[nss]
nss_filter_groups = root
nss_entry_negative_timeout = 15
debug_level = 0
nss_filter_users_in_groups = true
nss_filter_users = root
nss_entry_cache_no_wait_timeout = 60
nss_entry_cache_timeout = 600
nss_enum_cache_timeout = 120

[sssd]
services = nss, pam
reconnection_retries = 3
domains = LOCAL, IPA

[domain/PROXY]
id_provider = proxy
auth_provider = proxy
debug_level = 0

[domain/IPA]
id_provider = ldap
auth_provider = krb5
debug_level = 0

[domain/LOCAL]
id_provider = local
auth_provider = local
debug_level = 0

[domain/LDAP]
id_provider = ldap
auth_provider = ldap
debug_level = 0

[pam]
debug_level = 0

[dp]
debug_level = 0

[domain/ad.example.com]
cache_credentials = true

id_provider = ad
auth_provider = ad
access_provider = ad

# Uncomment if service discovery is not working
# ad_server = server.ad.example.com

# Uncomment if you want to use POSIX UIDs and GIDs set on the AD side
# ldap_id_mapping = False

# Comment out if the users have the shell and home dir set on the AD side
default_shell = /bin/bash
fallback_homedir = /home/%d/%u

# Uncomment and adjust if the default principal SHORTNAME$@REALM is not available
# ldap_sasl_authid = host/client.ad.example.com@AD.EXAMPLE.COM

# Comment out if you prefer to user shortnames.
use_fully_qualified_names = True