#
[sssd]
domains = tpad
services = nss,pam
case_sensitive = false
config_file_version = 2
debug_timestamps = true
debug_microseconds = true
#debug_level = 10

[nss]
filter_users = root,ldap
case_sensitive = true
# How long should we cache negative results.  This will directly impact sudo and group lookups
entry_negative_timeout = 600
# Go and re-cache users who are active
entry_cache_nowait_percentage = 50
entry_cache_timeout = 7200
#entry_cache_netgroup_timeout = 10800
refresh_expired_interval = 5400
#debug_level = 10

[pam]
#reconnection_retries = 3
#offline_credentials_expiration = 2
#offline_failed_login_attempts = 3
#offline_failed_login_delay = 5
# v2.0.6 -- changed case_sensitive = true from false
case_sensitive = false
#debug_level = 10


[domain/tpad]
#debug_level = 10
client_idle_timeout = 120
description = GM TPAD Directory (Temporary and Privileged Access Directory)
id_provider = ldap
auth_provider = ldap
domain_type = ldap
reconnection_retries = 3
enumerate = false
server = tpad-dss.pp.gm.com
# v2.0.5 -- changed case_sensitive = true from false
case_sensitive = true
min_id = 99
# AUTOMOUNT_TPAD
ldap_referrals = false
ldap_tls_cacertdir = /usr/lib/ssl/certs
ldap_tls_reqcert = allow
ldap_uri = ldaps://tpad-dss.pp.gm.com:636
ldap_schema = rfc2307
ldap_disable_paging = true
# 2015/04/23 MK Changed search bases to be at a single lower level, as SSSD pre 1.8 cannot accept multiple search descriptors to follow.
ldap_user_search_base = ou=Development,ou=Non-Users,dc=gm,dc=com
ldap_group_search_base = ou=Development,ou=Non-Users,ou=Groups,dc=gm,dc=com
ldap_netgroup_search_base = ou=Development,ou=Non-Users,ou=Groups,dc=gm,dc=com
ldap_default_bind_dn = cn=AppTPAD_099958_2016q1_OEL_m,ou=Non-Users,ou=Applications,dc=gm,dc=com
ldap_default_authtok_type = obfuscated_password
ldap_default_authtok = AABQAApurfZn0pTZBFYiM7OXMhxzBBqzuEtvzIKjxkT220UcWE08jejgy2f5Y4lmAVSJeYhAPxs53FckuKNkr7j86UH4krVE1EoDMcHv+w6VeCok0QizD7NUERWklbpfkNQC5ugFJAzb0Q/aEZ01LqZeVbtIafIHbfT6rMF85n+lLaJQAAECAw==

ldap_user_object_class = posixAccount
ldap_user_name = uid
ldap_user_uid_number = uidNumber
ldap_user_gid_number = gidNumber
ldap_user_home_directory = homeDirectory
ldap_user_shell = loginShell
ldap_user_fullname = cn
ldap_group_gid_number = gidNumber
ldap_force_upper_case_realm = true
ldap_search_base = dc=gm,dc=com
ldap_id_use_start_tls = false
cache_credentials = true
chpass_provider = ldap
ldap_search_timeout = 30
ldap_enumeration_search_timeout = 300
ldap_enumeration_refresh_timeout = 86400
ldap_purge_cache_timeout = 43200
ldap_account_expire_policy = 389ds
ldap_access_order = expire
#
# Added 2015/09/04 
ldap_group_member = memberUid
# requires SSSD 1.9.6
ldap_rfc2307_fallback_to_local_users = true