- Overview
- Module Description - A Puppet module for managing sssd
- Setup - The basics of getting started with pupmod-simp-sssd
- Usage - Configuration options and additional functionality
- Reference - An under-the-hood peek at what the module is doing and how
- Limitations - OS compatibility, etc.
- Development - Guide for contributing to the module
This module installs and manages SSSD. It allows you to set config options in sssd.conf through puppet / hiera.
This module is a component of the System Integrity Management Platform, a compliance-management framework built on Puppet.
If you find any issues, they can be submitted to our JIRA.
Please read our Contribution Guide and visit our developer wiki.
This module is optimally designed for use within a larger SIMP ecosystem, but it can be used independently:
- When included within the SIMP ecosystem, security compliance settings will be managed from the Puppet server.
- In the future, all SIMP-managed security subsystems will be disabled by default and must be explicitly opted into by administrators. Please review simp/simp_options for details.
This module installs, configures and manages SSSD. It is also cross compatible
with simp/pki
and simp/auditd
.
It allows connection via krb5, ldap and local authentication.
simp/sssd
also connects to autofs, nss, pac, pam, ssh, and sudo.
Files managed by simp/sssd
:
- /etc/sssd/sssd.conf
- /etc/init.d/sssd
- (Optional) /etc/sssd/pki with
simp/pki
enabled
Services and operations managed or affected:
- sssd (running)
- nscd (stopped)
Packages installed by simp/pki
:
- sssd (latest by Default)
The following will install and manage the service for SSSD with the Default settings, but will include no additional providers or affected services.
include ::sssd
or
classes:
- sssd
To enable integration with the existing SIMP PKI module, set the value of the PKI SIMP option to true:
simp_options::pki: true
To include configuration options for the providers of the SSSD module, you must instantiate individual defined Types contained within this module on your systems. Similarly, include configuration options for services by including instances of the service subclasses on the system.
See the examples for specific services and providers.
sssd::provider::local { 'localusers':
Default_shell => '/bin/bash',
base_directory => '/home',
create_homedir => true,
remove_homedir => true,
homedir_umask => '0037',
skel_dir => '/etc/skel/user',
mail_dir => '/etc/mailbox',
userdel_cmd => '/bin/userdel',
}
Instantiating the LDAP provider will automatically set access_provider = 'ldap', and you can pass configuration options to the declaration of the defined type. The options below are only useful as example syntax, you may need to check the sssd man page or the code for sssd::provider::ldap for a full list of options and examples that you can pass to the ldap section of the sssd config file.
sssd::provider::ldap { 'ldapusers':
ldap_access_filter => 'memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com',
ldap_chpass_uri => empty,
ldap_access_order => 'expire',
...etc
}
This will provide a basic connection to Kerberos
sssd::provider::krb5 { 'kerberos':
krb5_server => 'my.kerberos.server',
krb5_realm => 'mykrbrealm',
krb5_password => lookup('use_eyaml'),
}
The following services can be managed by simp/sssd
. You use
these services in the same way that you use the providers described above,
but as there can only be one instance of each service on a system these
services are presented as Puppet subclasses rather than as Types.
- autofs
- nss
- pac
- pam
- ssh
- sudo
Please see sssd::service:: for more options on configuration, some example usage syntax is below:
You can pass values to the keys of the [nss] section of the config file by including the nss service subclass, and passing values to the corresponding keys:
class { 'sssd::service::nss':
description => 'The nss section of the config file',
filter_users => 'root',
filter_groups => 'root',
reconnection_retries => 3,
...
}
- sssd
- sssd::install
- sssd::install::client
- sssd::service
- sssd::service::autofs
- sssd::service::nss
- sssd::service::pac
- sssd::service::pam
- sssd::service::ssh
- sssd::service::sudo
- sssd::pki
- sssd::domain
- sssd::provider::ad
- sssd::provider::krb5
- sssd::provider::ldap
- sssd::provider::local
Many of the parameters and variables below have a one-to-one correspondance to the keys in the sssd man pages. Because of this, we strongly suggest searching the man pages in the event of confusion or ambiguity regarding any one parameter.
This key is a mandatory array of domains that will be included in your sssd.conf file. Each of these domains can have an instance of each of the provider defined Types, which must reference the domain that they belong to by name. This list cannot be empty, you must choose at least 1 domain for SSSD to manage.
