Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   44335 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

NSSCACHE.CONF(5)		 File formats		      NSSCACHE.CONF(5)

NAME
       nsscache.conf - NSS local cache synchroniser configuration file

SYNOPSIS
       /etc/nsscache.conf

DESCRIPTION
       nsscache synchronises a local NSS cache, and other databases, against a
       remote data source. This approach allows the administrator to  separate
       the network from the NSS lookup codepath, improving speed and reliabil‐
       ity of name services.

       The nsscache configuration file comprises of one DEFAULT section,  fol‐
       lowed  by  zero	or more map-specific configuration sections.  The file
       format is similar to that of ".ini" files.

       The DEFAULT section must provide at least one source keyword,  specify‐
       ing  the data source to use, one cache keyword, specifying the means in
       which the cache data will be stored  locally,  and  one	maps  keyword,
       specifying  which NSS maps should be cached, and one timestamp_dir key‐
       word, specifying the location of the timestamps	used  for  incremental
       updates.

       Additional  global  defaults,  such  as	LDAP search parameters, or the
       filesystem location of the cache, may also be included in  the  DEFAULT
       section.

       Additional  sections  may  be  included that allow per-map overrides to
       configuration options.  For example, one	 might	specify	 their	global
       LDAP  search  base as ou=People but want to override that for the group
       mapping as ou=Groups

       Apart from the source,  cache,  and  maps  configuration	 options,  all
       options are prefixed by the name of the module that they configure.

       A complete list of configuration options follows.

DEFAULT-only OPTIONS
       source Specifies the source to use to retrieve NSS data from.

	      Valid Options: ldap

       cache  Specifies	 the cache method to use to store the data, which will
	      be queried by the NSS itself.

	      Valid options: files Store in a plain text file, similar in for‐
	      mat to /etc/passwd

	      cache  Store  in	a plain text cache file, with a .cache suffix,
	      and an index, for use with the nss-cache NSS module.

	      nssdb Store in a Berkeley DB file, for use with the  nss_db  NSS
	      module.  Please note that this option is deprecated in favour of
	      cache

       maps   Specifies the names of the maps that will be queried and	cached
	      by nsscache

	      Valid options: passwd group shadow netgroup automount sshkey

       timestamp_dir
	      Specifies	 the  directory where update and modify timestamps are
	      stored.

ldap SOURCE OPTIONS
       These options configure the behaviour of the ldap source.

       ldap_uri
	      The LDAP URI to connect to.

       ldap_base
	      The base to perform LDAP searches under.

       ldap_filter
	      The search filter to use when querying.

       ldap_scope
	      The search scope to use.	Defaults to one

       ldap_bind_dn
	      The bind DN to use when connecting to LDAP.  Emtpy string is  an
	      anonymous bind.  Defaults to the empty string.

       ldap_bind_password
	      The  bind password to use when connecting to LDAP.  Empty string
	      is used for anonymous binds.  Defaults to the empty string.

       ldap_timelimit
	      Timelimit in seconds for search results to return.  -1 means  no
	      limit.  Defaults to -1.

       ldap_retry_max
	      Number  of  retries on soft failures before giving up.  Defaults
	      to 3.

       ldap_retry_delay
	      Delay in seconds between retries.	 Defaults to 5.

       ldap_tls_require_cert
	      Sets expectations for  SSL  certificates,	 using	TLS.   One  of
	      'never',	'hard', 'demand', 'allow', or 'try'.  See ldap.conf(5)
	      for more information.

       ldap_tls_cacertdir
	      Directory	  for	trusted	  CA   certificates.	Defaults    to
	      /usr/share/ssl

       ldap_tls_cacertfile
	      Filename	 containing  trusted  CA  certificates.	  Defaults  to
	      /usr/share/ssl/cert.pem

       ldap_uidattr
	      The uid-like attribute in your directory.	 Defaults to uid.

       ldap_uidregex
	      A Python regex to	 extract  uid  components  from	 the  uid-like
	      attribute.  All matching groups are concatenated without spaces.
	      For example:  '(.*)@example.com' would return a uid to the  left
	      of the @example.com domain.  Default is no regex.

       ldap_groupregex
	      A	 Python regex to extract group member components from the mem‐
	      ber or memberOf attributes.  All matching	 groups	 are  concate‐
	      nated  without  spaces.	For example:  '(.*)@example.com' would
	      return a member without the the @example.com domain.  Default is
	      no regex.

       ldap_rfc2307bis
	      Default  uses  rfc2307 schema. If rfc2307bis (groups stored as a
	      list of DNs in 'member' attr), set this to 1.

       ldap_debug
	      Sets the debug level for the underlying C library.  Defaults  to
	      no logging.

nssdb CACHE OPTIONS
       These options configure the behaviour of the nssdb cache.

       nssdb_dir
	      Directory	 to  store the Berkeley DB databases.  Defaults to the
	      current directory.  Note	that  nss_db  hardcodes	 the  path  to
	      /var/db/nsscache	on Debian systems, and /var/db on Red Hat sys‐
	      tems.

       nssdb_makedb
	      Path to the makedb(1) command, which is used by the nssdb	 cache
	      code  to ensure that the Berkeley DB version created by the mod‐
	      ule matches that expected by the nss_db NSS module.

files CACHE OPTIONS
       These optiosn configure the behaviour of the files cache.

       files_dir
	      Directory location to store the plain text files	in.   Defaults
	      to the current directory.

       files_cache_filename_suffix
	      A	 suffix	 appended  to  the  cache filename to differentiate it
	      from, say, system NSS databases.	Defaults to '.cache'.

       files_local_automount_master
	      A yes/no field only used for automount maps.  A 'yes' value will
	      cause  nsscache  to  update the auto.master file with the master
	      map from the source.  A 'no' value will cause nsscache to	 leave
	      auto.master  alone,  allowing  the system to manage this file in
	      other ways.  When set to 'no', nsscache will only	 update	 other
	      automount maps defined both locally and in the source.  Defaults
	      to 'yes'.

EXAMPLE
       A typical example might look like this:

	 [DEFAULT]
	 source = ldap
	 cache = nssdb
	 maps = passwd, group, shadow
	 ldap_uri = ldap://ldap.example.com
	 ldap_base = ou=People,dc=example,dc=com
	 ldap_filter = (objectclass=posixAccount)
	 nssdb_dir = /var/db/nsscache

	 [group]
	 ldap_base = ou=Group,dc=example,dc=com
	 ldap_filter = (objectclass=posixGroup)

	 [shadow]
	 ldap_filter = (objectclass=posixAccount)

       And a complementary /etc/nsswitch.conf might look like this:

	 passwd: files db
	 group: files db
	 shadow: files db

FILES
       /etc/nsscache.conf
	      The system-wide nsscache configuration file

SEE ALSO
       nsscache(1)

       nsswitch.conf(5)
	      The system name service switch configuration file

       ldap.conf(5)
	      Details on LDAP configuration options exposed by the LDAP client
	      libraries.

AUTHOR
       Written	by  Jamie  Wilkinson  (jaq@google.com)	and  Vasilios  Hoffman
       (vasilios@google.com).

COPYRIGHT
       Copyright © 2007 Google, Inc.
       This is free software; see the source for copying conditions.  There is
       NO  warranty;  not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR
       PURPOSE.

nsscache 0.27			  2008-11-19		      NSSCACHE.CONF(5)

Vote for polarhome