### MANAGED BY PUPPET (base-configuration::authentication)

[sssd]
domains = student.otago.ac.nz
config_file_version = 2
services = nss, pam

[domain/student.otago.ac.nz]
ad_domain = student.otago.ac.nz
krb5_realm = STUDENT.OTAGO.AC.NZ
realmd_tags = joined-with-adcli 
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
ldap_id_mapping = True
default_shell = /bin/bash

# the following worked for 18.04 LTS, but not 20.04 LTS
#fallback_homedir = /home/%u

# the following does work in 20.04 LTS
override_homedir = /home/%u


# use simple names rather than student@student.otago.ac.nz
use_fully_qualified_names = False

# create private groups for users
auto_private_groups = True

# only retrieve the "domain user" group (the rest are useless to us)
ldap_use_tokengroups = False
ldap_group_search_base = CN=Users,DC=win,DC=trust,DC=test?sub?(|(cn=domain users))

# don't manage sudo via SSSD
sudo_provider = None

# the following *significantly* speeds up login (we don't need to validate group memberships)
ignore_group_members = True