[sssd]
services = nss, pam
config_file_version = 2
domains = default
re_expression = (?P<name>.+)

[domain/default]
cache_credentials = True
id_provider = ldap
auth_provider = ldap
ldap_uri = ldap://$IPA_SERVER_HOSTNAME
ldap_search_base = cn=compat,$BASE_DN
ldap_tls_cacert = /etc/openldap/cacerts/ipa.crt