[domain/default] ldap_tls_reqcert = demand ldap_id_use_start_tls = True cache_credentials = True ldap_search_base = dc=users,dc=company,dc=tld ldap_group_member = uniquemember id_provider = ldap auth_provider = ldap chpass_provider = ldap ldap_uri = ldaps://ldap.company.si ldap_tls_cacertdir = /etc/openldap/cacerts enumerate = false min_id = 1 ldap_default_bind_dn = cn=SSSDUSER,ou=system,dc=company,dc=tld ldap_default_authtok_type = obfuscated_password ldap_default_authtok = PASSWORD_HERE ldap_disable_paging = true ldap_enumeration_refresh_timeout = 300 [sssd] services = nss, pam config_file_version = 2 domains = default [nss] filter_users = root,ldap,named,avahi,haldaemon,dbus,radiusd,news,nscd memcache_timeout = 1200 enum_cache_timeout = 400 entry_negative_timeout = 5 debug_level = 0x0400 [pam] reconnection_retries = 3 offline_credentials_expiration = 2 offline_failed_login_attempts = 3 offline_failed_login_delay = 5 debug_level = 0x0400 [sudo] [autofs]