[sssd]
config_file_version = 2
services = nss, pam
domains = daemons,default

[nss]
filter_users = root,ldap,named,avahi,haldaemon,dbus,radiusd,news,nscd,petty,zenoss,procdata,gadde
override_shell = /bin/bash
#override_homedir = /home/%u
override_homedir = /mnt/nfs_home/%u/linux
debug_level = 5

[pam]

[domain/default]
debug_level = 8
id_provider = ad
auth_provider = ad
access_provider = ldap
chpass_provider = ad
ad_domain = dhe.duke.edu
ldap_search_base = DC=dhe,DC=duke,DC=edu
ldap_idmap_default_domain = dhe.duke.edu
ldap_sasl_mech = GSSAPI
ldap_sasl_authid = dirac$@DHE.DUKE.EDU
ldap_account_expire_policy = ad
ldap_access_order = expire
ldap_schema = ad
ldap_referrals = False
ldap_id_mapping = True
ldap_force_upper_case_realm = True
ldap_user_search_base = DC=dhe,DC=duke,DC=edu?subtree?(memberOf=CN=BIAC-Users,OU=Groups,OU=BIAC,OU=SOM,OU=EnterpriseResources,DC=dhe,DC=duke,DC=edu)
ldap_idmap_default_domain_sid = S-1-5-21-2053149899-1891010372-398732264
ldap_tls_reqcert = never
case_sensitive = False
krb5_lifetime = 10h 
krb5_renewable_lifetime = 7d
krb5_renew_interval = 3600
ldap_account_expire_policy = ad
krb5_realm = DHE.DUKE.EDU
#these will go away with IDMU uid
ldap_idmap_range_size = 20000000
ldap_idmap_range_min = 0
ldap_idmap_range_max = 2000000000
min_id = 500
override_gid = 197250

[domain/daemons]
debug_level = 1
id_provider = ad
auth_provider = ad
access_provider = ldap
chpass_provider = ad
ad_domain = dhe.duke.edu
ldap_search_base = DC=dhe,DC=duke,DC=edu
ldap_user_search_base = DC=dhe,DC=duke,DC=edu?subtree?(memberOf=CN=BIAC-Daemons,OU=Groups,OU=BIAC,OU=SOM,OU=EnterpriseResources,DC=dhe,DC=duke,DC=edu)
ldap_idmap_default_domain = dhe.duke.edu
ldap_sasl_mech = GSSAPI
ldap_sasl_authid = dirac$@DHE.DUKE.EDU
ldap_account_expire_policy = ad
ldap_access_order = expire
ldap_schema = ad
ldap_referrals = False
ldap_id_mapping = True
ldap_force_upper_case_realm = True
ldap_idmap_default_domain_sid = S-1-5-21-2053149899-1891010372-398732264
ldap_tls_reqcert = never
case_sensitive = False
krb5_lifetime = 10h 
krb5_renewable_lifetime = 7d
krb5_renew_interval = 3600
ldap_account_expire_policy = ad
krb5_realm = DHE.DUKE.EDU
#these will go away with IDMU uid
ldap_idmap_range_size = 20000000
ldap_idmap_range_min = 0
ldap_idmap_range_max = 2000000000
min_id = 500
override_gid = 415332