This file is indexed.

/etc/nsscache.conf is in nsscache 0.32-1.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
# Example /etc/nsscache.conf - configuration for nsscache
#
# nsscache loads a config file from the environment variable NSSCACHE_CONFIG
#
# By default this is /etc/nsscache.conf
#
# Commented values are overrideable defaults, uncommented values
# require you to set them.

[DEFAULT]

# Default NSS data source module name
source = ldap

# Default NSS data cache module name; 'files' is compatible with the
# libnss-cache NSS module.  'nssdb' is deprecated, and should not be used for
# new installations.
cache = files

# NSS maps to be cached
maps = passwd, group, shadow, netgroup, automount

# Directory to store our update/modify timestamps
timestamp_dir = /var/lib/nsscache

# Lockfile to use for update/repair operations
#lockfile = /var/run/nsscache

# Defaults for specific modules; prefaced with "modulename_"

##
# ldap module defaults.
#

# LDAP URI to query for NSS data
ldap_uri = ldaps://ldap

# Base for LDAP searches
ldap_base = ou=people,dc=example,dc=com

# Default LDAP search filter for maps
ldap_filter = (objectclass=posixAccount)

# Default LDAP search scope
#ldap_scope = one

# Default LDAP BIND DN, empty string is an anonymous bind
#ldap_bind_dn = ""

# Default LDAP password, empty DN and empty password is used for
# anonymous binds
#ldap_bind_password = ""

# Default timelimit for LDAP queries, in seconds.
# The query will block for this number of seconds, or indefinitely if negative.
#ldap_timelimit = -1

# Default number of retry attempts
#ldap_retry_max = 3

# Default delay in between retry attempts
#ldap_retry_delay = 5

# Default setting for requiring tls certificates, one of:
# never, hard, demand, allow, try
#ldap_tls_require_cert = 'demand'

# Default directoy for trusted CAs
#ldap_tls_cacertdir = '/usr/share/ssl'

# Default filename for trusted CAs
#ldap_tls_cacertfile = '/usr/share/ssl/cert.pem'

# Should we issue STARTTLS?
#ldap_tls_starttls = 1

# Default uid-like attribute
#ldap_uidattr = 'uid'

# A Python regex to extract uid components from the uid-like attribute.
# All matching groups are concatenated without spaces.
# For example:  '(.*)@example.com' would return a uid to the left of
# the @example.com domain.  Default is no regex.
#ldap_uidregex = ''

# A Python regex to extract group member components from the member or
# memberOf attributes.  All matching groups are concatenated without spaces.
# For example:  '(.*)@example.com' would return a member without the
# the @example.com domain.  Default is no regex.
#ldap_groupregex = ''

# Default uses rfc2307 schema. If rfc2307bis (groups stored as a list of DNs
# in 'member' attr), set this to 1
#ldap_rfc2307bis = 0

# Default uses rfc2307 schema. If rfc2307bis_alt (groups stored as a list of DNs
# in 'uniqueMember' attr), set this to 1
#ldap_rfc2307bis_alt = 0

# Debug logging
#ldap_debug = 3

# SASL
# Use SASL for authentication
#ldap_use_sasl = False

# SASL mechanism. Only 'gssapi' is supported now
#ldap_sasl_mech = 'gssapi'
#ldap_sasl_authzid = ''

##
# nssdb module defaults

# Directory to store nssdb databases.  Current libnss_db code requires
# the path below
nssdb_dir = /var/lib/misc

# Path to `makedb', supplied by the nss_db module
#nssdb_makedb = /usr/bin/makedb

##
# files module defaults

# Directory to store the plain text files
files_dir = /etc

# Suffix used on the files module database files
files_cache_filename_suffix = cache

###
# Optional per-map sections, if present they will override the above
# defaults.  The examples below show you some common values to override
#
# [passwd]
#
# ldap_base = ou=people,dc=example,dc=com

[group]

ldap_base = ou=group,dc=example,dc=com
ldap_filter = (objectclass=posixGroup)

[shadow]

ldap_filter = (objectclass=shadowAccount)

[netgroup]

ldap_base = ou=netgroup,dc=example,dc=com
ldap_filter = (objectclass=nisNetgroup)
files_cache_filename_suffix =

[automount]

ldap_base = ou=automounts,dc=example,dc=com
files_cache_filename_suffix =
cache = files

# Files module has an option that lets you leave the local master map alone
# (e.g. /etc/auto.master) so that maps can be enabled/disabled locally.
#
# This also causes nsscache to limit automount updates to only the maps which
# are defined both in the local master map (/etc/auto.master) and in the source
# master map -- versus pulling local copies of all maps defined in the source,
# regardless.  Effectively this makes for local control of which automount maps
# are used and updated.
#
# files_local_automount_master = no

##
## SSH Keys stored in LDAP
##
# For SSH keys stored in LDAP under the sshPublicKey attribute.
# sshd_config should contain a config option for AuthorizedKeysCommand that
# runs a script like:
#
# awk -F: -v name="$1" '$0 ~ name { print $2 }' /etc/sshkey.cache | \
#   tr -d "[']" | \
#   sed -e 's/, /\n/g'
#
# A featureful example is in examples/authorized-keys-command.py

#[sshkey]
#
#ldap_base = ou=people,dc=yourdomain,dc=com