[Freeipa-users] ldap.conf
Jakub Hrozek
jhrozek at redhat.com
Wed Apr 12 07:47:06 UTC 2017
On Wed, Apr 12, 2017 at 09:34:59AM +0200, Christoph Kaminski wrote:
> Hi
>
> is this ok as config for sssd on centos 7 AND 6?
>
> [domain/hso]
> cache_credentials = True
> krb5_store_password_if_offline = True
> id_provider = ipa
> ldap_tls_cacert = /etc/ipa/ca.crt
You can drop this line as well, it's the default for the AD provider.
>
> [sssd]
> services = nss, pam, ssh, sudo, autofs
> config_file_version = 2
> domains = hso
>
> [nss]
>
> [pam]
>
> [sudo]
>
> [autofs]
>
> [ssh]
>
> I mean it works but would I get any problems with it?
No, the configs are supposed to be minimal.
You can even drop the empty service sections like [nss].
More information about the Freeipa-users
mailing list