- Valid Options: Array[String]
- Default Value: N/A
Sets the debug verbosity for the main section of the config file.
- Valid Options: Sssd::DebugLevel
- Default Value: undef,
Enable or disable timestamps in debug file for this section of the config file.
- Valid Options: Boolean
- Default Value: true,
Enable or disable microseconds in the debug timestamps for this section of the config file.
- Valid Options: Boolean
- Default Value: false,
A brief description of this section of the config file.
- Valid Options: String
- Default Value: undef,
- Valid Options: Integer
- Default Value: 2,
A list of the services that SSSD will integrate with. Each entry here corresponds to one section of the config file at sssd.conf. Each of the services that you include here will be managed by the corresponding sssd::service::service_name subclass.
- Valid Options: Sssd::Services
- Default Value: ['nss','pam','ssh','sudo'],
Number of times services should attempt to reconnect in the event of a Data Provider crash or restart before they give up
- Valid Options: Integer
- Default Value: 3,
Default regular expression that describes how to parse the string containing user name and domain into these components.
- Valid Options: String
- Default Value: undef,
The Default format that describes how to translate a (name, domain) tuple into a fully qualified name.
- Valid Options: String
- Default Value: undef,
Determines if inotify should be used to query resolv.conf
- Valid Options: Boolean
- Default Value: true,
Directory where krb5 files should be cached.
- Valid Options: String
- Default Value: undef,
- Valid Options: String
- Default Value: undef,
Used as the default domain for instances where none is provided
- Valid Options: String
- Default Value: undef,
- Valid Options: String
- Default Value: undef,
This is a special SIMP level key, which determines automatically if the simp/auditd module is installed on your system. If it is, this module will enable some Defaults to ensure the two modules interact cleanly together
- Valid Options: BooleanS
- Default Value: simplib::lookup('simp_options::auditd', { 'Default_value' => false}),
This is a special SIMP level key, which determines automatically if the simp/pki module is installed on your system. If it is, this module will enable some Defaults to ensure the two modules interact cleanly together
- Type Options: Boolean,'simp'
- Default Value: simplib::lookup('simp_options::pki', { 'Default_value' => false}),
If the PKI module is enabled, this attempts to automatically detect the location on your system where certs are stored by Default.
- Valid Options: Stdlib::Absolutepath
- Default Value: simplib::lookup('simp_options::pki::source', { 'Default_value' => '/etc/pki/simp/x509'}),
Default PKI dir if the above lookup fails to find a set directory.
- Valid Options: Stdlib::Absolutepath
- Default Value: '/etc/pki/simp_apps/sssd/x509'
If true, install the sssd-tools package in addition to the sssd package. * Valid Options: Boolean * Default: True
A brief description of this section of the config file.
- Valid Options: String
- Default Value: undef
Level of verbosity of debug of this section of the config file.
- Valid Options: [Sssd::DebugLevel]
- Default Value: undef
Determines if the log file for this section of the config file will use timestamps
- Valid Options: Boolean
- Default Value: true
Determines if the log file will use microseconds in timestamps
- Valid Options: Boolean
- Default Value: false
Specifies for how many seconds should the autofs responder negative cache hits (that is, queries for invalid map entries, like nonexistent ones) before asking the back end again. * Valid Options: Integer * Default Value: undef
A brief description of this section of the config file.
- Valid Options: String
- Default Value: undef
Level of verbosity of debug of this section of the config file.
- Valid Options: [Sssd::DebugLevel]
- Default Value: undef
Determines if the log file for this section of the config file will use timestamps
- Valid Options: Boolean
- Default Value: true
Determines if the log file will use microseconds in timestamps
- Valid Options: Boolean
- Default Value: false
The number of times the service will attempt to reconnect in the event of timeout.
- Valid Options: Integer
- Default Value: 3
This option specifies the maximum number of file descriptors that may be opened at one time by this SSSD process.
- Valid Options: Integer
- Default Value: undef
- Valid Options: String
- Default Value: undef,
How many seconds should nss_sss cache enumerations
- Valid Options: Integer
- Default Value: 120
The entry cache can be set to automatically update entries in the background if they are requested beyond a percentage of the entry_cache_timeout value for the domain.
- Valid Options: Integer
- Default Value: 0
Specifies for how many seconds nss_sss should cache negative cache hits
- Valid Options: Integer
- Default Value: 15
Exclude certain users from being fetched from the sss NSS database.
