Untitled

[sssd]
config_file_version = 2
services = nss, pam
domains = {{ KRB_REALM }}

[nss]
filter_groups = root
filter_users = root
reconnection_retries = 3
entry_cache_timeout = 300
entry_cache_nowait_percentage = 75

[pam]
reconnection_retries = 3
offline_credentials_expiration = 0
offline_failed_login_attempts = 0
offline_failed_login_delay = 5

[domain/{{ KRB_REALM }}]
id_provider = ldap
auth_provider = krb5
access_provider = ldap
chpass_provider = krb5
debug_level = 9
min_id = 500
enumerate = False
timeout = 10
cache_credentials = False
entry_cache_timeout = 300
ignore_group_members = True
case_sensitive = False

ldap_schema = ad
ldap_uri = ldap://{{ ldap_server }}
ldap_id_mapping = True
ldap_default_bind_dn={{ ldap_username }}@{{ KRB_REALM }}
ldap_default_authtok_type = password
ldap_default_authtok = {{ ldap_password }}

ldap_access_filter = (cn=*)
ldap_search_base = {{ search_base }}
ldap_user_search_base = {{ user_search_base }}
ldap_group_search_base = {{ group_search_base }}

ldap_referrals = False
ldap_search_timeout = 5
ldap_network_timeout = 5
ldap_force_upper_case_realm = True

ldap_user_uid_number = uidNumber
ldap_user_gid_number = gidNumber
ldap_user_principal = userPrincipalName
ldap_user_gecos = cn
ldap_user_home_directory = unixHomeDirectory
ldap_user_object_class = user
ldap_user_name = sAMAccountName
ldap_user_shell = loginShell
ldap_user_objectsid = objectSid
ldap_group_gid_number = gidNumber
ldap_group_object_class = group
ldap_group_objectsid = objectSid
ldap_group_member = member
ldap_group_name = cn
ldap_idmap_range_min = 100000
ldap_idmap_range_max = 2000100000
ldap_idmap_range_size = 2000000000

krb5_server=kdc.realm.com
krb5_realm=REALM.COM
krb5_keytab=/etc/sssd/host.keytab
krb5_store_password_if_offline = true

override_shell = /bin/bash
fallback_homedir = /home/%u