30.4. Creating Domains
ldap.otherexample.comdomain. SSSD allows requests using fully-qualified domain names, so requesting information for
firstname.lastname@example.org the proper user account. Specifying only the username returns the user for whichever domain comes first in the lookup order.
filter_usersoption, which excludes the specified users from being returned in a search.
Table 30.3. Identity Store and Authentication Type Combinations
|Identification Provider||Authentication Provider|
30.4.1. General Rules and Options for Configuring a Domain
domains = LOCAL,Name [domain/Name] id_provider = type auth_provider = type provider_specific = value global = value
Table 30.4. General [domain] Configuration Parameters
|id_provider||string|| Specifies the data provider identity backend to use for this domain. The supported identity backends are:
|auth_provider||string|| Sets the authentication provider used for the domain. The default value for this option is the value of |
|min_id,max_id||integer|| Optional. Specifies the UID and GID range for the domain. If a domain contains entries that are outside that range, they are ignored. The default value for |
|enumerate||Boolean|| Optional. Specifies whether to list the users and groups of a domain. Enumeration means that the entire set of available users and groups on the remote source is cached on the local machine. When enumeration is disabled, users and groups are only cached as they are requested.
The default value for this parameter is
When enumeration is enabled, reinitializing a client results in a complete refresh of the entire set of available users and groups from the remote source. Similarly, when SSSD is connected to a new server, the entire set of available users and groups from the remote source is pulled and cached on the local machine. In a domain with a large number of clients connected to a remote source, this refresh process can harm the network performance because of frequent queries from the clients. If the set of available users and groups is large enough, it degrades client performance as well.
|cache_credentials||Boolean|| Optional. Specifies whether to store user credentials in the local SSSD domain database cache. The default value for this parameter is |
|entry_cache_timeout||integer||Optional. Specifies how long, in seconds, SSSD should cache positive cache hits. A positive cache hit is a successful query.|
|use_fully_qualified_names||Boolean|| Optional. Specifies whether requests to this domain require fully-qualified domain names. If set to |
SSSD can only parse names based on the domain name, not the realm name. The same name can be used for both domains and realms, however.