ansible-playbooks/roles/auth/files/sssd.conf

[sssd]
config_file_version = 2
services = nss, pam, sudo
domains = csclub.uwaterloo.ca

[domain/csclub.uwaterloo.ca]
cache_credentials = true
enumerate = true

id_provider = ldap
auth_provider = krb5
sudo_provider = ldap
entry_cache_timeout = 600

ldap_uri = ldaps://ldap1.csclub.uwaterloo.ca,ldaps://ldap2.csclub.uwaterloo.ca
ldap_tls_cacert = /etc/ssl/certs/GlobalSign_Intermediate_Root_SHA256_G2.pem
ldap_tls_reqcert = demand
ldap_search_base = dc=csclub,dc=uwaterloo,dc=ca
ldap_schema = rfc2307bis
ldap_group_member = uniqueMember

ldap_user_search_base = ou=People,dc=csclub,dc=uwaterloo,dc=ca
ldap_group_search_base = ou=Group,dc=csclub,dc=uwaterloo,dc=ca
ldap_sudo_search_base = ou=SUDOers,dc=csclub,dc=uwaterloo,dc=ca

krb5_realm = CSCLUB.UWATERLOO.CA
krb5_server = kdc1.csclub.uwaterloo.ca,kdc2.csclub.uwaterloo.ca
krb5_kpasswd = kadmin.csclub.uwaterloo.ca
created roles for office terminal install, tested up to auth 2016-06-02 00:47:31 -04:00			`[sssd]`
			`config_file_version = 2`
			`services = nss, pam, sudo`
			`domains = csclub.uwaterloo.ca`

			`[domain/csclub.uwaterloo.ca]`
			`cache_credentials = true`
			`enumerate = true`

			`id_provider = ldap`
			`auth_provider = krb5`
			`sudo_provider = ldap`
			`entry_cache_timeout = 600`

			`ldap_uri = ldaps://ldap1.csclub.uwaterloo.ca,ldaps://ldap2.csclub.uwaterloo.ca`
			`ldap_tls_cacert = /etc/ssl/certs/GlobalSign_Intermediate_Root_SHA256_G2.pem`
			`ldap_tls_reqcert = demand`
			`ldap_search_base = dc=csclub,dc=uwaterloo,dc=ca`
			`ldap_schema = rfc2307bis`
			`ldap_group_member = uniqueMember`

			`ldap_user_search_base = ou=People,dc=csclub,dc=uwaterloo,dc=ca`
			`ldap_group_search_base = ou=Group,dc=csclub,dc=uwaterloo,dc=ca`
			`ldap_sudo_search_base = ou=SUDOers,dc=csclub,dc=uwaterloo,dc=ca`

			`krb5_realm = CSCLUB.UWATERLOO.CA`
			`krb5_server = kdc1.csclub.uwaterloo.ca,kdc2.csclub.uwaterloo.ca`
			`krb5_kpasswd = kadmin.csclub.uwaterloo.ca`