[domain/ipa.domain.com]

debug_level = 10
krb5_store_password_if_offline = True
ipa_domain = ipa.domain.com
id_provider = ipa
auth_provider = ipa
access_provider = ipa
ipa_hostname = client.ipa.domain.com
chpass_provider = ipa
#ipa_server = _srv_, ipaserver1.ipa.domain.com
ipa_server = ipaserver2.ipa.domain.com
ldap_tls_cacert = /etc/ipa/ca.crt
krb5_auth_timeout = 3600

#ignore_group_members = True 
#ldap_purge_cache_timeout = 0
#ldap_use_tokengroups = false
#ldap_search_timeout = 30
#ldap_network_timeout = 30
#ldap_group_nesting_level = 0
#ldap_opt_timeout = 30
#ldap_referrals = false
#ipa_subdomains_search_base cn=ad.domain.com,cn=ad,cn=trusts,dc=ipa,dc=domain,dc=com
#subdomain_inherit = ldap_purge_cache_timeout,ignore_group_members,ldap_use_tokengroups,ldap_group_nesting_level
#reconnection_retries = 12
#get_domains_timeout = 120

[sssd]
config_file_version = 2
debug_level = 10
services = nss, sudo, pam, ssh
domains = ipa.domain.com
#domain_resolution_order = ad.domain.com,ipa.domain.com
full_name_format = %1$s

[nss]
debug_level = 10
entry_negative_timeout = 1 
override_homedir = /home/%l/%u
filter_groups = adglobalposixgroup@ad.domain.com

[pam]
pam_id_timeout = 3600


[sudo]

[autofs]

[ssh]

[pac]

[ifp]

[secrets]