#
# /etc/sssd/sssd.conf (0600): common SSSD configuration
#

[sssd]
config_file_version = 2
reconnection_retries = 1
domains = LDAP
services = nss, pam

[nss]
entry_negative_timeout = 60
debug_level = 0
debug_timestamps = true

[pam]
offline_credentials_expiration = 90
offline_failed_login_attempts = 5
offline_failed_login_delay = 5
debug_level = 0
debug_timestamps = true

[domain/LDAP]
auth_provider = krb5
krb5_kdcip = auth.example.com
krb5_realm = EXAMPLE.COM
krb5_auth_timeout = 5
cache_credentials = true
id_provider = ldap
enumerate = true
min_id = 500
timeout = 5
ldap_uri = ldap://auth.example.com/
ldap_id_use_start_tls = true
ldap_tls_reqcert = never
ldap_search_base = dc=example,dc=com