/etc/nsscache.conf is in nsscache 0.23-2.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 | # Example /etc/nsscache.conf - configuration for nsscache
#
# nsscache loads a config file from the environment variable NSSCACHE_CONFIG
#
# By default this is /etc/nsscache.conf
#
# Commented values are overrideable defaults, uncommented values
# require you to set them.
[DEFAULT]
# Default NSS data source module name
source = ldap
# Default NSS data cache module name
cache = nssdb
#cache = files
# NSS maps to be cached
maps = passwd, group, shadow, netgroup, automount
# Directory to store our update/modify timestamps
timestamp_dir = /var/lib/nsscache
# Lockfile to use for update/repair operations
#lockfile = /var/run/nsscache
# Defaults for specific modules; prefaced with "modulename_"
##
# ldap module defaults.
#
# LDAP URI to query for NSS data
ldap_uri = ldaps://ldap
# Base for LDAP searches
ldap_base = ou=people,dc=example,dc=com
# Default LDAP search filter for maps
ldap_filter = (objectclass=posixAccount)
# Default LDAP search scope
#ldap_scope = one
# Default LDAP BIND DN, empty string is an anonymous bind
#ldap_bind_dn = ""
# Default LDAP password, empty DN and empty password is used for
# anonymous binds
#ldap_bind_password = ""
# Default timelimit for LDAP queries, in seconds.
# The query will block for this number of seconds, or indefinitely if negative.
#ldap_timelimit = -1
# Default number of retry attempts
#ldap_retry_max = 3
# Default delay in between retry attempts
#ldap_retry_delay = 5
# Default setting for requiring tls certificates, one of:
# never, hard, demand, allow, try
#ldap_tls_require_cert = 'demand'
# Default directoy for trusted CAs
#ldap_tls_cacertdir = '/usr/share/ssl'
# Default filename for trusted CAs
#ldap_tls_cacertfile = '/usr/share/ssl/cert.pem'
# Should we issue STARTTLS?
# ldap_tls_starttls = 1
# SASL
# Use SASL for authentication
# ldap_use_sasl = False
# SASL mechanism. Only 'gssapi' is supported now
# ldap_sasl_mech = 'gssapi'
# ldap_sasl_authzid = ''
##
# nssdb module defaults
# Directory to store nssdb databases. Current libnss_db code requires
# the path below
nssdb_dir = /var/lib/misc
# Path to `makedb', supplied by the nss_db module
#nssdb_makedb = /usr/bin/makedb
##
# files module defaults
# Directory to store the plain text files
files_dir = /etc
# Suffix used on the files module database files
files_cache_filename_suffix = cache
###
# Optional per-map sections, if present they will override the above
# defaults. The examples below show you some common values to override
#
# [passwd]
#
# ldap_base = ou=people,dc=example,dc=com
[group]
ldap_base = ou=group,dc=example,dc=com
ldap_filter = (objectclass=posixGroup)
[shadow]
ldap_filter = (objectclass=shadowAccount)
[netgroup]
ldap_base = ou=netgroup,dc=example,dc=com
ldap_filter = (objectclass=nisNetgroup)
files_cache_filename_suffix =
[automount]
ldap_base = ou=automounts,dc=example,dc=com
files_cache_filename_suffix =
cache = files
# Files module has an option that lets you leave the local master map alone
# (e.g. /etc/auto.master) so that maps can be enabled/disabled locally.
#
# This also causes nsscache to limit automount updates to only the maps which
# are defined both in the local master map (/etc/auto.master) and in the source
# master map -- versus pulling local copies of all maps defined in the source,
# regardless. Effectively this makes for local control of which automount maps
# are used and updated.
#
# files_local_automount_master = no
|