Provided by: nsscache_0.8.8-1_all bug

NAME

       nsscache.conf - NSS local cache synchroniser configuration file

SYNOPSIS

       /etc/nsscache.conf

DESCRIPTION

       nsscache  synchronises  a local NSS cache against a remote data source.
       This approach allows the administrator to separate the network from the
       NSS lookup codepath, improving speed and reliability of name services.

       The  nsscache  configuration  file  comprises  of  one DEFAULT section,
       followed by zero or more map-specific configuration sections.  The file
       format is similar to that of ".ini" files.

       The   DEFAULT  section  must  provide  at  least  one  source  keyword,
       specifying the data source to use, one cache  keyword,  specifying  the
       means  in  which  the  cache  data will be stored locally, and one maps
       keyword,  specifying  which  NSS  maps  should  be  cached,   and   one
       timestamp_dir  keyword,  specifying the location of the timestamps used
       for incremental updates.

       Additional global defaults, such as  LDAP  search  parameters,  or  the
       filesystem  location  of the cache, may also be included in the DEFAULT
       section.

       Additional sections may be included that  allow  per-map  overrides  to
       configuration  options.   For  example,  one might specify their global
       LDAP search base as ou=People but want to override that for  the  group
       mapping as ou=Groups

       Apart  from  the  source,  cache,  and  maps configuration options, all
       options are prefixed by the name of the module that they configure.

       A complete list of configuration options follows.

DEFAULT-only OPTIONS

       source Specifies the source to use to retrieve NSS data from.

              Valid Options: ldap

       cache  Specifies the cache method to use to store the data, which  will
              be queried by the NSS itself.

              Valid  options:  nssdb Store in a Berkeley DB file, for use with
              the nss_db NSS module

              files  Store  in  a  plain  text  file,  similar  in  format  to
              /etc/passwd

       maps   Specifies  the names of the maps that will be queried and cached
              by nsscache

              Valid options: passwd group shadow netgroup automount

       timestamp_dir
              Specifies the directory where update and modify  timestamps  are
              stored.

ldap SOURCE OPTIONS

       These options configure the behaviour of the ldap source.

       ldap_uri
              The LDAP URI to connect to.

       ldap_base
              The base to perform LDAP searches under.

       ldap_filter
              The search filter to use when querying.

       ldap_scope
              The search scope to use.  Defaults to one

       ldap_bind_dn
              The  bind DN to use when connecting to LDAP.  Emtpy string is an
              anonymous bind.  Defaults to the empty string.

       ldap_bind_password
              The bind password to use when connecting to LDAP.  Empty  string
              is used for anonymous binds.  Defaults to the empty string.

       ldap_timelimit
              Timelimit  in seconds for search results to return.  -1 means no
              limit.  Defaults to -1.

       ldap_retry_max
              Number of retries on soft failures before giving  up.   Defaults
              to 3.

       ldap_retry_delay
              Delay in seconds between retries.  Defaults to 5.

       ldap_tls_require_cert
              Sets  expectations  for  SSL  certificates,  using  TLS.  One of
              'never', 'hard', 'demand', 'allow', or 'try'.  See  ldap.conf(5)
              for more information.

       ldap_tls_cacertdir
              Directory    for   trusted   CA   certificates.    Defaults   to
              /usr/share/ssl

       ldap_tls_cacertfile
              Filename  containing  trusted  CA  certificates.   Defaults   to
              /usr/share/ssl/cert.pem

nssdb CACHE OPTIONS

       These options configure the behaviour of the nssdb cache.

       nssdb_dir
              Directory  to  store the Berkeley DB databases.  Defaults to the
              current directory.  Note  that  nss_db  hardcodes  the  path  to
              /var/lib/misc on Debian systems, and /var/db on Red Hat systems.

       nssdb_makedb
              Path  to the makedb(1) command, which is used by the nssdb cache
              code to ensure that the  Berkeley  DB  version  created  by  the
              module matches that expected by the nss_db NSS module.

files CACHE OPTIONS

       These optiosn configure the behaviour of the files cache.

       files_dir
              Directory  location  to store the plain text files in.  Defaults
              to the current directory.

       files_cache_filename_suffix
              A suffix appended to the  cache  filename  to  differentiate  it
              from, say, system NSS databases.  Defaults to '.cache'.

       files_local_automount_master
              A yes/no field only used for automount maps.  A 'yes' value will
              cause nsscache to update the auto.master file  with  the  master
              map  from the source.  A 'no' value will cause nsscache to leave
              auto.master alone, allowing the system to manage  this  file  in
              other  ways.   When set to 'no', nsscache will only update other
              automount maps defined both locally and in the source.  Defaults
              to 'yes'.

EXAMPLE

       A typical example might look like this:

         [DEFAULT]
         source = ldap
         cache = nssdb
         maps = passwd, group, shadow
         ldap_uri = ldap://ldap.example.com
         ldap_base = ou=People,dc=example,dc=com
         ldap_filter = (objectclass=posixAccount)
         nssdb_dir = /var/lib/misc

         [group]
         ldap_base = ou=Group,dc=example,dc=com
         ldap_filter = (objectclass=posixGroup)

         [shadow]
         ldap_filter = (objectclass=posixAccount)

       And a complementary /etc/nsswitch.conf might look like this:

         passwd: files db
         group: files db
         shadow: files db

FILES

       /etc/nsscache.conf
              The system-wide nsscache configuration file

SEE ALSO

       nsscache(1)

       nsswitch.conf(5)
              The system name service switch configuration file

       ldap.conf(5)
              Details on LDAP configuration options exposed by the LDAP client
              libraries.

AUTHOR

       Written  by  Jamie  Wilkinson  (jaq@google.com)  and  Vasilios  Hoffman
       (vasilios@google.com).

COPYRIGHT

       Copyright (C) 2007 Google, Inc.
       This is free software; see the source for copying conditions.  There is
       NO warranty; not even for MERCHANTABILITY or FITNESS FOR  A  PARTICULAR
       PURPOSE.