Provided by: nsscache_0.8.8-1_all bug

NAME

       nsscache.conf - NSS local cache synchroniser configuration file

SYNOPSIS

       /etc/nsscache.conf

DESCRIPTION

       nsscache  synchronises  a  local  NSS  cache  against a remote data source.  This approach
       allows the administrator to separate the network from the NSS lookup  codepath,  improving
       speed and reliability of name services.

       The nsscache configuration file comprises of one DEFAULT section, followed by zero or more
       map-specific configuration sections.  The file format is similar to that of ".ini" files.

       The DEFAULT section must provide at least one source keyword, specifying the  data  source
       to  use,  one  cache  keyword, specifying the means in which the cache data will be stored
       locally, and one maps keyword, specifying  which  NSS  maps  should  be  cached,  and  one
       timestamp_dir  keyword,  specifying  the  location  of the timestamps used for incremental
       updates.

       Additional global defaults, such as LDAP search parameters, or the filesystem location  of
       the cache, may also be included in the DEFAULT section.

       Additional sections may be included that allow per-map overrides to configuration options.
       For example, one might specify their global LDAP search base  as  ou=People  but  want  to
       override that for the group mapping as ou=Groups

       Apart  from the source, cache, and maps configuration options, all options are prefixed by
       the name of the module that they configure.

       A complete list of configuration options follows.

DEFAULT-only OPTIONS

       source Specifies the source to use to retrieve NSS data from.

              Valid Options: ldap

       cache  Specifies the cache method to use to store the data, which will be queried  by  the
              NSS itself.

              Valid  options:  nssdb  Store  in  a  Berkeley DB file, for use with the nss_db NSS
              module

              files Store in a plain text file, similar in format to /etc/passwd

       maps   Specifies the names of the maps that will be queried and cached by nsscache

              Valid options: passwd group shadow netgroup automount

       timestamp_dir
              Specifies the directory where update and modify timestamps are stored.

ldap SOURCE OPTIONS

       These options configure the behaviour of the ldap source.

       ldap_uri
              The LDAP URI to connect to.

       ldap_base
              The base to perform LDAP searches under.

       ldap_filter
              The search filter to use when querying.

       ldap_scope
              The search scope to use.  Defaults to one

       ldap_bind_dn
              The bind DN to use when connecting to LDAP.  Emtpy string  is  an  anonymous  bind.
              Defaults to the empty string.

       ldap_bind_password
              The  bind  password  to  use  when  connecting  to  LDAP.  Empty string is used for
              anonymous binds.  Defaults to the empty string.

       ldap_timelimit
              Timelimit in seconds for search results to return.  -1 means no limit.  Defaults to
              -1.

       ldap_retry_max
              Number of retries on soft failures before giving up.  Defaults to 3.

       ldap_retry_delay
              Delay in seconds between retries.  Defaults to 5.

       ldap_tls_require_cert
              Sets  expectations  for  SSL  certificates,  using  TLS.   One  of 'never', 'hard',
              'demand', 'allow', or 'try'.  See ldap.conf(5) for more information.

       ldap_tls_cacertdir
              Directory for trusted CA certificates.  Defaults to /usr/share/ssl

       ldap_tls_cacertfile
              Filename containing trusted CA certificates.  Defaults to /usr/share/ssl/cert.pem

nssdb CACHE OPTIONS

       These options configure the behaviour of the nssdb cache.

       nssdb_dir
              Directory to store the Berkeley DB databases.  Defaults to the  current  directory.
              Note that nss_db hardcodes the path to /var/lib/misc on Debian systems, and /var/db
              on Red Hat systems.

       nssdb_makedb
              Path to the makedb(1) command, which is used by the nssdb cache code to ensure that
              the  Berkeley  DB version created by the module matches that expected by the nss_db
              NSS module.

files CACHE OPTIONS

       These optiosn configure the behaviour of the files cache.

       files_dir
              Directory location to store the plain text  files  in.   Defaults  to  the  current
              directory.

       files_cache_filename_suffix
              A  suffix  appended to the cache filename to differentiate it from, say, system NSS
              databases.  Defaults to '.cache'.

       files_local_automount_master
              A yes/no field only used for automount maps.  A 'yes' value will cause nsscache  to
              update the auto.master file with the master map from the source.  A 'no' value will
              cause nsscache to leave auto.master alone, allowing the system to manage this  file
              in  other  ways.   When set to 'no', nsscache will only update other automount maps
              defined both locally and in the source.  Defaults to 'yes'.

EXAMPLE

       A typical example might look like this:

         [DEFAULT]
         source = ldap
         cache = nssdb
         maps = passwd, group, shadow
         ldap_uri = ldap://ldap.example.com
         ldap_base = ou=People,dc=example,dc=com
         ldap_filter = (objectclass=posixAccount)
         nssdb_dir = /var/lib/misc

         [group]
         ldap_base = ou=Group,dc=example,dc=com
         ldap_filter = (objectclass=posixGroup)

         [shadow]
         ldap_filter = (objectclass=posixAccount)

       And a complementary /etc/nsswitch.conf might look like this:

         passwd: files db
         group: files db
         shadow: files db

FILES

       /etc/nsscache.conf
              The system-wide nsscache configuration file

SEE ALSO

       nsscache(1)

       nsswitch.conf(5)
              The system name service switch configuration file

       ldap.conf(5)
              Details on LDAP configuration options exposed by the LDAP client libraries.

AUTHOR

       Written by Jamie Wilkinson (jaq@google.com) and Vasilios Hoffman (vasilios@google.com).

COPYRIGHT

       Copyright © 2007 Google, Inc.
       This is free software; see the source for copying conditions.  There is NO  warranty;  not
       even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.