mise en forme, typo et precision

Readme.md

@@ -4,9 +4,11 @@
 
 ### Packages et services
 
+```bash
 sudo dnf -y install sssd sssd-ldap sssd-tools oddjob oddjob-mkhomedir
 sudo systemctl enable --now oddjobd
 sudo authselect select --force sssd with-faillock with-mkhomedir
+```
 
 ### Création d'un compte de service
 
@@ -14,14 +16,21 @@ de classe simpleSecurityObject et Account
 
 ### Configuration
 
-Créer le fichier /etc/sss/sssd.conf
+Créer le fichier /etc/sssd/sssd.conf
 
 Générer le mot de passe
 
 ```bash
-echo 123Soleil | sudo sss_obfuscate --stdin --domain example.fr
+echo -n 123Soleil | sudo sss_obfuscate --stdin --domain example.fr
 ```
 
+⚠️ permissions sur le fichier:
+
+```bash
+chmod 600 /etc/sssd/sssd.conf
+```
+
+
 relancer le service et vérifier
 
 ```bash

sss.ldif

@@ -0,0 +1,7 @@
+dn: ou=services,dc=example,dc=fr
+objectclass: organizationalUnit
+
+dn: uid=sssd,ou=services,dc=example,dc=fr
+objectclass: simplesecurityobject
+objectclass: account
+userpassword: 123Soleil

sssd.conf

@@ -0,0 +1,26 @@
+[sssd]
+services = nss, pam
+domains = example.fr
+[nss]
+filter_users = root
+filter_groups = root
+[domain/example.fr]
+cache_credentials = True
+id_provider = ldap
+auth_provider = ldap
+ldap_uri = ldaps://ldx1.formation.opendoor.fr
+ldap_tls_reqcert = demand
+ldap_search_base = dc=example,dc=fr
+ldap_default_bind_dn = uid=sssd,ou=services,dc=example,dc=fr
+ldap_default_authtok_type = obfuscated_password
+ldap_default_authtok = AAAQAHNUVvgclMY0ywC1NekfsXqG+u754Aa/dMiRLCLKHiZ6rA8IRmukHLOU/KW6ZL3zrO8Fs+lLYZNzRmNG1aJOvDgAAQID
+
+access_provider = permit
+sudo_provider = ldap
+chpass_provider = ldap
+autofs_provider = ldap
+resolver_provider = ldap
+[pam]
+offline_credentials_expiration = 1
+offline_failed_login_attempts = 3
+offline_failed_login_delay = 5