- Valid Options: String
- Default Value: 'root'
Exclude certain groups from being fetched from the sss NSS database.
- Valid Options: String
- Default Value: 'root'
If you want filtered user still be group members set this option to false.
- Valid Options: Boolean
- Default Value: true
Override the user's home directory
- Valid Options: String
- Default Value: undef
Set a Default template for a user's home directory if one is not specified explicitly by the domain's data provider.
- Valid Options: String
- Default Value: undef
Override the login shell for all users. This option can be specified globally in the [nss] section or per-domain.
- Valid Options: String
- Default Value: undef
Replace any instance of these shells with the shell_fallback
- Valid Options: String
- Default Value: undef
The default shell to use if the provider does not return one during lookup. This option supersedes any other shell options if it takes effect.
- Valid Options: String
- Default Value: undef
Specifies time in seconds for which the list of subdomains will be considered valid.
- Valid Options: Integer
- Default Value: undef
Specifies time in seconds for which records in the in-memory cache will be valid
- Valid Options: Integer
- Default Value: undef
- Valid Options: String
- Default Value: undef
a brief description of this section of the config file.
- Valid Options: Optional[String]
- Default value: undef
level of verbosity of debug of this section of the config file.
- Valid Options: Optional[Sssd::Debuglevel]
- Default value: undef
determines if the log file for this section of the config file will use timestamps
- Valid Options: Boolean
- Default value: true
determines if the log file will use microseconds in timestamps
- Valid Options: Boolean
- Default value: false
Specifies the comma-separated list of UID values or user names that are allowed to access the PAC responder. User names are resolved to UIDs at startup. * Valid Options: ArrayString * Default Value: []
a brief description of this section of the config file.
- Valid Options: Optional[String]
- Default value: undef
level of verbosity of debug of this section of the config file.
- Valid Options: Optional[Sssd::Debuglevel]
- Default value: undef
determines if the log file for this section of the config file will use timestamps
- Valid Options: Boolean
- Default value: true
determines if the log file will use microseconds in timestamps
- Valid Options: Boolean
- Default value: false
The number of times the service will attempt to reconnect in the event of timeout.
- Valid Options: Integer
- Default Value: 3
- Valid Options: String
- Default Value: undef
If the authentication provider is offline, how long should we allow cached logins (in days since the last successful online login).
- Valid Options: Integer
- Default Value: 0
If the authentication provider is offline, how many failed login attempts are allowed.
- Valid Options: Integer
- Default Value: 3
The time in minutes which has to pass after offline_failed_login_attempts has been reached before a new login attempt is possible.
- Valid Options: Integer
- Default Value: 5
Controls what kind of messages are shown to the user during authentication. The higher the number, the more messages displayed.
- Valid Options: Integer
- Default Value: 1
For any PAM request while SSSD is online, the SSSD will attempt to immediately update the cached identity information for the user in order to ensure that authentication takes place with the latest information.
- Valid Options: Integer
- Default Value: 5
Display a warning N days before the password expires.
- Valid Options: Integer
- Default Value: 7
Specifies time in seconds for which the list of subdomains will be considered valid.
- Valid Options: Integer
- Default Value: undef
List of numerical UIDs or user names that are trusted
- Valid Options: String
- Default Value: undef
List of domains accessible for untrusted users
- Valid Options: String
- Default Value: unde
a brief description of this section of the config file.
- Valid Options: Optional[String]
- Default value: undef
level of verbosity of debug of this section of the config file.
- Valid Options: Optional[Sssd::Debuglevel]
- Default value: undef
determines if the log file for this section of the config file will use timestamps
- Valid Options: Boolean
- Default value: true
determines if the log file will use microseconds in timestamps
- Valid Options: Boolean
- Default value: false
Whether or not to hash host names and addresses in the managed known_hosts file.
- Valid Options: Boolean
- Default Value: true
How many seconds to keep a host in the managed known_hosts file after its host keys were requested.
- Valid Options: Integer
- Default Value: undef
a brief description of this section of the config file.
- Valid Options: Optional[String]
- Default value: undef
level of verbosity of debug of this section of the config file.
- Valid Options: Optional[Sssd::Debuglevel]
- Default value: undef
determines if the log file for this section of the config file will use timestamps
- Valid Options: Boolean
- Default value: true
determines if the log file will use microseconds in timestamps
- Valid Options: Boolean
- Default value: false
Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes that implement time-dependent sudoers entries.
