[domain/default]


[sssd]
domains = ad.example.com
config_file_version = 2
services = nss, pam, autofs


[domain/ad.example.com]
debug_level = 9
ad_domain = ad.example.com
cache_credentials = True
auth_provider = krb5
id_provider = ldap
default_shell = /bin/bash
fallback_homedir = /home/%u
override_homedir = /home/%u
access_provider = simple
simple_allow_groups = whatever
chpass_provider = none

krb5_realm = AD.EXAMPLE.COM
krb5_server = auth.example.com
krb5_store_password_if_offline = False

ldap_uri = ldaps://auth.example.com:636
ldap_id_use_start_tls = false
#ldap_tls_cacert = /etc/pki/tls/certs/ca-bundle.crt
ldap_tls_cacert = /etc/pki/ca-trust/source/anchors/incommon-ssl.pem
ldap_tls_reqcert = demand
#ldap_tls_reqcert = never
ldap_search_base = DC=ad,DC=example,DC=com
ldap_default_bind_dn = CN=somedude,OU=Accounts,DC=ad,DC=example,DC=com
ldap_default_authtok = blah
ldap_netgroup_search_base = OU=Groups,DC=ad,DC=example,DC=com
ldap_group_search_base = OU=Groups,DC=ad,DC=example,DC=come
ldap_id_mapping = False
ldap_schema = AD
ldap_search_timeout = 60
ldap_opt_timeout = 60
ldap_network_timeout = 60
ldap_connection_expire_timeout = 3600
ldap_enumeration_search_timeout = 180
ldap_user_name = cn
ldap_user_object_class = user
ldap_group_object_class = group
ldap_group_member = member
ldap_group_nesting_level = 5