[sssd]
services = nss, pam, sudo, ssh
domains = ldap

[nss]
#debug_level = 0x3ff0

[pam]

[domain/ldap]
#debug_level = 0x3ff0
id_provider = ldap
auth_provider = ldap
chpass_provider = ldap
sudo_provider = ldap
ldap_schema = rfc2307
ldap_uri = ldap://ldap.home.jthan.io
ldap_search_base = dc=ldap,dc=home,dc=jthan,dc=io
ldap_sudo_search_base = ou=SUDOers,dc=ldap,dc=home,dc=jthan,dc=io
ldap_id_use_start_tls = true
ldap_tls_reqcert = demand
ldap_user_object_class = posixAccount
ldap_group_object_class = posixGroup
ldap_user_uid_number = uidNumber
ldap_user_gid_number = gidNumber
ldap_user_home_directory = homeDirectory
ldap_user_shell = loginShell
ldap_user_ssh_public_key = sshPublicKey

cache_credentials = true
enumerate = false

# Access control (optional)
# ldap_access_filter = (memberOf=cn=linux-users,ou=groups,dc=example,dc=com)

[sudo]
#debug_level = 0x3ff0

[ssh]
#debug_level = 0x3ff0