- Valid Options: Boolean
- Default Value: false
Indicates the id of this domain that providers will reference.
- Valid Options: Sssd::IdProvider
- Default Value:
a brief description of this section of the config file.
- Valid Options: Optional[String]
- Default value: undef
level of verbosity of debug of this section of the config file.
- Valid Options: Optional[Sssd::Debuglevel]
- Default value: undef
determines if the log file for this section of the config file will use timestamps
- Valid Options: Boolean
- Default value: true
determines if the log file will use microseconds in timestamps
- Valid Options: Boolean
- Default value: false
UID and GID limits for the domain. If a domain contains an entry that is outside these limits, it is ignored.
- Valid Options: Integer
- Default Value: $facts['uid_min']
UID and GID limits for the domain. If a domain contains an entry that is outside these limits, it is ignored.
- Valid Options: Integer
- Default Value: 0
Determines if a domain can be enumerated.
- Valid Options: Boolean
- Default Value: false
Same as enumerate, for subdomains
- Valid Options: Boolean
- Default Value: false
If a service is not responding to ping checks (see the "timeout" option), it is first sent the SIGTERM signal that instructs it to quit gracefully. If the service does not terminate after "force_timeout" seconds, the monitor will forcibly shut it down by sending a SIGKILL signal.
- Valid Options: Integer
- Default Value: undef
How many seconds should nss_sss consider entries valid before asking the backend again
- Valid Options: Integer
- Default Value: undef
How many seconds should nss_sss consider user entries valid before asking the backend again
- Valid Options: Integer
- Default Value: undef
How many seconds should nss_sss consider user entries valid before asking the backend again
- Valid Options: Integer
- Default Value: undef
How many seconds should nss_sss consider user entries valid before asking the backend again
- Valid Options: Integer
- Default Value: undef
How many seconds should nss_sss consider user entries valid before asking the backend again
- Valid Options: Integer
- Default Value: undef
How many seconds should nss_sss consider user entries valid before asking the backend again
- Valid Options: Integer
- Default Value: undef
How many seconds should nss_sss consider user entries valid before asking the backend again
- Valid Options: Integer
- Default Value: undef
How many seconds should nss_sss consider user entries valid before asking the backend again
- Valid Options: Integer
- Default Value: undef
Time between refresh expired intervals
- Valid Options: Integer
- Default Value: undef
Determines if user credentials are also cached in the local LDB cache
- Valid Options: Boolean
- Default Value: false
Number of days entries are left in cache after last successful login before being removed during a cleanup of the cache. 0 means keep forever.
- Valid Options: Integer
- Default Value: 0
Display a warning N days before the password expires.
- Valid Options: Integer
- Default Value: undef
Use the full name and domain (as formatted by the domain's full_name_format) as the user's login name reported to NSS.
- Valid Options: Boolean
- Default Value: false
- Valid Options: Boolean
- Default Value: true
The access control provider used for the domain. There are two built-in access providers (in addition to any included in installed backends)
- Valid Options: [Sssd::AccessProvider]
- Default Value: undef
The authentication provider used for the domain.
- Valid Options: [Sssd::AuthProvider]
- Default Value: undef
The provider which should handle change password operations for the domain
- Valid Options: [Sssd::ChpassProvider]
- Default Value: undef
The SUDO provider used for the domain.
- Valid Options: 'ldap', 'ipa','ad','none'
- Default Value: undef
The provider which should handle loading of selinux settings. Note that this provider will be called right after access provider ends.
- Valid Options: 'ipa', 'none'
- Default Value: undef
The provider which should handle fetching of subdomains. This value should be always the same as id_provider.
- Valid Options: 'ipa', 'ad','none'
- Default Value: undef
The autofs provider used for the domain. Supported autofs providers are:
- Valid Options: 'ldap', 'ipa','none'
- Default Value: undef
The provider used for retrieving host identity information.
- Valid Options: 'ipa', 'none'
- Default Value: undef
Regular expression for this domain that describes how to parse the string containing user name and domain into these components.
- Valid Options: String
- Default Value: undef
The default format that describes how to translate a (name, domain) tuple into a fully qualified name.
- Valid Options: String
- Default Value: undef
Provides the ability to select preferred address family to use when performing DNS lookups.
- Valid Options: String
- Default Value: undef
Defines the amount of time (in seconds) to wait for a reply from the DNS resolver before assuming that it is unreachable. If this timeout is reached, the domain will continue to operate in offline mode.
