clear cache
sss_cache -E
allow cert
ldap_tls_reqcert = never
debug ldap
ldap_library_debug_level = -1
- SSSD Status:
sssctl domain-list # List available domains
sssctl domain-status $SSSD_DOMAIN # Print information about domain
sssctl user-checks $SSSD_USER # Print information about a user and check authentication
- Information about cached content:
sssctl user-show $SSSD_USER # Information about cached user
sssctl group-show $SSSD_USER # Information about cached group
- Local data tools:
sssctl cache-expire # Invalidate cached objects
- Log files tools:
sssctl logs-remove # Remove existing SSSD log files
sssctl logs-fetch # Archive SSSD log files in tarball
sssctl debug-level # Change SSSD debug level
- Configuration files tools:
sssctl config-check # Perform static analysis of SSSD configuration
- Certificate related tools:
sssctl cert-show # Print information about the certificate
sssctl cert-map # Show users mapped to the certificate
sssd.conf
[sssd]
config_file_version = 2
services = nss, pam
reconnection_retries = 3
# SSSD will not start if you do not configure any domains.
# Add new domain configurations as [domain/<NAME>] sections, and
# then add the list of domains (in the order you want them to be
# queried) to the "domains" attribute below and uncomment it.
domains = LDAP
#debug_level = 9
[nss]
filter_groups = root
filter_users = root
reconnection_retries = 3
[pam]
reconnection_retries = 3
[domain/LDAP]
auth_provider = ldap
ldap_id_use_start_tls = True
chpass_provider = ldap
cache_credentials = True
krb5_realm = HALFFACE.SE
ldap_search_base = dc=halfface,dc=se
id_provider = ldap
ldap_uri = ldaps://www.halfface.se
krb5_server = www.halfface.se
ldap_tls_cacertdir = /etc/openldap/cacerts
ldap_tls_reqcert = never