/usr/share/ipa/updates/20-nss

This file is indexed.

/usr/share/ipa/updates/20-nss_ldap.update is in freeipa-server 4.3.1-0ubuntu1.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

#
# Add profile for RFC 4876 agents (Solaris and HP/ux)
#

# Update the top-level entry 
dn: $SUFFIX
add:objectClass: domain
add:objectClass: domainRelatedObject
add:objectClass: nisDomainObject
add:associatedDomain: $DOMAIN
add:nisDomain: $DOMAIN

# Add a place to store the nss_ldap default profile
dn: ou=profile,$SUFFIX
add: objectClass: top
add: objectClass: organizationalUnit
add: ou: profiles

# The DUA profile. On Solaris one can run:
# ldap_client init ipa.example.com
dn: cn=default,ou=profile,$SUFFIX
default:ObjectClass: top
default:ObjectClass: DUAConfigProfile
default:defaultServerList: $FQDN
default:defaultSearchBase: $SUFFIX
default:authenticationMethod: none
default:searchTimeLimit: 15
default:cn: default
default:serviceSearchDescriptor: passwd:cn=users,cn=accounts,$SUFFIX
default:serviceSearchDescriptor: group:cn=groups,cn=compat,$SUFFIX
default:bindTimeLimit: 5
default:objectClassMap: shadow:shadowAccount=posixAccount
default:followReferrals:TRUE

freeipa-server 4.3.1-0ubuntu1 / usr / share / ipa / updates / 20-nss_ldap.update