- Valid Options: Integer
- Default Value: 5
If service discovery is used in the back end, specifies the domain part of the service discovery DNS query.
- Valid Options: String
- Default Value: undef
Override the primary GID value with the one specified.
- Valid Options: String
- Default Value: undef
Treat user and group names as case sensitive
- Valid Options: Boolean,'preserving'
- Default Value: true
When a user or group is looked up by name in the proxy provider, a second lookup by ID is performed to "canonicalize" the name in case the requested name was an alias. Setting this option to true would cause the SSSD to perform the ID lookup from cache for performance reasons.
- Valid Options: Boolean
- Default Value: false
- Valid Options: String
- Default Value: undef
The proxy target PAM proxies to.
- Valid Options: String
- Default Value: undef
The name of the NSS library to use in proxy domains. The NSS functions searched for in the library are in the form of nss
- Default Value: undef
For each variable listed below that begins with ad_
, please reference the SSSD-ad man pages at this location
Specifies the name of the Active Directory domain. This is optional. If not provided, the configuration domain name is used.
- Valid Options: String
- Default Value: undef
- Valid Options: Array[String]
- Default Value: undef
The comma-separated list of IP addresses or hostnames of the AD servers to which SSSD should connect in order of preference.
- Valid Options: [Simplib::Hostname], ['srv']
- Default Value: undef
The comma-separated list of IP addresses or hostnames of the AD servers to which SSSD should connect in order of preference.
- Valid Options: Array[Simplib::Hostname]
- Default Value: undef
May be set on machines where the hostname(5) does not reflect the fully qualified name used in the Active Directory domain to identify this host.
- Valid Options: [Simplib::Hostname]
- Default Value: undef
- Valid Options: Boolean
- Default Value: undef
- Valid Options: Array[String]
- Default Value: undef
- Valid Options: String
- Default Value: undef
- Valid Options: Boolean
- Default Value: undef
- Valid Options: 'disabled','enforcing','permissive'
- Default Value: undef
- Valid Options: [Integer[1]]
- Default Value: undef
- Valid Options: Array[String]
- Default Value: undef
- Valid Options: Array[String]
- Default Value: undef
- Valid Options: Array[String]
- Default Value: undef
- Valid Options: Array[String]
- Default Value: undef
- Valid Options: Array[String]
- Default Value: undef
- Valid Options: Array[String]
- Default Value: undef
- Valid Options: Array[String]
- Default Value: undef
- Valid Options: 'interactive','remote
- Default Value: undef
- Valid Options: Integer[0]
- Default Value: undef
- Valid Options: Pattern['^\d+:\d+$']
- Default Value: undef
This option tells SSSD to automatically update the DNS server built into FreeIPA v2 with the IP address of this client. The update is secured using GSS-TSIG. The IP address of the IPA LDAP connection is used for the updates, if it is not otherwise specified by using the “dyndns_iface” option.
- Valid Options: Boolean
- Default Value: true
The TTL to apply to the client DNS record when updating it. If dyndns_update is false this has no effect. This will override the TTL serverside if set by an administrator.
- Valid Options: Integer
- Default Value: undef
Applicable only when dyndns_update is true. Choose the interface whose IP address should be used for dynamic DNS updates.
- Valid Options: Array[String]
- Default Value: undef
How often should the back end perform periodic DNS update in addition to the automatic update performed when the back end goes online. This option is optional and applicable only when dyndns_update is true.
- Valid Options: Integer
- Default Value: undef
Whether the PTR record should also be explicitly updated when updating the client's DNS records. Applicable only when dyndns_update is true.
- Valid Options: Boolean
- Default Value: undef
Whether the nsupdate utility should default to using TCP for communicating with the DNS server.
- Valid Options: Boolean
- Default Value: undef
Hostname of the dyndns server
- Valid Options: [Simplib::Hostname]
- Default Value: undef
Override the user's home directory. You can either provide an absolute value or a template
- Valid Options: String
- Default Value: undef
- Valid Options: [Stdlib::Absolutepath]
- Default Value: undef
- Valid Options: Boolean
- Default Value: undef
- Valid Options: 'none', Stdlib::Absolutepath
- Default Value: undef
Set the id_mapping value for this section
- Valid Options: Boolean
- Default Value: true
Specifies the lower bound of the range of POSIX IDs to use for mapping Active Directory user and group SIDs.
