[sssd]
config_file_version = 2
services = nss, pam
domains = {{ kerberos_realm }}

[nss]

[pam]

[domain/{{ kerberos_realm }}]
id_provider = ldap
auth_provider = krb5
chpass_provider = ldap
autofs_provider = none
sudo_provider = none
ldap_uri = ldaps://{{ ldap_server[0] }}
ldap_search_base = {{ ldap_basedn }}
ldap_schema = rfc2307bis
ldap_group_member = uniqueMember
ldap_user_uuid = entryUUID
ldap_group_uuid = entryUUID
ldap_id_use_start_tls = False
ldap_tls_reqcert = demand
ldap_sasl_mech = EXTERNAL
ldap_tls_cacert = {{ tls_bundle }}
ldap_tls_cert = {{ tls_certs }}/{{ inventory_hostname }}.crt
ldap_tls_key = {{ tls_private }}/{{ inventory_hostname }}.key
krb5_realm = {{ kerberos_realm }}