[sssd]
config_file_version = 2
services = nss, pam, sudo
domains = csclub.uwaterloo.ca

[domain/csclub.uwaterloo.ca]
cache_credentials = true
enumerate = true

id_provider = ldap
auth_provider = krb5
sudo_provider = ldap
entry_cache_timeout = 600

ldap_uri = ldaps://ldap1.csclub.uwaterloo.ca,ldaps://ldap2.csclub.uwaterloo.ca
ldap_tls_cacert = /etc/ssl/certs/GlobalSign_Intermediate_Root_SHA256_G2.pem
ldap_tls_reqcert = demand
ldap_search_base = dc=csclub,dc=uwaterloo,dc=ca
ldap_schema = rfc2307bis
ldap_group_member = uniqueMember

ldap_user_search_base = ou=People,dc=csclub,dc=uwaterloo,dc=ca
ldap_group_search_base = ou=Group,dc=csclub,dc=uwaterloo,dc=ca
ldap_sudo_search_base = ou=SUDOers,dc=csclub,dc=uwaterloo,dc=ca

krb5_realm = CSCLUB.UWATERLOO.CA
krb5_server = kdc1.csclub.uwaterloo.ca,kdc2.csclub.uwaterloo.ca
krb5_kpasswd = kadmin.csclub.uwaterloo.ca