Re: [SSSD] domain vs provider in SSSD
Jenny Galipeau wrote:
Stephen Gallagher wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 11/02/2009 12:43 AM, David O'Brien wrote:
>
>> From what I've read, these two are equivalent. Should I be using one
>> term in one place and the other elsewhere or doesn't it matter?
>>
>>
>
> Domains and providers are NOT the same thing. A domain is a conceptual
> object that contains one or more providers. For example, an IPA domain
> is actually a domain with an ID provider of LDAP and an authentication
> provider of Kerberos.
>
> These terms must not be used interchangeably. In some communications, we
> refer to an "LDAP domain", but in these examples, we're usually
talking
> about a domain that uses LDAP for all the provider types (ID, AUTH,
> ACCESS and CHPASS)
>
> A provider on the other hand is a connection to the remote (or local)
> data store.
>
I would have said exactly what Stephen said, here's an example sssd.conf
with two LDAP Domains, just so you can visualize what it's configuration
would look like ...
Examples are always good, thanks :)
[sssd]
config_file_version = 2
I didn't see config_file_version documented anywhere... is that anything
like the version number for BIND config files, where you inc. the
version when you make changes and then restart named to re-read the file?
Everything else makes sense, thanks.
/dob
domains = EXAMPLE1.COM, EXAMPLE2.COM
reconnection_retries = 3
services = nss, pam
[nss]
debug_level = 4
filter_groups = root
filter_users = root
reconnection_retries = 3
[pam]
reconnection_retries = 3
[domain/EXAMPLE1.COM]
cache_credentials = TRUE
enumerate = TRUE
id_provider = ldap
ldap_group_search_base = ou=groups,dc=example1,dc=com
ldap_uri = ldap://hostname.example1.com:389
ldap_user_search_base = ou=people,dc=example1,dc=com
max_id = 1010
min_id = 1000
[domain/EXAMPLE2.COM]
cache_credentials = TRUE
enumerate = TRUE
id_provider = ldap
ldap_group_search_base = ou=groups,dc=example2,dc=com
ldap_uri = ldap://hostname.example2.com:11329
ldap_user_search_base = ou=people,dc=example2,dc=com
max_id = 2010
min_id = 2000
> - -- Stephen Gallagher
> RHCE 804006346421761
>
> Delivering value year after year.
> Red Hat ranks #1 in value among software vendors.
> http://www.redhat.com/promo/vendor/
--
David O'Brien
Red Hat Asia Pacific
+61 7 3514 8189
http://freeipa.org/page/DocumentationPortal
http://git.fedorahosted.org/git/ipadocs.git
"The most valuable of all talents is that of never using two words when
one will do."
Thomas Jefferson
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAkruzR4ACgkQeiVVYja6o6OPIgCdGru/NkCsjk/zII3Ik6TnTkSM
> pVEAoJhNYi23F5vh/rwO1oKs+QDts5fb
> =McyP
> -----END PGP SIGNATURE-----
>
_______________________________________________
> sssd-devel mailing list
> sssd-devel(a)lists.fedorahosted.org
> https://fedorahosted.org/mailman/listinfo/sssd-devel
>
>