- Valid Options: [Integer[0]]
- Default Value: undef
Specifies the upper bound of the range of POSIX IDs to use for mapping Active Directory user and group SIDs.
- Valid Options: [Integer[1]]
- Default Value: undef
Specifies the number of IDs available for each slice.
- Valid Options: [Integer[1]]
- Default Value: undef
Specify the domain SID of the default domain.
- Valid Options: String
- Default Value: undef
Specify the name of the default domain.
- Valid Options: String
- Default Value: undef
Changes the behavior of the ID-mapping algorithm to behave more similarly to winbind's "idmap_autorid" algorithm.
- Valid Options: Boolean
- Default Value: undef
Valid Options: [Integer[1]]
- Default Value: undef
level of verbosity of debug of this section of the config file.
- Valid Options: Optional[Sssd::Debuglevel]
- Default value: undef
determines if the log file for this section of the config file will use timestamps
- Valid Options: Boolean
- Default value: true
determines if the log file will use microseconds in timestamps
- Valid Options: Boolean
- Default value: false
The default shell for users created with SSSD userspace tools.
- Valid Options: Optional[String]
- Default Value: undef
The tools append the login name to base_directory and use that as the home directory.
- Valid Options: Optional[Stdlib::Absolutepath]
- Default Value: undef
Indicate if a home directory should be created by default for new users. Can be overridden on command line.
- Valid Options: Boolean
- Default Value: true
Indicate if a home directory should be removed by default for deleted users. Can be overridden on command line.
- Valid Options: Boolean
- Default Value: true
Used to specify the default permissions on a newly created home directory.
- Valid Options: Optional[Simplib::Umask]
- Default Value: undef
The skeleton directory, which contains files and directories to be copied in the user's home directory, when the home directory is created
- Valid Options: Optional[Stdlib::Absolutepath]
- Default Value: undef
The mail spool directory. This is needed to manipulate the mailbox when its corresponding user account is modified or deleted.
- Valid Options: Optional[Stdlib::Absolutepath]
- Default Value: undef
The command that is run after a user is removed. The command us passed the username of the user being removed as the first and only parameter. The return code of the command is not taken into account.
- Valid Options: Optional[String]
- Default Value: undef
For each variable listed below that begins with krb5_
, please reference the SSSD-krb5 man pages at this location
level of verbosity of debug of this section of the config file.
- Valid Options: Optional[Sssd::Debuglevel]
- Default value: undef
determines if the log file for this section of the config file will use timestamps
- Valid Options: Boolean
- Default value: true
determines if the log file will use microseconds in timestamps
- Valid Options: Boolean
- Default value: false
- Valid Options: Simplib::Host
- Default Value:
- Valid Options: String
- Default Value:
- Valid Options: Optional[String]
- Default Value: undef,
- Valid Options: Optional[Stdlib::Absolutepath]
- Default Value: undef,
- Valid Options: Optional[Stdlib::Absolutepath]
- Default Value: undef,
- Valid Options: Integer
- Default Value: 15,
- Valid Options: Boolean
- Default Value: false,
- Valid Options: Optional[Stdlib::Absolutepath]
- Default Value: undef,
- Valid Options: Boolean
- Default Value: false,
- Valid Options: Optional[String]
- Default Value: undef,
- Valid Options: Optional[String]
- Default Value: undef,
- Valid Options: Integer
- Default Value: 0,
- Valid Options: 'never','try','demand'
- Default Value: undef
For each variable listed below that begins with krb5_
, please reference the SSSD-krb5 man pages at this location
For each variable listed below that begins with ldap_
, please reference the SSSD-ldap man pages at this location
Defaults for these variables can be found in the sssd::provider::ldap manifest
level of verbosity of debug of this section of the config file.
- Valid Options: Optional[Sssd::Debuglevel]
- Default value: undef
determines if the log file for this section of the config file will use timestamps
- Valid Options: Boolean
- Default value: true
determines if the log file will use microseconds in timestamps
- Valid Options: Boolean
- Default value: false
Be careful with the following options!
Advanced Configuration - Read the man page
This module is only designed to work in RHEL or CentOS 6 and 7. Any other operating systems have not been tested and results cannot be guaranteed.
Please see the SIMP Contribution Guidelines.
General developer documentation can be found on Confluence. Visit the project homepage on GitHub, chat with us on our HipChat, and look at our issues on JIRA.