[sssd]
config_file_version = 2
services = nss, pam
#debug_level = 0xffff
# SSSD will not start if you do not configure any domains.
# Add new domain configurations as [domain/<NAME>] sections, and
# then add the list of domains (in the order you want them to be
# queried) to the "domains" attribute below and uncomment it.
domains = LDAP

[nss]
filter_users = root,ldap,named,avahi,haldaemon,dbus,radiusd,news,nscd,demo

[pam]

# Example LDAP domain
[domain/LDAP]
id_provider = ldap
auth_provider = ldap
ldap_tls_reqcert = never
# ldap_schema can be set to "rfc2307", which stores group member names in the
# "memberuid" attribute, or to "rfc2307bis", which stores group member DNs in
# the "member" attribute. If you do not know this value, ask your LDAP
# administrator.
ldap_schema = rfc2307bis
ldap_uri = ldaps://ldap.ruf.uni-freiburg.de
ldap_backup_uri = ldaps://bv1.ruf.uni-freiburg.de,ldaps://bv2.ruf.uni-freiburg.de,ldaps://bv3.ruf.uni-freiburg.de
ldap_search_base = dc=uni-freiburg,dc=de
ldap_user_search_base = ou=people,dc=uni-freiburg,dc=de?onelevel?(rufstatus=enabled)
ldap_group_search_base = ou=group,dc=uni-freiburg,dc=de
ldap_user_home_directory = rufClientHome
# Note that enabling enumeration will have a moderate performance impact.
# Consequently, the default value for enumeration is FALSE.
# Refer to the sssd.conf man page for full details.
; enumerate = false
# Allow offline logins by locally storing password hashes (default: false).
cache_credentials = true

# An example Active Directory domain. Please note that this configuration
# works for AD 2003R2 and AD 2008, because they use pretty much RFC2307bis
# compliant attribute names. To support UNIX clients with AD 2003 or older,
# you must install Microsoft Services For Unix and map LDAP attributes onto
# msSFU30* attribute names.
;[domain/AD]
;id_provider = ldap
;auth_provider = krb5
;chpass_provider = krb5

;ldap_uri = ldaps://bv1.ruf.uni-freiburg.de ldaps://bv2.ruf.uni-freiburg.de ldaps://bv3.ruf.uni-freiburg.de
;ldap_search_base = ou=people,dc=uni-freiburg,dc=de
;ldap_schema = rfc2307bis
;ldap_sasl_mech = GSSAPI
;ldap_user_object_class = user
;ldap_group_object_class = group
;ldap_user_principal = userPrincipalName
;ldap_account_expire_policy = ad
;ldap_force_upper_case_realm = true
; 
; krb5_server = your.ad.example.com
; krb5_realm = EXAMPLE.COM