# Example /etc/nsscache.conf - configuration for nsscache
#
# nsscache loads a config file from the environment variable NSSCACHE_CONFIG
#
# By default this is /etc/nsscache.conf
#
# Commented values are overrideable defaults, uncommented values
# require you to set them.

[DEFAULT]

# Default NSS data source module name
source = ldap

# Default NSS data cache module name
cache = nssdb
#cache = files

# NSS maps to be cached
maps = passwd, group, shadow, netgroup

# Directory to store our update/modify timestamps
timestamp_dir = /var/lib/nsscache

# Lockfile to use for update/repair operations
#lockfile = /var/run/nsscache

# Defaults for specific modules; prefaced with "modulename_"

##
# ldap module defaults.
#

# LDAP URI to query for NSS data
ldap_uri = ldaps://ldap

# Base for LDAP searches
ldap_base = ou=people,dc=example,dc=com

# Default LDAP search filter for maps
ldap_filter = (objectclass=posixAccount)

# Default LDAP search scope
#ldap_scope = one

# Default LDAP BIND DN, empty string is an anonymous bind
#ldap_bind_dn = ""

# Default LDAP password, empty DN and empty password is used for
# anonymous binds
#ldap_bind_password = ""

# Default timelimit for LDAP queries, in seconds.
# The query will block for this number of seconds, or indefinitely if negative.
#ldap_timelimit = -1

# Default number of retry attempts
#ldap_retry_max = 3

# Default delay in between retry attempts
#ldap_retry_delay = 5

# Default setting for requiring tls certificates, one of:
# never, hard, demand, allow, try
#ldap_tls_require_cert = 'demand'

# Default directoy for trusted CAs
#ldap_tls_cacertdir = '/usr/share/ssl'

# Default filename for trusted CAs
#ldap_tls_cacertfile = '/usr/share/ssl/cert.pem'

# Should we issue STARTTLS?
# ldap_tls_starttls = 1

##
# nssdb module defaults

# Directory to store nssdb databases.  Current libnss_db code requires
# the path below
#nssdb_dir = /var/lib/misc

# Path to `makedb', supplied by the nss_db module
#nssdb_makedb = /usr/bin/makedb

##
# files module defaults

# Directory to store the plain text files
#files_dir = /etc

# Suffix used on the files module database files
files_cache_filename_suffix = cache

###
# Optional per-map sections, if present they will override the above
# defaults.  The examples below show you some common values to override
#
# [passwd]
#
# ldap_base = ou=people,dc=example,dc=com

[group]

ldap_base = ou=group,dc=example,dc=com
ldap_filter = (objectclass=posixGroup)

[shadow]

ldap_filter = (objectclass=shadowAccount)

[netgroup]

ldap_base = ou=netgroup,dc=example,dc=com
ldap_filter = (objectclass=nisNetgroup)
files_cache_filename_suffix =

[automount]

ldap_base = ou=automounts,dc=example,dc=com
files_cache_filename_suffix =
cache = files