Newer
Older
bootstrap / environments / production / modules / bootstrap / files / authentication / etc / sssd / sssd.conf
Mark George on 11 Feb 2021 879 bytes Initial commit
### MANAGED BY PUPPET (base-configuration::authentication)

[sssd]
domains = student.otago.ac.nz
config_file_version = 2
services = nss, pam

[domain/student.otago.ac.nz]
ad_domain = student.otago.ac.nz
krb5_realm = STUDENT.OTAGO.AC.NZ
realmd_tags = joined-with-adcli 
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = False
fallback_homedir = /home/%u

# create private groups for users
auto_private_groups = True

# only retrieve the "domain user" group (the rest are useless to us)
ldap_use_tokengroups = False
ldap_group_search_base = CN=Users,DC=win,DC=trust,DC=test?sub?(|(cn=domain users))

# don't manage sudo via SSSD
sudo_provider = None

# the following *significantly* speeds up login (we don't need to validate group memberships)
ignore_group_members = True