[sssd]
services = nss, pam, sudo
config_file_version = 2
domains = LDAP

[domain/LDAP]
cache_credentials = true

id_provider = ldap
auth_provider = ldap
sudo_provider = ldap

ldap_uri = {{ ldap_uris | join(',') }}
ldap_default_bind_dn = {{ ldap_bind_dn }}
ldap_default_authtok = {{ ldap_bind_password }}
ldap_default_authtok_type = password
ldap_tls_cacert = /etc/ldap/{{ ldap_cert }}

ldap_search_base = {{ ldap_search_base }}
ldap_user_search_base = {{ ldap_search_base }}?subtree?(|({{ ldap_users | join(')(')}}))
ldap_sudo_search_base = {{ ldap_search_base }}?subtree?(|({{ ldap_admins | join(')(')}}))
ldap_group_search_base = {{ ldap_search_base }}
ldap_id_use_start_tls = true
ldap_id_mapping = false
use_fully_qualified_names = false

enumerate = true