[sssd]
config_file_version = 2
services = nss, pam
domains = EmpowerID
[nss]
[pam]
[domain/EmpowerID]
# Debug and Enumeration should only be on for testing/troubleshooting
# debug_level = 4
# enumerate = True
case_sensitive = False
auth_provider = ldap
id_provider = ldap
chpass_provider = ldap
# Set access_provder to simple to allow everyone.
# Alternately, use ldap and set ldap_access_filter below
# access_provider = ldap
access_provider = simple
# Set LDAP servers here
ldap_uri = ldaps://serverFQDN:port
# Set the search bases
ldap_search_base = o=empowerid
ldap_user_search_base = cn=people,o=empowerid
# bind credentials
# Run sss_obfuscate to make the password less readable
# ldap_default_bind_dn = cn=proxyuser,ou=Service Accounts,o=empowerid
# ldap_default_authtok = p@$$word
# ldap_default_authtok_type = password
# Set any attribute mappings needed here
ldap_user_object_class = eidPerson
ldap_user_name = uid
ldap_user_uid_number = uidNumber
ldap_user_gid_number = gidNumber
ldap_user_fullname = gecos
ldap_user_home_directory = homeDirectory
ldap_group_object_class = eidGroup
ldap_group_name = cn
# If access_provider = ldap above, set the filter here to allow access
# EXAMPLE: Allow users in server1 allow group
# ldap_access_filter = memberof=cn=server1 allow,ou=server access,o=empowerid
# Only allow Linus Torvalds or Stallman access to this server
# ldap_access_filter = (|(uid=ltorvalds)(uid=rms)) |