13.2.2. Setting up the sssd.conf File

SSSD services and domains are configured in a .conf file. By default, this is /etc/sssd/sssd.conf — although that file must be created and configured manually, since SSSD is not configured after installation.

13.2.2.1. Creating the sssd.conf File

There are three parts of the SSSD configuration file:
  • [sssd], for general SSSD process and operational configuration; this basically lists the configured services, domains, and configuration parameters for each
  • [service_name], for configuration options for each supported system service, as described in Section 13.2.4, “SSSD and System Services”
  • [domain_type/DOMAIN_NAME], for configuration options for each configured identity provider

    Important

    While services are optional, at least one identity provider domain must be configured before the SSSD service can be started.

Example 13.1. Simple sssd.conf File

[sssd]
domains = LOCAL
services = nss
config_file_version = 2

[nss]
filter_groups = root
filter_users = root

[domain/LOCAL]
id_provider = local
auth_provider = local
access_provider = permit
The [sssd] section has three important parameters:
  • domains lists all of the domains, configured in the sssd.conf, which SSSD uses as identity providers. If a domain is not listed in the domains key, it is not used by SSSD, even if it has a configuration section.
  • services lists all of the system services, configured in the sssd.conf, which use SSSD; when SSSD starts, the corresponding SSSD service is started for each configured system service. If a service is not listed in the services key, it is not used by SSSD, even if it has a configuration section.
  • config_file_version sets the version of the configuration file to set file format expectations. This is version 2, for all recent SSSD versions.

Note

Even if a service or domain is configured in the sssd.conf file, SSSD does not interact with that service or domain unless it is listed in the services or domains parameters, respectively, in the [sssd] section.
Other configuration parameters are listed in the sssd.conf man page.
Each service and domain parameter is described in its respective configuration section in this chapter and in their man pages.

13.2.2.2. Using a Custom Configuration File

By default, the sssd process assumes that the configuration file is /etc/sssd/sssd.conf.
An alternative file can be passed to SSSD by using the -c option with the sssd command:
~]# sssd -c /etc/sssd/customfile.conf --daemon