[sssd]
config_file_version = 2
domains = int.home.local
services = nss, pam
debug_level = 0
[nss]
filter_groups = root
filter_users = root
reconnection_retries = 3
[pam]
reconnection_retries = 3
[domain/int.home.local]
# Unless you know you need referrals, turn them off
ldap_referrals = false
# Uncomment if you need offline logins
cache_credentials = true
enumerate = true
id_provider = ldap
auth_provider = krb5
chpass_provider = krb5
access_provider = ldap
# Uncomment if service discovery is not working
ldap_uri = ldap://win-04vje0onhci.int.home.local
# Comment out if not using SASL/GSSAPI to bind
#ldap_sasl_mech = GSSAPI
# Uncomment and adjust if the default principal host/fqdn@REALM is not available
# Define these only if anonymous binds are not allowed and no keytab is available
# Enabling use_start_tls is very important, otherwise the bind password is transmitted
# over the network in the clear
#ldap_id_use_start_tls = True
ldap_default_bind_dn = CN=test,CN=Users,DC=int,DC=home,DC=local
ldap_default_authtok_type = password
ldap_default_authtok = secretpassword
ldap_schema = rfc2307bis
ldap_user_search_base = CN=Users,DC=int,DC=home,DC=local
ldap_user_object_class = user
ldap_user_home_directory = unixHomeDirectory
ldap_user_principal = userPrincipalName
ldap_group_search_base = CN=Builtin,DC=int,DC=home,DC=local
#ldap_group_search_base = ou=group,dc=int,dc=home,dc=local
ldap_group_object_class = group
ldap_access_order = expire
ldap_account_expire_policy = ad
ldap_force_upper_case_realm = true
# Uncomment if dns discovery of your AD servers isn't working.
krb5_server = win-04vje0onhci.int.home.local
krb5_realm = int.home.local
# Probably required with sssd 1.8.x and newer
krb5_canonicalize = false
# Perhaps you need to redirect to certain attributes?
# ldap_user_object_class = user
# ldap_user_name = sAMAccountName
# ldap_user_uid_number = msSFU30UidNumber
# ldap_user_gid_number = msSFU30GidNumber
# ldap_user_gecos = displayName
# ldap_user_home_directory = msSFU30HomeDirectory
# ldap_user_shell = msSFU30LoginShell
# ldap_user_principal = userPrincipalName
# ldap_group_object_class = group
# ldap_group_name = cn
# ldap_group_gid_number = msSFU30GidNumber