
(&(userClass=super)(objectclass=ipasshuser)(memberOf=cn=staff,cn=groups,cn=accounts,dc=lab2,dc=rexconsulting,dc=net))
 
[sudo]
 
[ssh]
 
[pam]
pam_id_timeout = 5
offline_credentials_expiration = 1
offline_failed_login_attempts = 2
pam_verbosity = 2
 
[nss]
filter_groups = root
filter_users = root
entry_cache_nowait_percentage = 50
entry_negative_timeout = 15
local_negative_timeout = 60
memcache_timeout = 300

_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/[email protected]

Reply via email to