English Finnish
Each domain can have an individual regular expression configured. For some ID providers there are also default regular expressions. See DOMAIN SECTIONS for more info on these regular expressions.
full_name_format (string)
A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</manvolnum> </citerefentry>-compatible format that describes how to compose a fully qualified name from user name and domain name components.
domain name as specified in the SSSD config file.
domain flat name. Mostly usable for Active Directory domains, both directly configured or discovered via IPA trusts.
The following expansions are supported: <placeholder type="variablelist" id="0"/>
Each domain can have an individual format string configured. See DOMAIN SECTIONS for more info on this option.
monitor_resolv_conf (boolean)
try_inotify (boolean)
By default, SSSD will attempt to use inotify to monitor configuration files changes and will fall back to polling every five seconds if inotify cannot be used.
There are some limited situations where it is preferred that we should skip even trying to use inotify. In these rare cases, this option should be set to 'false'
Default: true on platforms where inotify is supported. False on other platforms.
Note: this option will have no effect on platforms where inotify is unavailable. On these platforms, polling will always be used.
krb5_rcache_dir (string)
This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct SSSD to let libkrb5 decide the appropriate location for the replay cache.
Default: Distribution-specific and specified at build-time. (__LIBKRB5_DEFAULTS__ if not configured)
user (string)
The user to drop the privileges to where appropriate to avoid running as the root user. <phrase condition="have_systemd"> This option does not work when running socket-activated services, as the user set up to run the processes is set up during compilation time. The way to override the systemd unit files is by creating the appropriate files in /etc/systemd/system/. Keep in mind that any change in the socket user, group or permissions may result in a non-usable SSSD. The same may occur in case of changes of the user running the NSS responder. </phrase>
Default: not set, process will run as root
default_domain_suffix (string)