sssd-ldap 5 File Formats and Conventions sssd-ldap the configuration file for SSSD This manual page describes the configuration of LDAP domains for sssd 8 . For detailed syntax reference, please refer to sssd.conf 5 manual page, section FILE FORMAT There can be more than one LDAP domain configured with SSSD. All the common configuration options for SSSD domains apply for LDAP domains, too. See the sssd.conf 5 manual page, section DOMAIN SECTIONS ldapUri (string) Specifies the URI of the LDAP server to which SSSD should connect. Default: ldap://localhost defaultBindDn (string) The default bind DN to use for performing LDAP operations. defaultAuthtokType (string) The type of the authentication token of the default bind DN. So far "password" is the only supported value. defaultAuthtok (string) The authentication token of the default bind DN. So far only a clear text password is supported. userSearchBase (string) The default base DN to use for performing LDAP operations. userNameAttribute (string) The LDAP attribute that corresponds to user's login name. Default: uid userObjectClass (string) The object class of a user entry in LDAP. Default: posixAccount network_timeout (integer) Specifies the timeout (in seconds) after which the poll 2 / select 2 following a connect 2 returns in case of no activity. Default: 5 opt_timeout (integer) Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs will abort if no response is received. Default: 5 tls_reqcert (string) Specifies what checks to perform on server certificates in a TLS session, if any. It can be specified as one of the following values: never = The client will not request or check any server certificate. allow = The server certificate is requested. If no certificate is provided, the session proceeds normally. If a bad certificate is provided, it will be ignored and the session proceeds normally. try = The server certificate is requested. If no certificate is provided, the session proceeds normally. If a bad certificate is provided, the session is immediately terminated. demand = The server certificate is requested. If no certificate is provided, or a bad certificate is provided, the session is immediately terminated. hard = Same as demand The following example assumes that SSSD is correctly configured and LDAP is set set one of the domains in the [domains] section. [domains/LDAP] auth-module = ldap ldapUri = ldap://ldap.mydomain.org userSearchBase = dc=mydomain,dc=org Description of some of the configuration options in this manual page is based on ldap.conf 5 manual page from the OpenLDAP 2.4 distribution. sssd.conf5 , sssd8