sssd_sample.conf

# Please refer to how to enable User Accounts in the Viya Deployment Guide
# Additional documentation for sssd configutation is available at: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/deployment_guide/about-sssd-conf
# Or contact your system administrater
[sssd]
config_file_version = 2
services = nss,pam
sbus_timeout = 30
domains = yourcompany.COM

[domain/yourcompany.COM]
enumerate = false
cache_credentials = true
ignore_group_members = true
id_provider = ldap
auth_provider = ldap
chpass_provider = ldap
ldap_uri = ldap://ldap.fyi.yourcompany.com:3268
ldap_schema = rfc2307bis
ldap_user_object_class = user
ldap_user_home_directory = unixHomeDirectory
ldap_user_principal = sAMAccountName
ldap_user_name = sAMAccountName
ldap_group_object_class = group
ldap_access_order = expire
ldap_account_expire_policy = ad
ldap_force_upper_case_realm = true
ldap_referrals = false
ldap_user_search_base = DC=yourcompany,DC=com?subtree?(memberOf=CN=YourName,OU=Groups,OU=YourUnit,OU=US,OU=Servers,DC=na,DC=yourcompany,DC=com)
ldap_default_bind_dn = CN=[MDR] Anonymous LDAP Query,CN=Users,DC=na,DC=yourcompany,DC=com
ldap_default_authtok_type = password
ldap_default_authtok = YourAuthTok
ldap_id_use_start_tls = true
ldap_tls_reqcert = demand

#ldap_tls_cacert = /etc/sssd/sssd.cert

ldap_use_tokengroups = true

# override the user home directory that is provided by the LDAP password entry
override_homedir=/home/%u

# override the user shell that is provided by the LDAP password entry
override_shell=/bin/bash

[nss]
filter_users = root
filter_groups = root