Provided by: nsscache_0.8.8-1_all
nsscache.conf - NSS local cache synchroniser configuration file
nsscache synchronises a local NSS cache against a remote data source. This approach allows the administrator to separate the network from the NSS lookup codepath, improving speed and reliability of name services. The nsscache configuration file comprises of one DEFAULT section, followed by zero or more map-specific configuration sections. The file format is similar to that of ".ini" files. The DEFAULT section must provide at least one source keyword, specifying the data source to use, one cache keyword, specifying the means in which the cache data will be stored locally, and one maps keyword, specifying which NSS maps should be cached, and one timestamp_dir keyword, specifying the location of the timestamps used for incremental updates. Additional global defaults, such as LDAP search parameters, or the filesystem location of the cache, may also be included in the DEFAULT section. Additional sections may be included that allow per-map overrides to configuration options. For example, one might specify their global LDAP search base as ou=People but want to override that for the group mapping as ou=Groups Apart from the source, cache, and maps configuration options, all options are prefixed by the name of the module that they configure. A complete list of configuration options follows.
source Specifies the source to use to retrieve NSS data from. Valid Options: ldap cache Specifies the cache method to use to store the data, which will be queried by the NSS itself. Valid options: nssdb Store in a Berkeley DB file, for use with the nss_db NSS module files Store in a plain text file, similar in format to /etc/passwd maps Specifies the names of the maps that will be queried and cached by nsscache Valid options: passwd group shadow netgroup automount timestamp_dir Specifies the directory where update and modify timestamps are stored.
ldap SOURCE OPTIONS
These options configure the behaviour of the ldap source. ldap_uri The LDAP URI to connect to. ldap_base The base to perform LDAP searches under. ldap_filter The search filter to use when querying. ldap_scope The search scope to use. Defaults to one ldap_bind_dn The bind DN to use when connecting to LDAP. Emtpy string is an anonymous bind. Defaults to the empty string. ldap_bind_password The bind password to use when connecting to LDAP. Empty string is used for anonymous binds. Defaults to the empty string. ldap_timelimit Timelimit in seconds for search results to return. -1 means no limit. Defaults to -1. ldap_retry_max Number of retries on soft failures before giving up. Defaults to 3. ldap_retry_delay Delay in seconds between retries. Defaults to 5. ldap_tls_require_cert Sets expectations for SSL certificates, using TLS. One of 'never', 'hard', 'demand', 'allow', or 'try'. See ldap.conf(5) for more information. ldap_tls_cacertdir Directory for trusted CA certificates. Defaults to /usr/share/ssl ldap_tls_cacertfile Filename containing trusted CA certificates. Defaults to /usr/share/ssl/cert.pem
nssdb CACHE OPTIONS
These options configure the behaviour of the nssdb cache. nssdb_dir Directory to store the Berkeley DB databases. Defaults to the current directory. Note that nss_db hardcodes the path to /var/lib/misc on Debian systems, and /var/db on Red Hat systems. nssdb_makedb Path to the makedb(1) command, which is used by the nssdb cache code to ensure that the Berkeley DB version created by the module matches that expected by the nss_db NSS module.
files CACHE OPTIONS
These optiosn configure the behaviour of the files cache. files_dir Directory location to store the plain text files in. Defaults to the current directory. files_cache_filename_suffix A suffix appended to the cache filename to differentiate it from, say, system NSS databases. Defaults to '.cache'. files_local_automount_master A yes/no field only used for automount maps. A 'yes' value will cause nsscache to update the auto.master file with the master map from the source. A 'no' value will cause nsscache to leave auto.master alone, allowing the system to manage this file in other ways. When set to 'no', nsscache will only update other automount maps defined both locally and in the source. Defaults to 'yes'.
A typical example might look like this: [DEFAULT] source = ldap cache = nssdb maps = passwd, group, shadow ldap_uri = ldap://ldap.example.com ldap_base = ou=People,dc=example,dc=com ldap_filter = (objectclass=posixAccount) nssdb_dir = /var/lib/misc [group] ldap_base = ou=Group,dc=example,dc=com ldap_filter = (objectclass=posixGroup) [shadow] ldap_filter = (objectclass=posixAccount) And a complementary /etc/nsswitch.conf might look like this: passwd: files db group: files db shadow: files db
/etc/nsscache.conf The system-wide nsscache configuration file
nsscache(1) nsswitch.conf(5) The system name service switch configuration file ldap.conf(5) Details on LDAP configuration options exposed by the LDAP client libraries.
Written by Jamie Wilkinson (email@example.com) and Vasilios Hoffman (firstname.lastname@example.org).
Copyright © 2007 Google, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.